Security Basics mailing list archives

Re: Blocking IRC Access

From: Andreas Haugsnes <andreas () haugsnes no>
Date: Mon, 17 Nov 2003 20:35:06 +0100

On Mon, Nov 17, 2003 at 11:55:21AM -0600, J. Bilder wrote:

Irc isn't the easiest to close.  If they are looking to block IRC, then
they better block all the ports so that people cant BNC to other hosts. 
Depending upon how the network is setup, you can BNC on any port to get
outside.  Unless of course the company has a firewall that only allows
proxy sessions from a few hosts, and all other ports are locked down to
servers as well.  Then it would be especially hard to get outside.  They
would probably also be looking for someone scanning the firewall to see
where they could potentially find an open port to get out on as well.

HTH

- Jeff

Hi,

As is it with, well, pretty much anything. You can tunnel, you can relay,
and ofcourse, you can always reconfigure other endpoints.

The approach 'block everything but the needed' should be assumed, but in
any case, without packet inspection or similiar, it adds up to being just
another loop-hole.

Another aspect would be to determine:

- Who are you blocking?
- How educated are they in the sense of your goals to ensure network security?
- To what extent do you want to go to enforce such rules?

Depending on your needs as a network security advisor, all of these questions will
change. If it's "bad policy to IRC", but no one really bothers to, then just blocking
ports is sufficient. If it's critical that no one uses a specific service, without
the knowledge of the administrators, then packet inspection, as well as intruder-
detection systems should be deployed.

Cheap ways to do this would be to in example deploy caching web proxies, and other
systems that will prevent users from using non-HTTP calls via port 80 (in example).

Though, do not forget, that allmost every protocol has a loop-hole, (i.e. you direct SSL
connections thru the proxy), that removes these features instantly.

All in all - Read up on the protocols that you choose to allow on your network, and look
for any connection methods that will not be logged, and or prevented in your configuration.

Best Regards
--
|------------------------------------------------------|
|Andreas Haugsnes andreas () haugsnes no|
|Unixcore Inc. 22416540 99152326|
|PGP 0xCDBD3C22 [pubkey: finger://unixcore.com/andreas]|
|------------------------------------------------------|

Attachment: _bin
Description:

Current thread:

Blocking IRC Access Mike (Nov 17)
- Re: Blocking IRC Access J. Bilder (Nov 17)
  - Re: Blocking IRC Access Andreas Haugsnes (Nov 17)
  - Re: Blocking IRC Access Tim Syratt (Nov 18)
- RE: Blocking IRC Access JM (Nov 18)
- <Possible follow-ups>
- SV: Blocking IRC Access Thomas Westlund (Nov 17)
- Re: Blocking IRC Access getting_out (Nov 19)