Re: [fw-wiz] Botnets, IRC servers and firewalls?
From: Gadi Evron (ge_at_egotistical.reprehensible.net)
To: Paul Robertson <email@example.com> Date: Tue, 03 Feb 2004 13:20:20 +0200
> I've yet to see a business need for BotNet clients to run successfully ;)
Perhaps application filtering for the Drone control protocol?
Drone armies, although massive are nothing special.
They are usually built of the same 2-4 Trojan horses that are big at
Filtering the traffic for their control protocol, on whatever port, or
their repetetive echo commands/ special connections to IRC servers under
certain IRC names or nickname/ident/name pattern-combinations is pretty
easy to do when you come to think about it.
firewall-wizards mailing list