[unisog] DDoS IRC bots

John Ives jives at cchem.berkeley.edu
Tue Jan 21 23:23:16 GMT 2003


This post does raise an interesting question about the sharing of 
exploits.  While I have absolutely no reason to question anything in Bill 
McCarty's post, and in fact I believe this is probably a legitimate post, I 
don't believe it is generally prudent to send copies of exploits to anyone 
who asks.  It is true that most exploits can be found on the web with 
enough searching, but as a matter of personal responsibility I don't 
believe in sending them to people whom I don't personally know to be a 
white hat.

Having said all that, and because I believe in sharing the information if 
not the exploit itself,  I can tell you that one version of an irc bot I 
have seen is darkirc.  More information about darkirc can be found at:




At 08:15 PM 1/20/2003 -0800, you wrote:
>Hi all,
>I'm a security researcher affliliated with the Honeynet Research
>Alliance (www.honeynet.org) and have recently developed an interest in
>IRC bots involved in DDoS attacks. To learn more about them, I'm
>interested in dissecting one or more specimens.
>Can anyone provide me with a specimen or point me to an Internet site
>that might provide one? So far, my cursory googling has not led to any
>firm leads.
>Bill McCarty, Ph.D.
>Associate Professor of Web & Information Technology
>School of Business and Management
>Azusa Pacific University

John Ives, GCWN
Systems Administrator
College of Chemistry
(510) 643-1033

"If you spend more on coffee than on IT security,  Then you will be hacked. 
What's more,  you deserve to be hacked."   - Richard Clarke special adviser 
to the president on cybersecurity

Any opinions expressed are my own and not those of the Regents of the 
University of California. 

More information about the unisog mailing list