Home page logo
/

basics logo Security Basics mailing list archives

Re: Blocking IRC Access
From: Tim Syratt <tims () syratt com>
Date: Tue, 18 Nov 2003 10:39:40 +1100 (EST)

Hi Mike,

Jeff is correct. I run an IRC server that sits on a 10,000 user network
and the amount of open proxies that are used as BNC's, particularly from within
networks is incredible.

I'd perhaps think about looking at your network, considering what you
REALLY need your users to access.. Focus on each department individually
and their needs, put it on paper and impliment (if you dont already) some
VLANS with controlled access.. Perhaps even look at Cisco URT if you need
to dynamically assign VLANs on login.

You also need to look at your servers inside your lan, and make sure none
of them can be used to bounce outside the firewall (proxy servers, http
servers etc) on an obscure port and over to an IRC network..

Good Luck!

Tim Syratt


On Mon, 17 Nov 2003, J. Bilder wrote:

Irc isn't the easiest to close.  If they are looking to block IRC, then
they better block all the ports so that people cant BNC to other hosts.
Depending upon how the network is setup, you can BNC on any port to get
outside.  Unless of course the company has a firewall that only allows
proxy sessions from a few hosts, and all other ports are locked down to
servers as well.  Then it would be especially hard to get outside.  They
would probably also be looking for someone scanning the firewall to see
where they could potentially find an open port to get out on as well.

HTH

- Jeff


On Mon, 2003-11-17 at 14:46, Mike wrote:
Hi All,
I'm looking at moving my career towards security, so was interested when I
received an email from our security department that stated they would be
blocking IRC by closing ports 6665-6669.

I would have thought a lot more ports would need to be closed if the secops
wanted to completely block IRC.

What is the "best" way to disable access to IRC?

Block known ports, what ports would need to be blocked?

Or just drop packets, how would that be done?

We use Cisco equipment and are primarily a win2k 70% winxp 30% site

Like I said I'm wanting to move into security, but at the moment I wouldn't
even class myself as a novice.

Any input I could get from this list will be very much appreciated!

Thanks
Mike



---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to
simplify the management and deployment of PGP and reduce overall PGP costs
by up to 80%.
FREE WHITEPAPER & 30 Day Trial -
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to
simplify the management and deployment of PGP and reduce overall PGP costs
by up to 80%.
FREE WHITEPAPER & 30 Day Trial -
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]