Penetration Testing mailing list archives
RE: IRC protocols and insecurity
From: "Rob Shein" <shoten () starpower net>
Date: Sun, 12 Sep 2004 23:36:33 -0400
You have a few basic potential threats from IRC... 1, Everything is in the clear, so you could potentially run into privacy issues if your network is structured such that one system could sniff the traffic of another. 2, The most common client on the win32 platform, mIRC, has a very powerful scripting engine, which has been subverted (for years) by various IRC-based worms as time goes on. There are security settings (now on by default in recent versions of the client, I should add) that can mitigate this risk. The client itself is fairly mature and well-written, but nonetheless it has been subject to attack in the past. 3, Obviously, as files can be shared via IRC (using the DCC protocol as others have pointed out) this can become an additional vector for malware. Antivirus scanning at the desktop (also pointed out by others) is your simplest defense against this, as you should be doing this already. On another note, I might suggest an alternative option to standard IRC. I don't know your exact needs, but you might want to look into SILC, which has been designed from the ground-up to be a secure replacement for IRC. http://www.silcnet.org/ is their site, and it's pretty clever.
-----Original Message----- From: proc ps [mailto:procps () softhome net] Sent: Monday, September 06, 2004 9:00 AM To: pen-test () securityfocus com Subject: IRC protocols and insecurity Hello, I've been looking for any white papers that describe the security/technical aspects of the IRC protocol, but so far just found mIRC exploits and insecurities. I'm trying to secure a building network based on an OpenBSD 3.5 server and Win32 clients. As the clients purpose are just for file sharing, email, internet access, instant messaging and some irc usage for the students. How can I secure/scan for virii what the members are downloading via IRC? How about the possibilities of hijacking connections via IRC? What are the threats that can come to this network via the IRC protocol? Thanks and best regards. -- -------------------------------------------------------------- ---------------- Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- IRC protocols and insecurity proc ps (Sep 07)
- Re: IRC protocols and insecurity Chris Green (Sep 08)
- Re: IRC protocols and insecurity Jose Maria Lopez (Sep 09)
- Re: IRC protocols and insecurity DokFLeed.Net (Sep 09)
- Re: IRC protocols and insecurity Barrie Dempster (Sep 11)
- Re: IRC protocols and insecurity David Coppa (Sep 14)
- Re: IRC protocols and insecurity Barrie Dempster (Sep 11)
- RE: IRC protocols and insecurity Rob Shein (Sep 13)
- <Possible follow-ups>
- RE: IRC protocols and insecurity Todd Towles (Sep 10)