IRC bots...
Bill Nash
billn at billn.net
Sun Mar 13 01:09:17 UTC 2005
On Sat, 12 Mar 2005, Hannigan, Martin wrote:
> [ SNIP ]
>
> Who's got time for all that? Chase the controller, shut down
> the user until they buy some AV software. We've gone beyond
> "I didn't know" for endusers in most regions.
Enterprise IT staff running from whip-cracking security staff, that's who
has time for it.
Unless, however, you have no security requirements surrounding your
accounting records, network inventory, provisioning tools, and credit card
processing services.
Other reasons:
.. if you're providing a premium service to business grade
customers who can sum up their connectivity requirements as '80, 443, 25, 53,
period.'
..if you're running honeynets.
..if you're providing structured services with explicit controls on what
goes on (ala AOL, some .edu networks, etc.)
..you've been singled out by your peers because a significant portion of
large DDoS attacks are originating from your network.
..you've been singled out by accounting because of the traffic costs
involved with sourcing DDoS attacks.
As popular as instant messenger, and increasingly, voip toys, have become,
actual IRC usages represents a diminishing percentage of inter-user
chatter. Even something as simple as carving irc usage out of your netflow
records and tagging specific endpoints as potential sources is a piece of
automation that will save you some time down the road. A decent network
inventory would facilitate this.
- billn
More information about the NANOG
mailing list