Full Disclosure mailing list archives

Re: irc over ssl

From: Maarten <fulldisc () ultratux org>
Date: Mon, 24 May 2004 13:12:58 +0200

On Monday 24 May 2004 12:41, Giannakis Eleftherios wrote:

Hello everybody,

are there any known issues concerning rootkits, backdoors, cmd execution
concerning an irc(with ssl) client ? I use the irssi client to conect to a
irc server with ssl.Is there a way for the admins of the irc server to
open/intrude somehow to my pc(through the high port that the client opens
to conect to the server)? The server listens to TCP port 9999.
Thanks a lot!


I cannot comment on your specific setup, but be aware that irc, by its very 
nature, can pose a hazard.  For instance through an exploitable local script, 
getting someone to run something with social engineering, and a whole bag of 
tricks in DCC connections, depending on how bugfree your client is...

There is also the issue of stepping on the wrong toes and possibly getting 
DDoS'ed out of existence by some 'l33t irc g0d', but that is not a security 
hole, it's more of a social thing.

-- 
Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

irc over ssl Giannakis Eleftherios (May 24)
- Re: irc over ssl Maarten (May 24)
- Re: irc over ssl Dave Howe (May 24)
  - Re: irc over ssl Denis Solaro (May 24)
    - Re: irc over ssl Ron DuFresne (May 24)
- Re: irc over ssl Mortis (May 24)
- <Possible follow-ups>
- Re: irc over ssl adam (May 24)
  - Re: irc over ssl Valdis . Kletnieks (May 24)
    - RE: irc over ssl Lionel Hendricks (May 24)
    - RE: irc over ssl Ron DuFresne (May 24)
    - Re: irc over ssl Dave Howe (May 25)
    - Re: irc over ssl Denis Solaro (May 25)

(Thread continues...)