Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: IRC protocols and insecurity
From: "Rob Shein" <shoten () starpower net>
Date: Sun, 12 Sep 2004 23:36:33 -0400

You have a few basic potential threats from IRC...

1, Everything is in the clear, so you could potentially run into privacy
issues if your network is structured such that one system could sniff the
traffic of another.

2, The most common client on the win32 platform, mIRC, has a very powerful
scripting engine, which has been subverted (for years) by various IRC-based
worms as time goes on.  There are security settings (now on by default in
recent versions of the client, I should add) that can mitigate this risk.
The client itself is fairly mature and well-written, but nonetheless it has
been subject to attack in the past.

3, Obviously, as files can be shared via IRC (using the DCC protocol as
others have pointed out) this can become an additional vector for malware.
Antivirus scanning at the desktop (also pointed out by others) is your
simplest defense against this, as you should be doing this already.

On another note, I might suggest an alternative option to standard IRC.  I
don't know your exact needs, but you might want to look into SILC, which has
been designed from the ground-up to be a secure replacement for IRC.
http://www.silcnet.org/ is their site, and it's pretty clever.

-----Original Message-----
From: proc ps [mailto:procps () softhome net] 
Sent: Monday, September 06, 2004 9:00 AM
To: pen-test () securityfocus com
Subject: IRC protocols and insecurity


Hello,

I've been looking for any white papers that describe the 
security/technical aspects of the IRC protocol, but so far just found 
mIRC exploits and insecurities.

I'm trying to secure a building network based on an OpenBSD 
3.5 server 
and Win32 clients.

As the clients purpose are just for file sharing, email, internet 
access, instant messaging and some irc usage for the students.

How can I secure/scan for virii what the members are downloading via 
IRC? How about the possibilities of hijacking connections via 
IRC? What 
are the threats that can come to this network via the IRC protocol?

Thanks and best regards.

-- 



--------------------------------------------------------------
----------------
Ethical Hacking at the InfoSec Institute. All of our class 
sizes are guaranteed to be 12 students or less to facilitate 
one-on-one interaction with one of our expert instructors. 
Check out our Advanced Hacking course, learn to write 
exploits and attack security infrastructure. Attend a course 
taught by an expert instructor with years of in-the-field pen 
testing experience in our state of the art hacking lab. 
Master the skills of an Ethical Hacker to better assess the 
security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---




------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]