Re: [fw-wiz] Botnets, IRC servers and firewalls?

From: Gadi Evron (ge_at_egotistical.reprehensible.net)
Date: 02/03/04

  • Next message: LazlÚ Carreidas: "[fw-wiz] Generic Rules Digest Software"
    To: Paul Robertson <proberts@patriot.net>
    Date: Tue, 03 Feb 2004 13:20:20 +0200
    
    

    > I've yet to see a business need for BotNet clients to run successfully ;)

    Perhaps application filtering for the Drone control protocol?

    Drone armies, although massive are nothing special.

    They are usually built of the same 2-4 Trojan horses that are big at
    that time.

    Filtering the traffic for their control protocol, on whatever port, or
    their repetetive echo commands/ special connections to IRC servers under
    certain IRC names or nickname/ident/name pattern-combinations is pretty
    easy to do when you come to think about it.

            Gadi Evron.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: LazlÚ Carreidas: "[fw-wiz] Generic Rules Digest Software"