Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: IRC protocols and insecurity
From: "DokFLeed.Net" <dokfleed () dokfleed net>
Date: Thu, 9 Sep 2004 08:58:35 +0400

Heya,
IRC network is great choice, i have been on IRC for some years, its security
depends on whats it serving for you ,

I think everything flyes in readable text
Depending on users, it can help worm spread unless you block all file
transfers.
If you are using mIRC clients with some of its powerful scripting engine,
then Sky is the limit.
DCC either Chat or Send are direct IP , even the normal /Whois will reveal
your IP unless you are using a BNC or other means.
DoS can be easy using IRC , so you have to manage this. restrict it
internaly so students cant load external open proxy clients.
Disable DDE in clients by defaults.
a Sniffer on the server will see all the communications

this is what i can think of now, and you decide how far is it secure for
your own needs.


DokFLeed
Would you rather Hack and go to Jail or Hack and get paid ?!!


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]