On Mon, 23 Jul 2007, Joe Greco wrote:
Although this seems to be the first bit mistake in over two years, does that make the practice unacceptable as another tool to respond to Bots?
The practice of blocking public EFnet servers?
As I've said multiple times, sometimes mistakes happen and the wrong things end up on a list. I doubt that was the intent.
Many people have suggested blocking C&C servers used by bots over the years.
There's a difference between blocking actual C&C servers and blocking general IRC servers that are incidentally being used as C&C servers.
Yes, when there are better solutions to the problem at hand.
Please enlighten me.
Intercept and inspect IRC packets. If they join a botnet channel, turn on a flag in the user's account. Place them in a garden (no IRC, no nothing, except McAfee or your favorite AV/patch set). Wow, I didn't even have to strain myself. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.