[Snort-users] Getting 'portscanned' by IRC servers.
Erich.Meier at ...99...
Tue Sep 26 13:20:00 EDT 2000
On Mon, Sep 25, 2000 at 04:14:31PM -0700, Daniel Swan wrote:
> Interesting replies from all regarding the IRC servers... I'm sure that's put more than myself at unease. (I can't be the only IRC-ignorant person in the world!)
> So what's the best way to ignore these? Am I putting myself at significant risk by ignoring alerts from IRC servers?
> How should I go about ignoring them?
Well, the number of IRCservers your mate is connecting to should be pretty
limited. So you could add a
# IRCd tries to backconnect to 1080 to check for open WinGates
pass tcp <IRCSERVERIP>/32 any -> $INTERNAL 1080 (flags: S;)
line for everyone of them.
As IRCservers are constantly under attack, you shouldn't run an "ignore all"
More information about the Snort-users