Bitcoin Forum
December 05, 2016, 12:37:40 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: AT&T "IRC Botnet" Warning  (Read 3645 times)
lulzplzkthx
Sr. Member
****
Offline Offline

Activity: 322



View Profile WWW
May 18, 2011, 08:17:15 PM
 #1

Hey guys,

I use IRC a lot. I have a server at home (on my sadly 368 Kbps upstream) constantly connected to 4 IRC networks (including my Bitlbee server to forward my IM to my IRC client), and of course, I have Bitcoin which (I believe) still bootstraps to IRC. I received an email from AT&T (my ISP) yesterday informing me that they detected I was "probably part of a botnet" because they "logged IRC connections", etc. etc. It goes on about sending spam, how to get tested, and to please send them an email at "abuse@att.net" or something so they know you're working on the issue.

Now I'm not sure whether it's my client which set them off (I started that about a week ago, as I migrated from a shell a friend gave me), or whether it's Bitcoin's boostrapping process.

I'm curious as to whether anybody else has received a similar email since installing Bitcoin?

Somebody has posted about AT&T sending these emails here if you'd like to read the message they send. It's pretty ridiculous (they recommend you swith cto WEP encryption if you aren't using it.)

~lulzplzkthx

1480898260
Hero Member
*
Offline Offline

Posts: 1480898260

View Profile Personal Message (Offline)

Ignore
1480898260
Reply with quote  #2

1480898260
Report to moderator
1480898260
Hero Member
*
Offline Offline

Posts: 1480898260

View Profile Personal Message (Offline)

Ignore
1480898260
Reply with quote  #2

1480898260
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480898260
Hero Member
*
Offline Offline

Posts: 1480898260

View Profile Personal Message (Offline)

Ignore
1480898260
Reply with quote  #2

1480898260
Report to moderator
1480898260
Hero Member
*
Offline Offline

Posts: 1480898260

View Profile Personal Message (Offline)

Ignore
1480898260
Reply with quote  #2

1480898260
Report to moderator
1480898260
Hero Member
*
Offline Offline

Posts: 1480898260

View Profile Personal Message (Offline)

Ignore
1480898260
Reply with quote  #2

1480898260
Report to moderator
theymos
Administrator
Legendary
*
expert
Online Online

Activity: 2492


View Profile
May 18, 2011, 09:13:24 PM
 #2

I don't find the email to be unreasonable. This behavior probably is associated with botnets in almost all cases.

For a home Internet provider, I've found AT&T to be pretty accommodating. They unblocked my SMTP port as soon as I asked them, for example.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
MoonShadow
Legendary
*
Offline Offline

Activity: 1666



View Profile
May 18, 2011, 09:19:23 PM
 #3

Now I'm not sure whether it's my client which set them off (I started that about a week ago, as I migrated from a shell a friend gave me), or whether it's Bitcoin's boostrapping process.

It's most likely your bitcoin client, as AT&T can filter IRC connections for anything that might look like an automated process using an IRC channel for command and control.  I'd recommend sending a notice to the abuse address to let them know about Bitcoin and how it uses that particular IRC channel for peer discovery, and they can filter out that channel from their watchdog processes.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
lulzplzkthx
Sr. Member
****
Offline Offline

Activity: 322



View Profile WWW
May 18, 2011, 09:33:58 PM
 #4

I understand many botnets use IRC theymos, but some accusations are ridiculous. They basically assume it MUST be a botnet, and I can see many uninformed individuals switch from WPA2 to WEP becuase "AT&T told them to".

I will send them an email letting them know about Bitcoin.

Mike Hearn
Legendary
*
expert
Offline Offline

Activity: 1526


View Profile
May 19, 2011, 07:11:25 AM
 #5

Yeah it's a pretty reasonable assumption on AT&Ts part. I'm glad they're trying to keep their part of the internet clean.

You can just run with -noirc and use the DNS bootstrapping if you like. IRC discovery has a ton of problems and it's not supportable in the long run. The sooner we move to DNS the better, IMHO.
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
May 19, 2011, 07:25:41 AM
 #6

999,999 times out of a million, there is a pwn3d box on that customer line and the customer has no idea.  The other time, you know better.

Props to AT&T for doing their small part to help.

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
em3rgentOrdr
Sr. Member
****
Offline Offline

Activity: 434


youtube.com/ericfontainejazz now accepts bitcoin


View Profile WWW
May 19, 2011, 07:30:48 AM
 #7

AT&T: protecting society from botnets.  Everyday.  Thank you.

