Penetration Testing: Re: IRC protocols and insecurity

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: IRC protocols and insecurity

From: Barrie Dempster <barrie () reboot-robot net>
Date: Thu, 09 Sep 2004 22:40:03 +0100

On Thu, 2004-09-09 at 05:58, DokFLeed.Net wrote:

I think everything flyes in readable text

<snip>

a Sniffer on the server will see all the communications


You can setup most IRC servers with an SSL option and you could force
users to use this, therefore it would all be encrypted.

If you pick a well maintained actively developed IRC server, it will be
just as secure as any other service you run, in essence. Also running
the server locally rather than using MSN or other clients that rely on
external servers will mean you can A: trust the servers fully and B:
control them and maintain them yourself.

If you want to have intra-company communication, bulletin boards and IRC
isn't a bad choice.
-- 
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

Attachment: signature.asc
Description: This is a digitally signed message part

By Date By Thread

Current thread:

IRC protocols and insecurity proc ps (Sep 07)
- Re: IRC protocols and insecurity Chris Green (Sep 08)
- Re: IRC protocols and insecurity Jose Maria Lopez (Sep 09)
- Re: IRC protocols and insecurity DokFLeed.Net (Sep 09)
  - Re: IRC protocols and insecurity Barrie Dempster (Sep 11)
    - Re: IRC protocols and insecurity David Coppa (Sep 14)
- RE: IRC protocols and insecurity Rob Shein (Sep 13)
- <Possible follow-ups>
- RE: IRC protocols and insecurity Todd Towles (Sep 10)