Penetration Testing mailing list archives
Re: [PEN-TEST] IRC
From: Simon Waters <Simon () wretched demon co uk>
Date: Fri, 23 Feb 2001 13:24:13 +0000
Jason Witty wrote:
What about all of the various trojans that do things like post "Hey world, 100.1.1.1 is infected with SubSeven, Come Hack me!" to #hack or the like? And the same thing goes for trojans that simply post your IP, FQDN, and NT SAM file? What if the next Outlook worm that comes around simply does the things mentioned above, then copies the contents of c:\My Documents (or the like) to IRC?
Exactly the same as for NNTP or SMTP (And to a lesser extent HTTP and DNS) and Netmeeting (H323 and friends). Perhaps proxies are better developed for these mainstream business protocols, but all allow sending and receiving of information across the perimeter so all could be used to manipulate trojans and steal information (And most (all?) have been) The client choice would put me off - many had "problems" (read trojan like) - and at least one free product author refuses to open/reveal source of key software components <something smells here to me - it might just be IPR infringement>. Maybe Java applets have a place here, or "telnet to IRC" gateways - if people really want to supply IRC through a firewall - do it so that the client (and proxy) software has minimal scope to abuse hosts inside the perimeter. -- Business http://www.eighth-layer.com/ Personal http://www.wretched.demon.co.uk/
Current thread:
- [PEN-TEST] IRC Beauregard, Claude Q (Feb 22)
- Re: [PEN-TEST] IRC Drie, Arie (Feb 23)
- Re: [PEN-TEST] IRC Fabio Pietrosanti (Feb 26)
- Re: [PEN-TEST] IRC Helmut Springer (Feb 26)
- Re: [PEN-TEST] IRC Fabio Pietrosanti (Feb 26)
- Re: [PEN-TEST] IRC Marius Huse Jacobsen (Feb 24)
- <Possible follow-ups>
- Re: [PEN-TEST] IRC Brooke, O'neil (EXP) (Feb 22)
- Re: [PEN-TEST] IRC Darwin Mecham (Feb 22)
- Re: [PEN-TEST] IRC Jason Witty (Feb 22)
- Re: [PEN-TEST] IRC Simon Waters (Feb 23)
- Re: [PEN-TEST] IRC Drie, Arie (Feb 23)