Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: IRC protocols and insecurity
From: Chris Green <cmg () dok org>
Date: Wed, 08 Sep 2004 14:15:48 -0400

proc ps <procps () softhome net> writes:

[snip]
As the clients purpose are just for file sharing, email, internet
access, instant messaging and some irc usage for the students.
[snip]
How can I secure/scan for virii what the members are downloading via
IRC? How about the possibilities of hijacking connections via IRC?
What are the threats that can come to this network via the IRC
protocol?

The File transfer capabilities of IRC are implemented using the DCC
protocol.  DCC was an addon after IRC was created that transmits port
information across the messages between clients and then one client
connects to the other client without using the server at all.  

http://www.irchelp.org/irchelp/rfc/dccspec.html

There are client side vulnerabilities and server side vulnerabilities
in IRC software much like anything else. 
-- 
Chris Green <cmg () dok org>
Don't use a big word where a diminutive one will suffice.

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]