Re: [PEN-TEST] IRC

["Drie, Arie" <arjen () TRIVIAL 3VA NET>]

On Thu, 22 Feb 2001, Beauregard, Claude Q wrote:

> Does anyone know where I can get good documentation on the weakness of IRC
> and how allowing such a service through the firewall can compormise
> security.

In addition to what has been said in the other replies to this:

IRC is nasty for security. If you want to allow it, educate your users and
be very strict with them. VERY! Put the whip in the corner for them too
see ;)

Since DCC uses a random port you cannot block it without making pretty
much all other traffic impossible:

Tell your users
NEVER to accept DCC sends
NEVER to do a DCC send

DCC chat is pretty ok IMHO.

Once i set up IRC clients for a conference. Instead of using a regular
client, i ran a script on an internal webserver (accessible through a
browser) which *only* allowed standard IRC. This solved pretty much all my
security problems. Clients use port 80 to connect with the script; the
script does the IRC connect. Luckily i knew some undernet ops, because you
might run into another problem here: multiple clients. This can be a
problem anyway when you do masquerading of your internal network.

There are quite a few scripts and java applets to help you here.

I assume you do not have Linux or other opensource clients, 'cos in that
case you might wanna hack into an IRC clients' source a bit to disable DCC
alltogether.

Last but not least: your question is not entirely clear. If you mean by
'allowing such a service' running an IRC server you are in for another
ballgame...

Grtz,


./arjen -v
v3

---------------------------------------------------
| while ( != a_funny_quote(); ) a_wise_expression(); |
---------------------------------------------------