[nsp-sec] How to get a global K-line?
Rob Thomas
robt at cymru.com
Mon Mar 24 17:10:52 EDT 2008
Hi, John.
I'm not convinced that you want to do this, let alone maintain it, but
if you do...
You could join the irc-security list and chat up the various security
contacts there. Just about every major IRC network is represented
there. That said, lots of the smaller or more niche IRC networks are
not represented there. I'm not certain you'd find a lot of folks
willing to add blocks for your address space, as these blocks can be
heavy depending on the ircd, etc.
<http://lists.irc-unity.org/mailman/listinfo/irc-security>
John Fraizer wrote:
> ----------- nsp-security Confidential --------
>
>
> Hi Team,
>
> Let me start by saying that I don't believe that *all* IRC is evil. :) The NSP-SEC ircd is good. :) With that said, I can trace nearly 100% (7 9's) of our inbound DDoS
> activity to IRC flows just prior to the launch of the attacks. Since it is not politically correct for me (lets pretend that I'm the network operator as a whole here) to
> filter all TCP 6665-6669, 7000 traffic, null-route or otherwise influence transit to the plethora of IRC servers (legit and otherwise) on the net, I'll ask you this...
>
> How would I go about nicely asking the *responsible* IRC operators to globally K-line our address space? Even just K-lines on the *legit* IRC nets would have a significant
> impact for me lately and I don't have to take the heat of having null'd a host. :)
>
> Any ideas?
>
> Thanks,
>
> John
Thanks,
Rob.
--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
ASSERT(coffee != empty);
More information about the nsp-security
mailing list