AT&T "IRC Botnet" Warning | Bitcointalksearch.org

em3rgentOrdr

sr. member

Activity: 434

Merit: 252

youtube.com/ericfontainejazz now accepts bitcoin

Quote from: mewantsbitcoins on May 19, 2011, 10:42:21 AM

Quote from: ?? on ??

Quote from: mewantsbitcoins on May 19, 2011, 10:22:13 AM

The best way is to keep your wifi open so the good people of this world can use it. When is this scaremongering going to end?

That's cool. But do not keep the box with your bitcoin wallet on the same network, unless you know exactly what are you doing.

When a kid is growing up and and discovers that there is a dangerous road you teach him to look both ways before crossing - not by building a city without cars.
It takes one evening of reading to get familiar with security practices and we, being more knowledgeable in this particular area, should encourage this.
https://www.eff.org/deeplinks/2011/04/open-wireless-movement

Aha. Yes, the open wireless movement. But those protocols still haven't been finalized yet, so for the time being my wireless is closed and hidden Sad

(I used to keep it open though, until I found out about the guy that was jailed for child porn going through his wireless that he didn't ask for).

mewantsbitcoins

full member

Activity: 126

Merit: 101

Quote from: ?? on ??

Quote from: mewantsbitcoins on May 19, 2011, 10:22:13 AM

The best way is to keep your wifi open so the good people of this world can use it. When is this scaremongering going to end?

That's cool. But do not keep the box with your bitcoin wallet on the same network, unless you know exactly what are you doing.

When a kid is growing up and and discovers that there is a dangerous road you teach him to look both ways before crossing - not by building a city without cars.
It takes one evening of reading to get familiar with security practices and we, being more knowledgeable in this particular area, should encourage this.
https://www.eff.org/deeplinks/2011/04/open-wireless-movement

compro01

hero member

Activity: 590

Merit: 500

Quote from: ?? on ??

Quote from: lulzplzkthx on May 18, 2011, 03:17:15 PM

...

(they recommend you swith cto WEP encryption if you aren't using it.)

WEP is broken, there is not much practical difference between open wifi and wifi with WEP. If you use WPA2 with a very strong passphrase, than there is some hope, but the best idea is not to use wifi at all, if you can help it.

WEP is basically a "keep out" sign and a latch.

theymos

administrator

Activity: 5222

Merit: 13032

AT&T U-Verse RGs do use WPA2 by default, so they're not totally clueless about it.

mewantsbitcoins

full member

Activity: 126

Merit: 101

Quote from: ?? on ??

Quote from: lulzplzkthx on May 18, 2011, 03:17:15 PM

...

(they recommend you swith cto WEP encryption if you aren't using it.)

WEP is broken, there is not much practical difference between open wifi and wifi with WEP. If you use WPA2 with a very strong passphrase, than there is some hope, but the best idea is not to use wifi at all, if you can help it.

It must be NSA and GCHQ are the ones who stay behind all those 'use WEP' recommendations. Either that or AT&T and BT and others are utterly incompetent. Well... maybe both.

Interestingly, not so long ago on one information security related exhibition, when I asked a BT rep how they secure their residential customer's wifi, he proudly told me that they use WEP by default. Than another BT security expert was trying to convince me that I shall not use ssh anymore because it is vulnerable.

BT is UK's version of AT&T.

The best way is to keep your wifi open so the good people of this world can use it. When is this scaremongering going to end?

lulzplzkthx

sr. member

Activity: 322

Merit: 251

Quote from: xf2_org on May 19, 2011, 03:33:35 AM

The bitcoin client behaves very, very similarly to a botnet because they are both distributed systems that use IRC for command-and-control.

As I've said, I understand that. I'm still curious as to whether it was Bitcoin that set off their filter, or whether it was IRC client connected to four networks.

They gave a time and an IP address (which isn't the ONLY time I had them all running. They're all running all the time,) which wasn't very much help either.

And again, I detest them telling people to "switch to WEP".

AT&T is of course, still better than Comcast, etc. in my books.

xf2_org

member

Activity: 98

Merit: 13

The bitcoin client behaves very, very similarly to a botnet because they are both distributed systems that use IRC for command-and-control.

em3rgentOrdr

sr. member

Activity: 434

Merit: 252

youtube.com/ericfontainejazz now accepts bitcoin

AT&T: protecting society from botnets. Everyday. Thank you.

kjj

legendary

Activity: 1302

Merit: 1026

999,999 times out of a million, there is a pwn3d box on that customer line and the customer has no idea. The other time, you know better.

Props to AT&T for doing their small part to help.

Mike Hearn

legendary

Activity: 1526

Merit: 1134

Yeah it's a pretty reasonable assumption on AT&Ts part. I'm glad they're trying to keep their part of the internet clean.

You can just run with -noirc and use the DNS bootstrapping if you like. IRC discovery has a ton of problems and it's not supportable in the long run. The sooner we move to DNS the better, IMHO.

lulzplzkthx

sr. member

Activity: 322

Merit: 251

I understand many botnets use IRC theymos, but some accusations are ridiculous. They basically assume it MUST be a botnet, and I can see many uninformed individuals switch from WPA2 to WEP becuase "AT&T told them to".

I will send them an email letting them know about Bitcoin.

MoonShadow

legendary

Activity: 1708

Merit: 1010

Quote from: lulzplzkthx on May 18, 2011, 03:17:15 PM

Now I'm not sure whether it's my client which set them off (I started that about a week ago, as I migrated from a shell a friend gave me), or whether it's Bitcoin's boostrapping process.

It's most likely your bitcoin client, as AT&T can filter IRC connections for anything that might look like an automated process using an IRC channel for command and control. I'd recommend sending a notice to the abuse address to let them know about Bitcoin and how it uses that particular IRC channel for peer discovery, and they can filter out that channel from their watchdog processes.

theymos

administrator

Activity: 5222

Merit: 13032

I don't find the email to be unreasonable. This behavior probably is associated with botnets in almost all cases.

For a home Internet provider, I've found AT&T to be pretty accommodating. They unblocked my SMTP port as soon as I asked them, for example.

lulzplzkthx

sr. member

Activity: 322

Merit: 251

Hey guys,

I use IRC a lot. I have a server at home (on my sadly 368 Kbps upstream) constantly connected to 4 IRC networks (including my Bitlbee server to forward my IM to my IRC client), and of course, I have Bitcoin which (I believe) still bootstraps to IRC. I received an email from AT&T (my ISP) yesterday informing me that they detected I was "probably part of a botnet" because they "logged IRC connections", etc. etc. It goes on about sending spam, how to get tested, and to please send them an email at "[email protected]" or something so they know you're working on the issue.

Now I'm not sure whether it's my client which set them off (I started that about a week ago, as I migrated from a shell a friend gave me), or whether it's Bitcoin's boostrapping process.

I'm curious as to whether anybody else has received a similar email since installing Bitcoin?

Somebody has posted about AT&T sending these emails here if you'd like to read the message they send. It's pretty ridiculous (they recommend you swith cto WEP encryption if you aren't using it.)

~lulzplzkthx

Topic: AT&T "IRC Botnet" Warning (Read 3976 times)