[kwlug-disc] Mysterious filtered ports on a server
CrankyOldBugger
crankyoldbugger at gmail.com
Wed Oct 26 14:53:55 EDT 2016
I was not aware that IRC could carry the seeds of destruction... But then
again, I'm not a heavy IRC user. I'm surprised that you can run scripts in
IRC. I thought it was bare bones text only, but I'll take your word for it.
On Wed, 26 Oct 2016 at 14:42 Paul Nijjar via kwlug-disc <
kwlug-disc at kwlug.org> wrote:
>
> Script kiddies install IRC on compromised machines, and then use it to
> check into command and control servers. Rogers has (had?) deep packet
> inspection that would sniff out this traffic.
>
> We got caught by this, and then Rogers shut us down. Fair enough,
> except that Rogers refused to give us any information (including the
> remote IP!) about the problematic connection. When we begged for some
> information to help us troubleshoot, they told us that they were not
> responsible for managing our network. So we just shut down IRC
> traffic. That does not solve the problem of our networks being
> infected (which we have tried to address in other ways) but at least
> it gets Rogers off our backs.
>
> Of course, this was the bad old days. Supposedly Rogers is much more
> accomodating now, and people never ever end up in tears after making
> service calls to the company. I know this because they spam our
> business account telling us how much they have improved.
>
> - Paul
>
>
> On Wed, Oct 26, 2016 at 06:16:02PM +0000, CrankyOldBugger wrote:
> > Why would Rogers shut you down for IRC? They have something against
> people
> > chatting with each other?
> >
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20161026/20e58ea5/attachment.htm>
More information about the kwlug-disc
mailing list