Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: lifestages on IRC

From: rvdm () CISTRON NL (Robert van der Meulen)
Date: Mon, 10 Jul 2000 11:23:58 +0200

Hi,

Quoting Omicron N (omicron () pes edu):

      I was on IRC ( on Win 2000) when i received a mesg window asking
for permission to transfer the file LIFE_STAGES.TXT, I naturally said
no. But when i saw the message in the Server connection window, the name
was LIFE_STAGES.SHS. Now the threat from a virus/worm remains remote if

This is a known problem.


      Is it possible to spoof the ip address given by the irc client to
the IRC server ? Actually, i'm new to IRC and don't know anything about
this.  This "offer" of file happened twice , so i've started using irc on
linux only. Also What can i do to track the guy who was doing me this
"favor" ?

The thing is, that in a DCC file transfer, you would have to spoof the ip
address from the perp's client to your client, as DCC is a direct file
transfer protocol.
All standard spoofing rules apply, meaning you can only do it if you're able
to predect sequence numbering, either by sniffing or estimating/guessing.
Chances are small that someone would go trough such lengths only to transmit
a virus.

Greets,
        Robert/Emphyrio

--
|      rvdm () cistron nl - Cistron Internet Services - www.cistron.nl        |
|          php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security             |
|         My statements are mine, and not necessarily cistron's.           |
      "Invalid element 'rvdm' in content of 'p'." (WAP emulator error)
Previous By Date Next
Previous By Thread Next

Current thread: