On Mon, 23 Jul 2007, Joe Greco wrote:
I can't help but notice you totally avoided responding to what I wrote; I would have to take this to mean that you know that it is fundamentally unreasonable to expect users to set up their own recursers to work around ISP recurser brokenness (which is essentially what this is).
Its more resonable to expect users to know how to remove bots and fix their compromised computers?
No amount of IRC redirection is going to remove bots and fix their compromised computers.
... JG
I disagree. A lot of the compromised computers are still using the old versions of like Phatbot, agobot, rxbot, all of which have the remove commands. Placing the .remove in the subject line will effectively remove the bots as they join the channels. The .remove will effectively completely remove the bot from their computer, not everything else, but alteast that bot instance is done. Its one way a lot of IRC networks get rid of the botnets started on their networks, simply glineing them causes them to keep trying to reconnect. Granted it won't stop the more experienced script kiddies, but it will certainly stop the ones who use the preconfigured scripts because they don't know what the soruce code means. As many have said this is more about numbers. The number of infected computers within their network used to DDoS and Spam compared to the number of legitimate IRC users. Unfortunately the number of zombies outweighs the good.
Disagree all you want, but once a box is compromised, it is compromised. You can never really know what's happened on the box, and removing the obvious sign that the box is compromised is curing the symptom, not the ill. That's not actually a fix, though I fully expect that someone here will argue otherwise. If this is so effective, wouldn't it have been a better idea to work with the folks at irc.vel.net to do this on their end? Global benefit and all, AND it would not be stealing someone else's domain name in order to do this. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.