[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] eggdrop and monitoring
- Subject: Re: [cobalt-security] eggdrop and monitoring
- From: "Dave~" <cobaltraq4@xxxxxxx>
- Date: Wed, 16 Apr 2003 19:20:25 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
----- Original Message -----
From: Michael Stauber
Subject: Re: [cobalt-security] eggdrop and monitoring
> b) Setup an IPtables or IPchains rule which prevents incomming and
> outgoing connections to port 6667. Set it up to log events and monitor your
> kernel logfile for trafic to those ports. The smarter guys might use
different
> ports, but in the end IRC usually runs on 6667. If you block incomming and
> outgoing connections to and from port 6667 then you ought to catch most
> offenders.
While true 6667 is the usuall default port, it is quickly becoming more common
to run on ports 6660 through 7002 and many IRC'ers realize this- especially
since the start of DalNet's problems. Just my 1.5 cents worth...
Dave~