There are more and more machines on campus infected by “IRC bots” every day. In an effort to stop them we began blocking all IRC traffic on the default IRC port of 6667 back in January. That has worked quite well, however the bots are getting smarter and using many other ports. In an effort to combat this, we have told our packeteer to block all traffic it can classify as IRC or IRC related. While I doubt this will cut down on infections, I hope that it will reduce the ammount of dammage a compromised machine can cause and hopefully keep the computer from calling home for more instructions.
IRC Bots
—
by
Leave a Reply