Great Circle Associates Firewalls
(July 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: IRC and Firewalls
From: peter @ baileynm . com (Peter da Silva)
Date: Sun, 7 Jul 1996 16:32:11 -0500 (CDT)
To: gordy @ nytimes . com (Gordy Thompson)
Cc: peter @ baileynm . com, mazzoni @ infogroup . iunet . it, firewalls @ GreatCircle . COM
In-reply-to: <Pine . OSF . 3 . 92 . 960707171326 . 16396B-100000 @ mailgate . nytimes . com> from "Gordy Thompson" at Jul 7, 96 05:15:39 pm 
> 	Do you think you could elaborate on this just a bit? In
> particular, assuming that there is a desire to relay IRC through a
> firewall (and without arguing the validity of that desire, for the moment
> at least), is there any approach that could be taken to reduce this risk,
> short of just not allowing it at all?

First of all, DCC can be from any port to any port. It's a point-to-point
connection between clients bypassing the IRC network completely, so you'd
have to write a proxy that grokked the protocol and pretended to be the
client, like the FTP proxies do, and ran on the firewall... or open up a
huge range of ports.

Second, it's way open to "social engineering" attacks. That's as big a
problem as the technical one.
Follow-Ups:
References:
Indexed By Date Previous: Re: IRC and Firewalls
From: Gordy Thompson <gordy @ nytimes . com>
Next: Re: IRC and Firewalls
From: Darren Reed <avalon @ coombs . anu . edu . au>
Indexed By Thread Previous: Re: IRC and Firewalls
From: Gordy Thompson <gordy @ nytimes . com>
Next: Re: IRC and Firewalls
From: Gordy Thompson <gordy @ nytimes . com>
Google
 
Search Internet Search www.greatcircle.com