[unisog] DDoS IRC bots

Kaiser, Russell Kaiser at mail.psc.sc.edu
Tue Jan 21 17:11:48 GMT 2003


This webpage http://www.russonline.net/tonikgin/EduHacking.html
called "XDCC - An .EDU Admin's Nightmare" has a lot of good information
also.  It details how a lot of the attacks that hit the .edu's
occurred, gives info about the bots on the channels, etc..
Definitely worth a read.

Also firedaemon can be found at its website for comparison
at http://www.firedaemon.com.

That page also details iroffer which is a DCC bot used
to offer files on IRC.  It is pretty common.  It is found
at http://www.iroffer.org.

Hope this is useful.  Just part of the fun of being
in the biz!

Russell Kaiser
COSM System Staff
College of Science and Mathematics
University of South Carolina
Phone: (803)777-5838 FAX: (803)777-2136
Email:  kaiser at sc.edu 


-----Original Message-----
From: Anderson Johnston [mailto:andy at umbc.edu] 
Sent: Tuesday, January 21, 2003 11:42 AM
To: Bill McCarty
Cc: unisog at sans.org
Subject: Re: [unisog] DDoS IRC bots



Our campus gets IRC 'bots in waves.  Are you interested in the firedaemon
set?  I may have some archived, and I can certainly collect some for you on
the next few calls.

						- Andy Johnston

On Mon, 20 Jan 2003, Bill McCarty wrote:

> Hi all,
>
> I'm a security researcher affliliated with the Honeynet Research 
> Alliance (www.honeynet.org) and have recently developed an interest in 
> IRC bots involved in DDoS attacks. To learn more about them, I'm 
> interested in dissecting one or more specimens.
>
> Can anyone provide me with a specimen or point me to an Internet site 
> that might provide one? So far, my cursory googling has not led to any 
> firm leads.
>
> Thanks!
>
> ---------------------------------------------------
> Bill McCarty, Ph.D.
> Associate Professor of Web & Information Technology
> School of Business and Management
> Azusa Pacific University
>

----------------------------------------------------------------------------
--
** Andy Johnston (andy at umbc.edu)          *            pager: 410-678-8949
**
** Manager of IT Security                 * PGP key:(afj2002) 4096/8448B056
**
** Office of Information Technology, UMBC *   4A B4 96 64 D9 B6 EF E3 21 9A
**
** 410-455-2583 (v)/410-455-1065 (f)      *   46 1A 37 11 F5 6C 84 48 B0 56
**
----------------------------------------------------------------------------
--


More information about the unisog mailing list