On Tue, 3 Feb 2004, Gadi Evron wrote:
> > I've yet to see a business need for BotNet clients to run successfully ;)
>
> Perhaps application filtering for the Drone control protocol?
Much better done in a controlled lab environment than on a production
network. The bot connecting to a captive server isn't what I'd consider
"successful."
> Drone armies, although massive are nothing special.
>
> They are usually built of the same 2-4 Trojan horses that are big at
> that time.
Yep, but the point I'm making is that we have widespread infections inside
companies "protected" by firewalls- while the firewalls are perfectly
capable of supporting sane security policies that would block the 98th
percentile of these things.
> Filtering the traffic for their control protocol, on whatever port, or
> their repetetive echo commands/ special connections to IRC servers under
> certain IRC names or nickname/ident/name pattern-combinations is pretty
> easy to do when you come to think about it.
Exactly my point.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts_at_patriot.net which may have no basis whatsoever in fact."
probertson_at_trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 03 2004
Intro
