Internet Relay Chat - PowerPoint PPT Presentation

omer
internet relay chat l.
Skip this Video
Loading SlideShow in 5 Seconds..
Internet Relay Chat PowerPoint Presentation
Download Presentation
Internet Relay Chat

share
play prev play next
play fullscreen
1 / 14
Download Presentation
Internet Relay Chat
1001 Views
Download Presentation

Internet Relay Chat

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Internet Relay Chat Security Issues By Kelvin Lau and Ming Li

  2. What is IRC? • Internet Relay Chat is one of the most popular and most interactive services on the Internet. • Using an IRC client (program) you can exchange text messages interactively with other people all over the world.

  3. What is IRC? • Benefits • Allows chat and file sharing • Companies can avoid fees from long distance and conference calls • Drawbacks • Consumes bandwidth • Means of spreading worms • Susceptible to flooding • Can be embedded in trojans and act as a hostile server unnoticed

  4. Protocol • Server/Client model • Allows DCC (Direct Computer-to-Computer) connections • DCC connections bypass server for direct chat and file-transfers between clients

  5. Usage • Users connect to a public IRC server • Join channels • Chat with other users • Share files through DCC connections

  6. How is IRC used for malicious purposes? • Malicious users can privately exchange exploit information • Passwords • Warez (Pirated Software) • Vulnerability Information • Attacker Tools • Viruses, Worms, Flooders

  7. Intruder Detection Avoidance • Checking that server administrators are offline • Exploiting backdoors to gain administrator control • Erasing presence from log files. • Uploading tools to hidden directories • Hiding tools in trojans to run processes in background

  8. How is IRC exploited? • Servers have little control over DCC file transfers • IRC is not confined to a specific infrastructure, so completely private networks can be created • Common method for communication between attackers • Sets up an invitation only channel for other intruders.

  9. Distributed Denial of Service • Distributed Denial of Service (DDOS) attacks • Clone/Flood/War bots simulate multiple users connected to a channel • Bots spread and infect hundreds of computers that log into the channel • Attacker sends a command through IRC causing all bots to simultaneously flood packets to a target • Attacks can use UDP, TCP, ICMP and SYN packets

  10. Distributed Denial of Service • Major company servers have been shut down by DDOS attacks (Yahoo, eTrade, Amazon.com, DALnet)

  11. What if your server is being attacked, right now? • If the attacker uses ICMP packets, make sure your server does not reply to ICMP packets or install a firewall • Set the amount of connections per IP Address to 1 connection, or ban the IP Addresses of the bots • Have as few services as possible running, and switch of services such as FTP • Keep your software up to date

  12. IRC Lab Setup • IRC Server • Linux-based Unreal IRC server • Will modify configuration file for own use • IRC Client • PolarisX based on popular mIRC client • Runs on Windows • Kaiten DDoS program • Generates IRC bots • Capable of various flood attacks and spoofing

  13. IRC Lab Goals • What you will do in the lab • Set up Linux IRC server and Windows clients • Initiate chat and file transfers • Perform and analyze IRC DDoS attacks

  14. Questions?