Re: [PEN-TEST] IRC

[Simon Waters <Simon () wretched demon co uk>]

Jason Witty wrote:
> What about all of the various trojans that do things like post "Hey world,
> 100.1.1.1 is infected with SubSeven, Come Hack me!" to #hack or the like?
> And the same thing goes for trojans that simply post your IP, FQDN, and NT
> SAM file?  What if the next Outlook worm that comes around simply does the
> things mentioned above, then copies the contents of c:\My Documents (or the
> like) to IRC?

Exactly the same as for NNTP or SMTP (And to a lesser extent HTTP and
DNS) and Netmeeting (H323 and friends). Perhaps proxies are better
developed for these mainstream business protocols, but all allow sending
and receiving of information across the perimeter so all could be used
to manipulate trojans and steal information (And most (all?) have been)

The client choice would put me off - many had "problems" (read trojan
like) - and at least one free product author refuses to open/reveal
source of key software components <something smells here to me - it
might just be IPR infringement>.

Maybe Java applets have a place here, or "telnet to IRC" gateways - if
people really want to supply IRC through a firewall - do it so that the
client (and proxy) software has minimal scope to abuse hosts inside the
perimeter.

--
Business http://www.eighth-layer.com/
Personal http://www.wretched.demon.co.uk/