[nsp-sec] How to get a global K-line?
John Fraizer
john at op-sec.us
Mon Mar 24 16:04:51 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Team,
Let me start by saying that I don't believe that *all* IRC is evil. :) The NSP-SEC ircd is good. :) With that said, I can trace nearly 100% (7 9's) of our inbound DDoS
activity to IRC flows just prior to the launch of the attacks. Since it is not politically correct for me (lets pretend that I'm the network operator as a whole here) to
filter all TCP 6665-6669, 7000 traffic, null-route or otherwise influence transit to the plethora of IRC servers (legit and otherwise) on the net, I'll ask you this...
How would I go about nicely asking the *responsible* IRC operators to globally K-line our address space? Even just K-lines on the *legit* IRC nets would have a significant
impact for me lately and I don't have to take the heat of having null'd a host. :)
Any ideas?
Thanks,
John
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org
iD8DBQFH6Alj+16lRpJszIgRAgj6AJ4m6C1+Kxd77B+gAXCQEiyDVZ5oCgCfQ7XQ
xF6Dm5Huu0yasLECX62W0Zs=
=7JLF
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list