[Gllug] Securing IRC ICQ etc.

Andy Smith andy at lug.org.uk
Mon Sep 10 17:41:15 UTC 2001 

On Mon, Sep 10, 2001 at 05:06:19PM +0000, Jim Bailey wrote:
> Hi all,
> 
> since rebuilding our firewall we have stopped IRC/ICQ traffic across it 
> however a number of our users have requested the restoration of the 
> service.

On the IRC side of things...

> According to O'reilly's Building Internet Firewalls:
> 
> Summary of Recommendations for IRC
> 
> "Although it is theoretically possible to proxy IRC or to allow just IRC 
> through filters,

It is not at all hard.  Most modern IRC clients will use a SOCKS 4,
5 or HTTP proxy.

> The questions I would like to ask the esteemed ladies and gentlemen of the 
> list are:
> 
> 1) Can any of you recommend good resources for getting more detailed 
> information on carrying out the above and general ICQ/IRC security.

I'm not aware of any recent "killer" IRC client problems.  Consider
a web browser - it would be theoretically possible (given a broken
enough web browser) to write some nasty HTML which executed code as
the user running the browser -- which might be root if they are
careless.  IRC clients are in that category too, as are mail readers
and all other user applications.

They shouldn't be run as root, and they should be maintained and
kept up to date like any user application.

There was a recent problem with BitchX for example.  It had bad DNS
resolution code that allowed someone with control over what their IP
address resolved as to theoretically force someone BitchX to execute
things.  That's the only one I can really remember from recent
history, you hear far more about security problems with various MUAs
but no one is saying "block all email".

IRC can also be used for filesharing.  Many windows trojans get
installed this way.  Less than get installed via email though, I
suspect, and the defences against it are the same; user education
and possibly a virus checking strategy.

Finally there's the issue of denial of service.  Occasionally you
run across people on IRC who you upset so much that they feel the
need to flood you with enough traffic to take you offline.  Should
that happen, there isn't really a lot you can do about it other than
contact your uplink and ask for filtering, and evidence for when you
contact the police.

Most places that block IRC usage do so because it is seen as a huge
waste of time, not through any real security worry. :)

> 2) Does anyone know of IRC/ICQ clients that have some sort of improved 
> security.

Security from what, though?

As for ICQ, I'm afraid I don't know anything about that.


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list