IRC: Access

This signature detects IRC chat that is using the "nick" command. IRC chat users communicate using a "nick," which is a chosen nickname. Additionally, compromised machines can join an IRC "botnet," an IRC channel under control of a malicious hacker. IRC traffic from systems not normally allowed to connect to IRC channels (such as infrastructure servers) can indicate this has occurred. Users can change the port range on the signature to check for IRC traffic across all ports. Note: this can impact the IDP performance.

Short Name
CHAT:IRC:NICK
Severity
Info
Recommended
False
Recommended Action
None
Category
CHAT
Keywords
Access
Release Date
04/22/2003
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Rarely

Found a potential security threat?