RE: IRC protocols and insecurity

["Rob Shein" <shoten () starpower net>]

You have a few basic potential threats from IRC...

1, Everything is in the clear, so you could potentially run into privacy
issues if your network is structured such that one system could sniff the
traffic of another.

2, The most common client on the win32 platform, mIRC, has a very powerful
scripting engine, which has been subverted (for years) by various IRC-based
worms as time goes on.  There are security settings (now on by default in
recent versions of the client, I should add) that can mitigate this risk.
The client itself is fairly mature and well-written, but nonetheless it has
been subject to attack in the past.

3, Obviously, as files can be shared via IRC (using the DCC protocol as
others have pointed out) this can become an additional vector for malware.
Antivirus scanning at the desktop (also pointed out by others) is your
simplest defense against this, as you should be doing this already.

On another note, I might suggest an alternative option to standard IRC.  I
don't know your exact needs, but you might want to look into SILC, which has
been designed from the ground-up to be a secure replacement for IRC.
http://www.silcnet.org/ is their site, and it's pretty clever.

> -----Original Message-----
> From: proc ps [mailto:procps () softhome net] 
> Sent: Monday, September 06, 2004 9:00 AM
> To: pen-test () securityfocus com
> Subject: IRC protocols and insecurity
>
>
> Hello,
>
> I've been looking for any white papers that describe the 
> security/technical aspects of the IRC protocol, but so far just found 
> mIRC exploits and insecurities.
>
> I'm trying to secure a building network based on an OpenBSD 
> 3.5 server 
> and Win32 clients.
>
> As the clients purpose are just for file sharing, email, internet 
> access, instant messaging and some irc usage for the students.
>
> How can I secure/scan for virii what the members are downloading via 
> IRC? How about the possibilities of hijacking connections via 
> IRC? What 
> are the threats that can come to this network via the IRC protocol?
>
> Thanks and best regards.
>
> -- 
>
>
>
> --------------------------------------------------------------
> ----------------
> Ethical Hacking at the InfoSec Institute. All of our class 
> sizes are guaranteed to be 12 students or less to facilitate 
> one-on-one interaction with one of our expert instructors. 
> Check out our Advanced Hacking course, learn to write 
> exploits and attack security infrastructure. Attend a course 
> taught by an expert instructor with years of in-the-field pen 
> testing experience in our state of the art hacking lab. 
> Master the skills of an Ethical Hacker to better assess the 
> security of your organization.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---




------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------