So, if the firewall is set up securely so that ports above 1024 are not unfiltered and a "helper application" is in place to help with DCC, then IRC is not "inherently insecure"?
Stephen Frost wrote:
* Jesse W. Asher ([EMAIL PROTECTED]) wrote:Someone recently indicated to me that they believed that natting IRC through a firewall was "inherently insecure" and I wanted to get opinions on that statement. I guess, in my mind, it isn't any more or less secure than any other service natted through the firewall - it all depends on how comfortable you feel with the inherent security of the client/tool that you're using.Comments?The client/tool is one thing but I think what they were probably getting at is the issue of DCC. The problem with DCC is that it expects to be able to reach any >1024 port on the remote system. The two clients work out, over the IRC network, the ports to use. If your firewall doesn't allow connections to high ports outbound or inbound, and you don't use some kind of IRC helper in your firewall, then DCC won't work. This may be acceptable to you but some people feel they need DCC. Using an IRC helper in your firewall can mitigate these problems some. They can't fix everything though because of the way in which the DCC protocol works. A user using DCC can potentially allow a scan of the high ports on at least the machine they're IRC'ing from. Unfortunately I'm not very familiar with the internals of the netfilter IRC-helper module or what checks it does but there are some things it has no way to know due simply to where it has to be and what it gets to see. I havn't heard of many people getting attacked in such a way though so the chances of you being exploited in that way are probably pretty slim. Unless you have someone going for you specifically using an IRC helper will probably be enough. Most attackers are going for 'easy' targets, things they can sweep large network blocks for; such as the recent OpenSSH holes, various Windows-based services, etc. Stephen
-- Jesse W. Asher "They that can give up essential liberty to purchase a little temporary safety, deserve neither liberty or safety." - Benjamin Franklin
