In some mail from Joseph L. Moll, sie said:
[...]
> In short, a machine outside your firewall can cause a machine inside your
> firewall to contact it as long as it is connected to the IRC server via the
> DCC connection protocol. Once connected via DCC, files can be exchanged, etc.
Just to be picky, DCC is typically never initiated automatically and then
only if the user configures it thus so it is not possible for any single
machine to make any other do anything. Well, the Unix clients are like this
(that I've used) and I trust that others haven't been silly enough to make
DCC work automatically...
Although I wouldn't trust this to always be the case, there is a disturbingly
large number of people who delight in making other users configure their
client in a way to turn them into security problems (or disasters),
including trojan scripts which have given people shell access with IRC used
as the "connection".
Follow-Ups:
References:
|
|
