Well to start out, you'd want to block outbound TCP ports 6660-7000, there are however, some IRC servers that accept connections on weird ports to bypass firewalls. -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of hbeaumont hbeaumont Sent: Tuesday, August 02, 2005 11:41 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: blocking irc + botnets Can anyone help me with the proper method to block outgoing requests to botnets + irc? Or point me in the direction of searchable list archives (I could only find the non-searchable archives) or other FAQ that answers this? Problem: We have servers that could get infected via poorly wrote user scripts. I want to prevent these servers from being used as part of botnets or general connections to IRC (most scripts I run across seem to try to connect to IRC). I want to take the best preventative measures I can in case one of the machines would become infected or otherwise compromised. Also, interested in any other popular method of stopping general outgoing DOS attacks (rate limiting UDP perhaps? I'm not real up on the techniques used by the DOS'ers). I'm interested in the recommended rules to add to prevent this type of thing should it occur. Thanks.
