Security Incidents mailing list archives
Re: lifestages on IRC
From: rvdm () CISTRON NL (Robert van der Meulen)
Date: Mon, 10 Jul 2000 11:23:58 +0200
Hi, Quoting Omicron N (omicron () pes edu):
I was on IRC ( on Win 2000) when i received a mesg window asking for permission to transfer the file LIFE_STAGES.TXT, I naturally said no. But when i saw the message in the Server connection window, the name was LIFE_STAGES.SHS. Now the threat from a virus/worm remains remote if
This is a known problem.
Is it possible to spoof the ip address given by the irc client to the IRC server ? Actually, i'm new to IRC and don't know anything about this. This "offer" of file happened twice , so i've started using irc on linux only. Also What can i do to track the guy who was doing me this "favor" ?
The thing is, that in a DCC file transfer, you would have to spoof the ip address from the perp's client to your client, as DCC is a direct file transfer protocol. All standard spoofing rules apply, meaning you can only do it if you're able to predect sequence numbering, either by sniffing or estimating/guessing. Chances are small that someone would go trough such lengths only to transmit a virus. Greets, Robert/Emphyrio -- | rvdm () cistron nl - Cistron Internet Services - www.cistron.nl | | php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security | | My statements are mine, and not necessarily cistron's. | "Invalid element 'rvdm' in content of 'p'." (WAP emulator error)
Current thread:
- Re: scan log and subsequent response from the host's ISP, (continued)
- Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 07)
- Re: scan log and subsequent response from the host's ISP Michal Nazarewicz (Jul 07)
- Re: scan log and subsequent response from the host's ISP Osvaldo Janeri Filho (Jul 10)
- Intrusion, WuFTP exploit? David Knaack (Jul 07)
- Re: scan log and subsequent response from the host's ISP Philipp Buehler (Jul 11)
- Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 07)
- Re: scan log and subsequent response from the host's ISP Pauel Loshkin (Jul 07)
- Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 10)
- Re: scan log and subsequent response from the host's ISP Pavel Lozhkin (Jul 10)
- Snort (about large-udp attack) JW Oh (Jul 10)
- lifestages on IRC Omicron N (Jul 09)
- Re: lifestages on IRC Robert van der Meulen (Jul 10)
- Re: lifestages on IRC Vincent Hillier (Jul 10)
- Re: lifestages on IRC T. H. Haymore (Jul 10)
- tin.it and others non collaborative isps. Osvaldo Janeri Filho (Jul 07)
- Re: tin.it and others non collaborative isps. Bradley Woodward (Jul 10)
- Some stats of events Henri J. Schlereth (Jul 10)
- Re: tin.it and others non collaborative isps. gabriel rosenkoetter (Jul 10)
- Re: tin.it and others non collaborative isps. Philipp Buehler (Jul 11)
- Re: tin.it and others non collaborative isps. Richard Bejtlich (Jul 11)
- Hostile email mmurray () TAOS COM (Jul 12)