Security Incidents mailing list archives
Re: lifestages on IRC
From: bonk () WEBCHAT CHATSYSTEMS COM (T. H. Haymore)
Date: Mon, 10 Jul 2000 10:27:59 -0500
On Sun, 9 Jul 2000, Omicron N wrote:
hi
I was on IRC ( on Win 2000) when i received a mesg window asking
for permission to transfer the file LIFE_STAGES.TXT, I naturally said
no. But when i saw the message in the Server connection window, the name
was LIFE_STAGES.SHS. Now the threat from a virus/worm remains remote if
the user is alert. But what i want to know is if it is possible to fool
the user into clicking the wrong button and making him execute the file.
Assuming you were using mIRC, when one sends you something via DCC, their real IP shows. I have never heard of that being 'spoofable'. [11:16] -l33td00d- DCC Send lamer.txt (123.123.123.100) <--Ip of sending machine/client. It bothers me to see that you're being sent a file that indicates it's one thing and it's really something else. Although the IP of the sender shows, the real name of the file should show as well. Was it a ctcp command you observed initially ? (ie /ctcp LIFE_STAGES.TXT) or a notice ? Was it a GUI popup that displayed it ? If it's a txt file that's showing as being sent and it's not, that's a problem the IRC Admins need to be aware of to include the maker of the client.
Is it possible to spoof the ip address given by the irc client to
the IRC server ? Actually, i'm new to IRC and don't know anything about
this. This "offer" of file happened twice , so i've started using irc on
linux only. Also What can i do to track the guy who was doing me this
"favor" ?
To find the user, find an IRC Operator to have them look for the user provided you're on a network such as Undernet or DALNet that has IRCU to support such a command. EFNet doesn't.
Cheers Cheedu -- ******* Sridhar (cheedu) || mail: cheedu () grex org II Sem, || page: http://www.geocities.com/sri_dhar_n B.E Info Tech || site: cheedu.dyndns.org PESIT || nick: omicron,cheedu Smile.. Tomorrow will be worse --
================================================ Travis AKA BONK Email: Bonk () Undernet Org | Bonk () Wildstar Net ================================================
Current thread:
- Re: scan log and subsequent response from the host's ISP, (continued)
- Re: scan log and subsequent response from the host's ISP Osvaldo Janeri Filho (Jul 10)
- Intrusion, WuFTP exploit? David Knaack (Jul 07)
- Re: scan log and subsequent response from the host's ISP Philipp Buehler (Jul 11)
- Re: scan log and subsequent response from the host's ISP Pauel Loshkin (Jul 07)
- Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 10)
- Re: scan log and subsequent response from the host's ISP Pavel Lozhkin (Jul 10)
- Snort (about large-udp attack) JW Oh (Jul 10)
- lifestages on IRC Omicron N (Jul 09)
- Re: lifestages on IRC Robert van der Meulen (Jul 10)
- Re: lifestages on IRC Vincent Hillier (Jul 10)
- Re: lifestages on IRC T. H. Haymore (Jul 10)
- Re: scan log and subsequent response from the host's ISP Forrester, Mike (Jul 07)
- tin.it and others non collaborative isps. Osvaldo Janeri Filho (Jul 07)
- Re: tin.it and others non collaborative isps. Bradley Woodward (Jul 10)
- Some stats of events Henri J. Schlereth (Jul 10)
- Re: tin.it and others non collaborative isps. gabriel rosenkoetter (Jul 10)
- Re: tin.it and others non collaborative isps. Philipp Buehler (Jul 11)
- Re: tin.it and others non collaborative isps. Richard Bejtlich (Jul 11)
- Hostile email mmurray () TAOS COM (Jul 12)
- I Was rooted Andrew Heath (Jul 17)
- Obfuscated URL's in spam Kee Hinckley (Jul 18)
- tin.it and others non collaborative isps. Osvaldo Janeri Filho (Jul 07)