Penetration Testing mailing list archives
Re: [PEN-TEST] IRC
From: Darwin Mecham <dmecham () SCIENTECH COM>
Date: Thu, 22 Feb 2001 16:56:21 -0700
At -0500 Thursday 02:48 PM 2/22/2001, you wrote:
Does anyone know where I can get good documentation on the weakness of IRC and how allowing such a service through the firewall can compormise security. Thanks
A simple demonstration is sufficient for most managers. Download the latest version of an IRC client. (Turbo IRC2000 will do) Configure to deny but log DCC file download requests. Connect to an IRC server - undernet is ok... /join #newbies The very 1st thing that happens is a 'bot' tries to get you to download the latest e-mail sending virus. IRC is the wild wild west with no sheriff in sight. End Of Story... Darwin L. Mecham SCIENTECH Inc. 1690 International Way Idaho Falls, ID. 83402 208.525.3741 (voice) 208.529.4721 (fax)
Current thread:
- [PEN-TEST] IRC Beauregard, Claude Q (Feb 22)
- Re: [PEN-TEST] IRC Drie, Arie (Feb 23)
- Re: [PEN-TEST] IRC Fabio Pietrosanti (Feb 26)
- Re: [PEN-TEST] IRC Helmut Springer (Feb 26)
- Re: [PEN-TEST] IRC Fabio Pietrosanti (Feb 26)
- Re: [PEN-TEST] IRC Marius Huse Jacobsen (Feb 24)
- <Possible follow-ups>
- Re: [PEN-TEST] IRC Brooke, O'neil (EXP) (Feb 22)
- Re: [PEN-TEST] IRC Darwin Mecham (Feb 22)
- Re: [PEN-TEST] IRC Jason Witty (Feb 22)
- Re: [PEN-TEST] IRC Simon Waters (Feb 23)
- Re: [PEN-TEST] IRC Drie, Arie (Feb 23)