Re: [fw-wiz] Botnets, IRC servers and firewalls?
From: Gadi Evron (ge_at_egotistical.reprehensible.net)
Date: 02/03/04
- Previous message: Dave: "Re: [fw-wiz] Multiple world connections into PIX"
- In reply to: Paul Robertson: "Re: [fw-wiz] Botnets, IRC servers and firewalls?"
- Next in thread: Paul Robertson: "Re: [fw-wiz] Botnets, IRC servers and firewalls?"
- Reply: Paul Robertson: "Re: [fw-wiz] Botnets, IRC servers and firewalls?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Paul Robertson <proberts@patriot.net> Date: Tue, 03 Feb 2004 13:20:20 +0200
> I've yet to see a business need for BotNet clients to run successfully ;)
Perhaps application filtering for the Drone control protocol?
Drone armies, although massive are nothing special.
They are usually built of the same 2-4 Trojan horses that are big at
that time.
Filtering the traffic for their control protocol, on whatever port, or
their repetetive echo commands/ special connections to IRC servers under
certain IRC names or nickname/ident/name pattern-combinations is pretty
easy to do when you come to think about it.
Gadi Evron.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Dave: "Re: [fw-wiz] Multiple world connections into PIX"
- In reply to: Paul Robertson: "Re: [fw-wiz] Botnets, IRC servers and firewalls?"
- Next in thread: Paul Robertson: "Re: [fw-wiz] Botnets, IRC servers and firewalls?"
- Reply: Paul Robertson: "Re: [fw-wiz] Botnets, IRC servers and firewalls?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
