[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: IRC zombie controllers

If IRC is used for botnet control, and Tor is used for IRC, then it
follows that people can easily be using Tor for botnet control.

Whether they are or not, we do not know, but even this is irrelevant
as we cannot and would not want to analyze all data.

The question, I think, comes down to if you want to restrict IRC based
on a possible threat. Will you wait till someone does something wrong
and the ISP shuts down your server? Is it likely to happen? And when
it does happen, at that point will you change your policy to get back
online, or will your ISP roll over for Tor, or will you have to get a
new ISP? Do you have warm or cold feelings about IRC? Will restricting
IRC ports actually stop most negative IRC traffic?

Unless you like IRC, or see closing the ports as pointless, or would
be willing to change your ISP, or the ISP will let abusive Tor servers
operate, you should change your setting to restrict such access by

On 8/30/05, Chris Palmer <chris@xxxxxxx> wrote:
> Exile In Paradise writes:
> > In any case, all of that would satisfy the original requests for
> > examples of IRC being used to control zombie hordes, and like
> > behavior.
> Actually, I wanted examples of Tor being used to anonymize IRC control
> of botnets. I already knew that IRC was used to control botnets.
> --
> http://www.eff.org/about/staff/#chris_palmer