Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Published byAsher Warren Modified over 9 years ago

Similar presentations

Presentation on theme: "Internet Relay Chat Security Issues By Kelvin Lau and Ming Li."— Presentation transcript:

1 Internet Relay Chat Security Issues By Kelvin Lau and Ming Li

2 What is IRC? Internet Relay Chat is one of the most popular and most interactive services on the Internet. Using an IRC client (program) you can exchange text messages interactively with other people all over the world.

3 What is IRC? Benefits  Allows chat and file sharing  Companies can avoid fees from long distance and conference calls Drawbacks  Consumes bandwidth  Means of spreading worms  Susceptible to flooding  Can be embedded in trojans and act as a hostile server unnoticed

4 Protocol Server/Client model Allows DCC (Direct Computer-to- Computer) connections  DCC connections bypass server for direct chat and file-transfers between clients

5 Usage Users connect to a public IRC server Join channels Chat with other users Share files through DCC connections

6 How is IRC used for malicious purposes? Malicious users can privately exchange exploit information  Passwords  Warez (Pirated Software)  Vulnerability Information  Attacker Tools Viruses, Worms, Flooders

7 Intruder Detection Avoidance Checking that server administrators are offline Exploiting backdoors to gain administrator control Erasing presence from log files. Uploading tools to hidden directories Hiding tools in trojans to run processes in background

8 How is IRC exploited? Servers have little control over DCC file transfers IRC is not confined to a specific infrastructure, so completely private networks can be created  Common method for communication between attackers  Sets up an invitation only channel for other intruders.

9 Distributed Denial of Service Distributed Denial of Service (DDOS) attacks  Clone/Flood/War bots simulate multiple users connected to a channel  Bots spread and infect hundreds of computers that log into the channel  Attacker sends a command through IRC causing all bots to simultaneously flood packets to a target  Attacks can use UDP, TCP, ICMP and SYN packets

10 Distributed Denial of Service Major company servers have been shut down by DDOS attacks (Yahoo, eTrade, Amazon.com, DALnet)

11 What if your server is being attacked, right now? If the attacker uses ICMP packets, make sure your server does not reply to ICMP packets or install a firewall Set the amount of connections per IP Address to 1 connection, or ban the IP Addresses of the bots Have as few services as possible running, and switch of services such as FTP Keep your software up to date

12 IRC Lab Setup IRC Server  Linux-based Unreal IRC server  Will modify configuration file for own use IRC Client  PolarisX based on popular mIRC client  Runs on Windows Kaiten DDoS program  Generates IRC bots  Capable of various flood attacks and spoofing

13 IRC Lab Goals What you will do in the lab  Set up Linux IRC server and Windows clients  Initiate chat and file transfers  Perform and analyze IRC DDoS attacks

14 Questions?

Download ppt "Internet Relay Chat Security Issues By Kelvin Lau and Ming Li."

Similar presentations

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.

Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.

Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.
DDos Distributed Denial of Service Attacks by Mark Schuchter.

DDos Distributed Denial of Service Attacks by Mark Schuchter.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.

Similar presentations

Ads by Google