[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: IRC zombie controllers

To: or-talk@xxxxxxxxxxxxx
Subject: Re: IRC zombie controllers
From: Arrakis Tor <arrakistor@xxxxxxxxx>
Date: Tue, 30 Aug 2005 01:05:43 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Tue, 30 Aug 2005 02:06:28 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=U4+kGyF2Q3EnP1uQNvMFddwJHXFfs0KZqtqlQS4wnGXYhEEOpYrKXkhLfoXHzpDuZG99R+t/8w2tpXHzKwj34z/L9S/pqElVgmt58oSCapLF2+oN2oSMyFuHVoJh43hf3YSsaxi6v4JzF2E2m3n5PgxUiBHkOOqQkzNjFoypb0U=
In-reply-to: <20050830055117.GY21220@eff.org>
References: <20050828181838.GL30236@northernsecurity.net> <43126D67.6030502@algae-world.com> <7d9163f3050828191515f6e4a2@mail.gmail.com> <p05210601bf38d137526f@localhost.> <20050829163419.GC21220@eff.org> <p05210600bf3952d8dab6@localhost.> <1125363750.5601.30.camel@sulaco> <111927076.20050830051101@gmxpro.de> <1125377376.5601.61.camel@sulaco> <20050830055117.GY21220@eff.org>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

If IRC is used for botnet control, and Tor is used for IRC, then it
follows that people can easily be using Tor for botnet control.

Whether they are or not, we do not know, but even this is irrelevant
as we cannot and would not want to analyze all data.

The question, I think, comes down to if you want to restrict IRC based
on a possible threat. Will you wait till someone does something wrong
and the ISP shuts down your server? Is it likely to happen? And when
it does happen, at that point will you change your policy to get back
online, or will your ISP roll over for Tor, or will you have to get a
new ISP? Do you have warm or cold feelings about IRC? Will restricting
IRC ports actually stop most negative IRC traffic?

Unless you like IRC, or see closing the ports as pointless, or would
be willing to change your ISP, or the ISP will let abusive Tor servers
operate, you should change your setting to restrict such access by
default.

On 8/30/05, Chris Palmer <chris@xxxxxxx> wrote:
> Exile In Paradise writes:
> 
> > In any case, all of that would satisfy the original requests for
> > examples of IRC being used to control zombie hordes, and like
> > behavior.
> 
> Actually, I wanted examples of Tor being used to anonymize IRC control
> of botnets. I already knew that IRC was used to control botnets.
> 
> 
> --
> http://www.eff.org/about/staff/#chris_palmer
> 
> 
> 
>

Follow-Ups:
- Re: IRC zombie controllers
  - From: carmee

References:
- Re: reconsidering default exit policy
  - From: Thomas Sjögren
- Re: reconsidering default exit policy
  - From: tor
- Re: reconsidering default exit policy
  - From: Arrakis Tor
- Re: reconsidering default exit policy
  - From: Richard Johnson
- Re: reconsidering default exit policy
  - From: Chris Palmer
- Re: reconsidering default exit policy
  - From: Richard Johnson
- IRC zombie controllers
  - From: Exile In Paradise
- Re: IRC zombie controllers
  - From: Carsten Krüger
- Re: IRC zombie controllers
  - From: Exile In Paradise
- Re: IRC zombie controllers
  - From: Chris Palmer

Prev by Author: Injecting client data through your own server
Next by Author: Re: Injecting client data through your own server
Previous by thread: Re: IRC zombie controllers
Next by thread: Re: IRC zombie controllers
Index(es):
- Author
- Thread