Penetration Testing mailing list archives
Re: IRC protocols and insecurity
From: Barrie Dempster <barrie () reboot-robot net>
Date: Thu, 09 Sep 2004 22:40:03 +0100
On Thu, 2004-09-09 at 05:58, DokFLeed.Net wrote:
I think everything flyes in readable text
<snip>
a Sniffer on the server will see all the communications
You can setup most IRC servers with an SSL option and you could force users to use this, therefore it would all be encrypted. If you pick a well maintained actively developed IRC server, it will be just as secure as any other service you run, in essence. Also running the server locally rather than using MSN or other clients that rely on external servers will mean you can A: trust the servers fully and B: control them and maintain them yourself. If you want to have intra-company communication, bulletin boards and IRC isn't a bad choice. -- Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- IRC protocols and insecurity proc ps (Sep 07)
- Re: IRC protocols and insecurity Chris Green (Sep 08)
- Re: IRC protocols and insecurity Jose Maria Lopez (Sep 09)
- Re: IRC protocols and insecurity DokFLeed.Net (Sep 09)
- Re: IRC protocols and insecurity Barrie Dempster (Sep 11)
- Re: IRC protocols and insecurity David Coppa (Sep 14)
- Re: IRC protocols and insecurity Barrie Dempster (Sep 11)
- RE: IRC protocols and insecurity Rob Shein (Sep 13)
- <Possible follow-ups>
- RE: IRC protocols and insecurity Todd Towles (Sep 10)