module like defizzer

These are old archives. They are kept for historic purposes only.
SLipKnOt
Posts: 42
Joined: Sat Apr 10, 2004 6:43 pm
Location: Bangladesh , dhaka
Contact:

module like defizzer

Post by SLipKnOt »

i was wondering if there is another module like defizzer that identify bots(botnets) and kline it..
codemastr
Former UnrealIRCd head coder
Posts: 811
Joined: Sat Mar 06, 2004 8:47 pm
Location: United States
Contact:

Post by codemastr »

Every botnet is different. There is no way to detect them all, and some are completely undetectable.
-- codemastr
aquanight
Official supporter
Posts: 862
Joined: Tue Mar 09, 2004 10:47 pm
Location: Boise, ID

Post by aquanight »

codemastr wrote:and some are completely undetectable.
Well, maybe completely undetectable by a mere automated process such as an IRCd, but us humans are naturally much more capable of investigating such a "client"'s activities and taking the necessary action ;) .
SLipKnOt
Posts: 42
Joined: Sat Apr 10, 2004 6:43 pm
Location: Bangladesh , dhaka
Contact:

Post by SLipKnOt »

codemastr wrote:Every botnet is different. There is no way to detect them all, and some are completely undetectable.
ok then how about when name!identd@* and fullname are same .. and mirc version not respond at in this moment it will identify them. i find some botnet use this style similer nick identd fullname in this way atleast we can stop few bots
SLipKnOt
Posts: 42
Joined: Sat Apr 10, 2004 6:43 pm
Location: Bangladesh , dhaka
Contact:

Post by SLipKnOt »

aquanight wrote: Well, maybe completely undetectable by a mere automated process such as an IRCd, but us humans are naturally much more capable of investigating such a "client"'s activities and taking the necessary action ;) .
Well auanight how long u can be active and investigate.. not all time i guess.. and this bots can mess up all within few minutes if u dont run any automated process :)
w00t
Posts: 1136
Joined: Thu Mar 25, 2004 3:31 am
Location: Nowra, Australia

Post by w00t »

http://ircdefender.org/

May be able to help, maybe not. Can do regex banning and stuff... give it a whirl.
-ChatSpike IRC Network [http://www.chatspike.net]
-Denora Stats [http://denora.nomadirc.net]
-Omerta [http://www.barafranca.com]
SLipKnOt
Posts: 42
Joined: Sat Apr 10, 2004 6:43 pm
Location: Bangladesh , dhaka
Contact:

Post by SLipKnOt »

w00t wrote:http://ircdefender.org/

May be able to help, maybe not. Can do regex banning and stuff... give it a whirl.
thanks bubby
./SLipKnOt --help
Winbots
Posts: 65
Joined: Wed Apr 21, 2004 12:26 am
Location: irc://irc.winbots.org/Winbots
Contact:

Post by Winbots »

ehh... http://www.neostats.net secureserv already detects many many botnets/spam/viruses :)
SLipKnOt
Posts: 42
Joined: Sat Apr 10, 2004 6:43 pm
Location: Bangladesh , dhaka
Contact:

Post by SLipKnOt »

Winbots wrote:ehh... http://www.neostats.net secureserv already detects many many botnets/spam/viruses :)
Well i tried so but secureserv only help on for some virus (litmus, trojan) kinda not botnet :)
./SLipKnOt --help
SLipKnOt
Posts: 42
Joined: Sat Apr 10, 2004 6:43 pm
Location: Bangladesh , dhaka
Contact:

Post by SLipKnOt »

Actually i need something like that if any client wont reply version then it will mark it and kill or kline cuz most of the botnet dont reply version :$
./SLipKnOt --help
codemastr
Former UnrealIRCd head coder
Posts: 811
Joined: Sat Mar 06, 2004 8:47 pm
Location: United States
Contact:

Post by codemastr »

SLipKnOt wrote:Actually i need something like that if any client wont reply version then it will mark it and kill or kline cuz most of the botnet dont reply version :$
Well you could certainly make such a module, but keep in mind it will kill innocent users too. I have my client set to not respond to version replies. Just because I want privacy means I can't use your server?
-- codemastr
w00t
Posts: 1136
Joined: Thu Mar 25, 2004 3:31 am
Location: Nowra, Australia

Post by w00t »

They must have other characteristics in common... presumably nickname or something?
-ChatSpike IRC Network [http://www.chatspike.net]
-Denora Stats [http://denora.nomadirc.net]
-Omerta [http://www.barafranca.com]
SLipKnOt
Posts: 42
Joined: Sat Apr 10, 2004 6:43 pm
Location: Bangladesh , dhaka
Contact:

Post by SLipKnOt »

codemastr wrote:
SLipKnOt wrote:Actually i need something like that if any client wont reply version then it will mark it and kill or kline cuz most of the botnet dont reply version :$
Well you could certainly make such a module, but keep in mind it will kill innocent users too. I have my client set to not respond to version replies. Just because I want privacy means I can't use your server?
oh i dont mean that .. actually in my network its asian net work most of the user (99%) users use mIRC Jirc Few ppl usre xchat and all of them i find they respond except those bots :$ so .. in this kind a network that kind a module will help a lot..
./SLipKnOt --help
SLipKnOt
Posts: 42
Joined: Sat Apr 10, 2004 6:43 pm
Location: Bangladesh , dhaka
Contact:

Post by SLipKnOt »

w00t wrote:They must have other characteristics in common... presumably nickname or something?
yeah i find they use they fullname common but they use "*" as their full name.. for this i cant ban them :( from ircd
./SLipKnOt --help
w00t
Posts: 1136
Joined: Thu Mar 25, 2004 3:31 am
Location: Nowra, Australia

Post by w00t »

Banning based on ctcp replies is a really bad idea... go talk to the defender people, they should probably be able to investigate into it and give you a hand.

I'd offer myself, but I'm busy with other projects at the moment. Still, drop me a line and I'll try get round to it.
-ChatSpike IRC Network [http://www.chatspike.net]
-Denora Stats [http://denora.nomadirc.net]
-Omerta [http://www.barafranca.com]
Post Reply