"We will not find a solution to political problems in cryptography, but we can win a major battle in the arms race and gain a new territory of freedom for several years.

Governments are good at cutting off the heads of a centrally controlled networks, but pure P2P networks are holding their own."
xf2_org
Member
**
Offline Offline

Activity: 70


View Profile
May 19, 2011, 08:33:35 AM
 #8


The bitcoin client behaves very, very similarly to a botnet because they are both distributed systems that use IRC for command-and-control.
lulzplzkthx
Sr. Member
****
Offline Offline

Activity: 322



View Profile WWW
May 19, 2011, 02:44:53 PM
 #9


The bitcoin client behaves very, very similarly to a botnet because they are both distributed systems that use IRC for command-and-control.

As I've said, I understand that. I'm still curious as to whether it was Bitcoin that set off their filter, or whether it was IRC client connected to four networks.

They gave a time and an IP address (which isn't the ONLY time I had them all running. They're all running all the time,) which wasn't very much help either.

And again, I detest them telling people to "switch to WEP".

AT&T is of course, still better than Comcast, etc. in my books.

mewantsbitcoins
Full Member
***
Offline Offline

Activity: 126


View Profile
May 19, 2011, 03:22:13 PM
 #10

...

 (they recommend you swith cto WEP encryption if you aren't using it.)


WEP is broken, there is not much practical difference between open wifi and wifi with WEP. If you use WPA2 with a very strong passphrase, than there is some hope, but the best idea is not to use wifi at all, if you can help it.

It must be NSA and GCHQ are the ones who stay behind all those 'use WEP' recommendations. Either that or AT&T and BT and others are utterly incompetent. Well... maybe both.

Interestingly, not so long ago on one information security related exhibition, when I asked a BT rep how they secure their residential customer's wifi, he proudly told me that they use WEP by default. Than another BT security expert was trying to convince me that I shall not use ssh anymore because it is vulnerable.

BT is UK's version of AT&T.


The best way is to keep your wifi open so the good people of this world can use it. When is this scaremongering going to end?
theymos
Administrator
Legendary
*
expert
Online Online

Activity: 2492


View Profile
May 19, 2011, 03:28:48 PM
 #11

AT&T U-Verse RGs do use WPA2 by default, so they're not totally clueless about it.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
compro01
Hero Member
*****
Offline Offline

Activity: 485


View Profile
May 19, 2011, 03:35:07 PM
 #12

...

 (they recommend you swith cto WEP encryption if you aren't using it.)


WEP is broken, there is not much practical difference between open wifi and wifi with WEP. If you use WPA2 with a very strong passphrase, than there is some hope, but the best idea is not to use wifi at all, if you can help it.


WEP is basically a "keep out" sign and a latch.
mewantsbitcoins
Full Member
***
Offline Offline

Activity: 126


View Profile
May 19, 2011, 03:42:21 PM
 #13

The best way is to keep your wifi open so the good people of this world can use it. When is this scaremongering going to end?

That's cool. But do not keep the box with your bitcoin wallet on the same network, unless you know exactly what are you doing.


When a kid is growing up and and discovers that there is a dangerous road you teach him to look both ways before crossing - not by building a city without cars.
It takes one evening of reading to get familiar with security practices and we, being more knowledgeable in this particular area, should encourage this.
https://www.eff.org/deeplinks/2011/04/open-wireless-movement
em3rgentOrdr
Sr. Member
****
Offline Offline

Activity: 434


youtube.com/ericfontainejazz now accepts bitcoin


View Profile WWW
May 19, 2011, 08:12:42 PM
 #14

The best way is to keep your wifi open so the good people of this world can use it. When is this scaremongering going to end?

That's cool. But do not keep the box with your bitcoin wallet on the same network, unless you know exactly what are you doing.


When a kid is growing up and and discovers that there is a dangerous road you teach him to look both ways before crossing - not by building a city without cars.
It takes one evening of reading to get familiar with security practices and we, being more knowledgeable in this particular area, should encourage this.
https://www.eff.org/deeplinks/2011/04/open-wireless-movement

Aha.  Yes, the open wireless movement.  But those protocols still haven't been finalized yet, so for the time being my wireless is closed and hidden Sad (I used to keep it open though, until I found out about the guy that was jailed for child porn going through his wireless that he didn't ask for).

"We will not find a solution to political problems in cryptography, but we can win a major battle in the arms race and gain a new territory of freedom for several years.

Governments are good at cutting off the heads of a centrally controlled networks, but pure P2P networks are holding their own."
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!