Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Undernet/telnet attempts?

From: opus () IRCORE COM (Opus)
Date: Wed, 23 Feb 2000 00:07:26 -0600

please email me privately so as not promoting my network here in a
listserv, and i will then show you the log of you connecting, if you tell
me you had connected, i do not log as to whether i find you being a open
proxy, i log that you connected to my network, i trust the code that i
have written, and the only complaints i have received is from those not
knowing how to configure their proxy software, once they have configured
their software, they are able to connect.

This is not a kiddy network this is a successful financial trading
network.  If you are seriously in doubt and concerned about the integrity
of such matters, i would even be willing to show you the source code.  I
can not obviously vouge for everyone, but the concept that it is trying to
cover is as sound as can be without jeapordizing the 97% of users who do
not abuse such things.

Chris Birch
IRCore
opus@ircore,com

On Tue, 22 Feb 2000 tibor () lib uaa alaska edu wrote:


On Mon, 21 Feb 2000, Opus wrote:


I have written such a service and basically whatt is done is port 23 is
checked for wingate and a wingate prompt, if one is seen then the client
is immediately removed from the server with a gline.  The other port is
1080 SOCKS and it is checked for a specific hex pattern to determine if it
infact is responding as an open SOCKS proxy, both are considered bad in
the irc community for its ability to allow anyone to use them from the
outside, thus evading bans and glines imposed for various reasons.


Hmmm... I've connected to a couple of different Undernet IRC servers
today, as well as telnet.chatsystems.com to try to see if I could trigger
a probe, but haven't seen anything after several hours.

This, along with the fact that they have no logs to back up their claim
that probes are only triggered by IRC connections, doesn't make me
particularly confident that they're being honest.

Mike
--
Mike Tibor         Univ. of Alaska Anchorage    (907) 786-1001 voice
LAN Technician     Consortium Library             (907) 786-6050 fax
tibor () lib uaa alaska edu       http://www.lib.uaa.alaska.edu/~tibor/
http://www.lib.uaa.alaska.edu/~tibor/pgpkey  for PGP public key
Previous By Date Next
Previous By Thread Next

Current thread: