Penetration Testing mailing list archives

Re: [PEN-TEST] IRC

From: Fabio Pietrosanti <naif () SIKUREZZA ORG>
Date: Mon, 26 Feb 2001 13:13:37 +0100

On Fri, 23 Feb 2001, Drie, Arie wrote:

On Thu, 22 Feb 2001, Beauregard, Claude Q wrote:

Does anyone know where I can get good documentation on the weakness of IRC
and how allowing such a service through the firewall can compormise
security.


In addition to what has been said in the other replies to this:

IRC is nasty for security. If you want to allow it, educate your users and
be very strict with them. VERY! Put the whip in the corner for them too
see ;)

Since DCC uses a random port you cannot block it without making pretty
much all other traffic impossible:


Linux has a module for handling DCC SEND in his nat subsystem, and should
be pretty easy to hack it to rewrite the DCC SEND command with ip address
such as 127.0.0.1 :)


Tell your users
NEVER to accept DCC sends
NEVER to do a DCC send

Users does'nt respect policy!


DCC chat is pretty ok IMHO.

It's dangerous from a firewalling point of view initializing dcc chat.


Once i set up IRC clients for a conference. Instead of using a regular
client, i ran a script on an internal webserver (accessible through a
browser) which *only* allowed standard IRC. This solved pretty much all my
security problems. Clients use port 80 to connect with the script; the
script does the IRC connect. Luckily i knew some undernet ops, because you
might run into another problem here: multiple clients. This can be a
problem anyway when you do masquerading of your internal network.

There are quite a few scripts and java applets to help you here.

I assume you do not have Linux or other opensource clients, 'cos in that
case you might wanna hack into an IRC clients' source a bit to disable DCC
alltogether.

Last but not least: your question is not entirely clear. If you mean by
'allowing such a service' running an IRC server you are in for another
ballgame...

Grtz,


./arjen -v
v3

---------------------------------------------------
| while ( != a_funny_quote(); ) a_wise_expression(); |
---------------------------------------------------


naif
naif () sikurezza org

Current thread:

[PEN-TEST] IRC Beauregard, Claude Q (Feb 22)
- Re: [PEN-TEST] IRC Drie, Arie (Feb 23)
  - Re: [PEN-TEST] IRC Fabio Pietrosanti (Feb 26)
    - Re: [PEN-TEST] IRC Helmut Springer (Feb 26)
- Re: [PEN-TEST] IRC Marius Huse Jacobsen (Feb 24)
- <Possible follow-ups>
- Re: [PEN-TEST] IRC Brooke, O'neil (EXP) (Feb 22)
- Re: [PEN-TEST] IRC Darwin Mecham (Feb 22)
- Re: [PEN-TEST] IRC Jason Witty (Feb 22)
  - Re: [PEN-TEST] IRC Simon Waters (Feb 23)