> > We've cut our bandwidth use in half by getting rid of that. We also > > checked the logs and added several dozen more addresses > > to /etc/hosts.deny, including many script based password guess attempts > > that didn't get in. And put portsentry in its most paranoid anal mode > > with a few additions yet. Might have been set up to host a botnet. A hacker will set up a rogue IRC server and then point his army of infected bots to it for instructions. So you'll find a channel with thousands of users in a room, but nobody talking. What you have are all infected machines monitoring the channel for commands from the hacker. This gives the hacker a few layers of protection so very, very difficult to catch. They use these botnets to distribute spam, launch DDOS, or whatever else their imagination came come up with. Either of those would contribute to an increase in bandwidth usage. Jacques B.
