Educause Security Discussion mailing list archives

Re: IRC policies

From: "Hull, Dave" <dphull () KU EDU>
Date: Wed, 6 Jun 2007 09:45:10 -0500

In my past life working in a security office, the Snort signatures that
monitor nick changes to a great job of tipping off machines that are
bots. Normal users don't request nick changes as rapidly as bots. If
you're wanting to monitor IRC or clamp down on it, pay particular
attention and tune well your Snort or other IDS/IPS rules that watch for
nick changes.

YMMV.

-- 
Dave Hull, CISSP, CHFI
IT Director
KU School of Architecture & Urban Planning
785-864-2629 

"The free world says that software is the embodiment of knowledge about
technology, which needs to be free in the same way that mathematics is
free." 
-- Eben Moglen, Software Freedom Law Center

Current thread:

IRC policies Knowles, Richard N. CISSP PMP (Jun 06)
- <Possible follow-ups>
- IRC policies Knowles, Richard N. CISSP PMP (Jun 06)
- Re: IRC policies John Piercy (Jun 06)
- Re: IRC policies John Piercy (Jun 06)
- Re: IRC policies Elliot Kendall (Jun 06)
- Re: IRC policies Anthony Maszeroski (Jun 06)
- Re: IRC policies Everett, Alex (Jun 06)
- Re: IRC policies Hull, Dave (Jun 06)
- Re: IRC policies Hull, Dave (Jun 06)
- Re: IRC policies Everett, Alex (Jun 06)
- Re: IRC policies Gary Dobbins (Jun 06)
- Re: IRC policies H. Morrow Long (Jun 06)
- Re: IRC policies David Shettler (Jun 06)
- Re: IRC policies Gary Flynn (Jun 06)
- Re: IRC policies Cal Frye (Jun 06)