IRC - 194

Unencrypted communication, making it vulnerable to eavesdropping.

Abuse for botnet command and control (C2) communications.

Exploitation of weak authentication.

Use secure IRC with SSL/TLS encryption.

Monitor and block IRC traffic if not required.

Implement strong authentication measures for IRC servers

Unusual outgoing connections to IRC servers.

High volumes of IRC traffic.

Known botnet C2 IPs or domains in network logs.