AT&T sends botnet warning for 92.243.23.21

[BlueWall]

My ISP (AT&T) sends warnings from time to time about connections from my IP to a botnet. These seem to all be related to operating the Bitcoin client. This latest warning includes the target IP which is  92.243.23.21. I understand that the connection to that host is used to boot up the bitcoin client. Is it safe for me to block that IP in my firewall? And, has anyone else seen similar warnings from their ISP about this, or other IP used with the Bitcoin client?

Thanks!
BlueWall

[error]

You can tell AT&T to piss off. You can also use the -noirc command line option for the client, but telling AT&T to piss off is more effective.

[Raoul Duke]

I agree with the above poster.

Also tell them that it's not a botnet and the connection is intended and they better stop sending those letters as not to make a fool of themselves and lose some customers because of it...

[BlueWall]

Thanks!

[sadpandatech]

I agree with the above poster.

Also tell them that it's not a botnet and the connection is intended and they better stop sending those letters as not to make a fool of themselves and lose some customers because of it...

   Agree, but they don't care.  My production machine now includes the -noirc option since my last post about this same topic. However, any time I hook up a new client that I want to connect in that manner they send me the email. I have of course responded, kindly informing them of their ignorance and requesting them to stop spamming me. My replies have gone completely ignored to date.

[odysseus654]

With the reputation that IRC in general has gotten over the years, I wouldn't be surprised if any IRC-like communication is declared malicious...

[Raoul Duke]

I agree with the above poster.

Also tell them that it's not a botnet and the connection is intended and they better stop sending those letters as not to make a fool of themselves and lose some customers because of it...

   Agree, but they don't care.  My production machine now includes the -noirc option since my last post about this same topic. However, any time I hook up a new client that I want to connect in that manner they send me the email. I have of course responded, kindly informing them of their ignorance and requesting them to stop spamming me. My replies have gone completely ignored to date.

Well, that's clearly a case where you just do to their letters the exact same thing they do to your emails, you ignore them

[sadpandatech]

I agree with the above poster.

Also tell them that it's not a botnet and the connection is intended and they better stop sending those letters as not to make a fool of themselves and lose some customers because of it...

   Agree, but they don't care.  My production machine now includes the -noirc option since my last post about this same topic. However, any time I hook up a new client that I want to connect in that manner they send me the email. I have of course responded, kindly informing them of their ignorance and requesting them to stop spamming me. My replies have gone completely ignored to date.

Well, that's clearly a case where you just do to their letters the exact same thing they do to your emails, you ignore them

  Shortly after I typed that up I setup a copy/paste auto response to any emails from abuse@att.com informing them that spamming email on their own network is still spam and to kindly leave me the F*&k alone.

  OT; I love receiving phishing emails from people not smart enough to set character limits, etc for the http post form data. ;p I noticed one from 'Western Union' today in the spam folder of a sub acct and figured they could probably use a few gigs worth of bogus usernames and passwords to weed through. ;p

[Exonumia]

You can also have the client skip the IRC bootstrapping by adding:

noirc=1

in your bitcoin.conf file.

You could also use the command line option: add -noirc after the bitcoin launch for example: "bitcoin.exe -noirc"

[Gabi]

With the reputation that IRC in general has gotten over the years, I wouldn't be surprised if any IRC-like communication is declared malicious...

They can declare what the fuck they want, it won't change the fact it is legit and we will use it

[odysseus654]

With the reputation that IRC in general has gotten over the years, I wouldn't be surprised if any IRC-like communication is declared malicious...

They can declare what the fuck they want, it won't change the fact it is legit and we will use it

Not saying it isn't legit (and if the problems get too bad it can be disabled as mentioned above or we can use DHT or something) but I've seen a couple AUPs that explicitly mention IRC as something Not To Be Done.  Quick google search shows a thread from 2003 about a datacenter that banned it.

Get as mad as you want at this, a lot of people don't even know what TELNET is these days (recently went to a meeting where someone tried to explain the concept and how it differs from the web).

[Edit] Will "excessive twitter activity" be soon seen as suspicion of a botnet?  What about putting the two concepts together and getting a Bitcoin Twitter botnet?

[tlhonmey]

A-lot of Time & Trouble usually lives up to its name.  Unfortunately their scanning for botnets is most likely completely automated, and I doubt that they are competent enough to have the ability to enter exceptions.  Don't get too mad at them though, they are, at least, _trying_ to protect you from having your accounts hacked.  Even if they are failing miserably.