North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: IRC bots...
- From: Bill Nash
- Date: Sat Mar 12 20:08:06 2005
On Sat, 12 Mar 2005, Hannigan, Martin wrote:
Enterprise IT staff running from whip-cracking security staff, that's who
has time for it.
[ SNIP ]
Who's got time for all that? Chase the controller, shut down
the user until they buy some AV software. We've gone beyond
"I didn't know" for endusers in most regions.
Unless, however, you have no security requirements surrounding your
accounting records, network inventory, provisioning tools, and credit card
.. if you're providing a premium service to business grade
customers who can sum up their connectivity requirements as '80, 443, 25, 53,
..if you're running honeynets.
..if you're providing structured services with explicit controls on what
goes on (ala AOL, some .edu networks, etc.)
..you've been singled out by your peers because a significant portion of
large DDoS attacks are originating from your network.
..you've been singled out by accounting because of the traffic costs
involved with sourcing DDoS attacks.
As popular as instant messenger, and increasingly, voip toys, have become,
actual IRC usages represents a diminishing percentage of inter-user
chatter. Even something as simple as carving irc usage out of your netflow
records and tagging specific endpoints as potential sources is a piece of
automation that will save you some time down the road. A decent network
inventory would facilitate this.