Penetration Testing mailing list archives
Re: IRC protocols and insecurity
From: Chris Green <cmg () dok org>
Date: Wed, 08 Sep 2004 14:15:48 -0400
proc ps <procps () softhome net> writes: [snip]
As the clients purpose are just for file sharing, email, internet access, instant messaging and some irc usage for the students.
[snip]
How can I secure/scan for virii what the members are downloading via IRC? How about the possibilities of hijacking connections via IRC? What are the threats that can come to this network via the IRC protocol?
The File transfer capabilities of IRC are implemented using the DCC protocol. DCC was an addon after IRC was created that transmits port information across the messages between clients and then one client connects to the other client without using the server at all. http://www.irchelp.org/irchelp/rfc/dccspec.html There are client side vulnerabilities and server side vulnerabilities in IRC software much like anything else. -- Chris Green <cmg () dok org> Don't use a big word where a diminutive one will suffice. ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- IRC protocols and insecurity proc ps (Sep 07)
- Re: IRC protocols and insecurity Chris Green (Sep 08)
- Re: IRC protocols and insecurity Jose Maria Lopez (Sep 09)
- Re: IRC protocols and insecurity DokFLeed.Net (Sep 09)
- Re: IRC protocols and insecurity Barrie Dempster (Sep 11)
- Re: IRC protocols and insecurity David Coppa (Sep 14)
- Re: IRC protocols and insecurity Barrie Dempster (Sep 11)
- RE: IRC protocols and insecurity Rob Shein (Sep 13)
- <Possible follow-ups>
- RE: IRC protocols and insecurity Todd Towles (Sep 10)