Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Published byAlyson Melton Modified over 8 years ago

Similar presentations

Presentation on theme: "Internet Relay Chat Chandrea Dungy Derek Garrett #29."— Presentation transcript:

1 Internet Relay Chat Chandrea Dungy Derek Garrett #29

2 What is it Allows multiple users to chat with each other (chat rooms). Beneficial for companies by avoiding fees through long distance and conference calls via telephone. Negative since IRC consumes bandwidth, uses CPU cycles slowing down computer activity, and host incurs cost of IRC activity from rogue users.

3 Protocol Client/Server model Server establishes a socket for communications per client’s request Server maintains server-to-server communications in an IRC network. Clients can gain information about other servers and clients within IRC Network using queries.

4 How Intruders Use IRC Frequently use IRC to share compromised passwords, warez, exploitable information, exploit tools, pornography and vulnerabilities associated with certain sites. Favorite targets of IRC intruders are high-bandwidth Internet connections and high-speed systems with large disk space and plenty of memory.

5 Intruder Precautions and Techniques Consistently check for signs they are being monitored. Consistently check if system administrator is on-line. Gain more privileges by exploiting a vulnerability through a previously installed backdoor. Remove their presence from log files. Create a hidden directory just below root file system. Download their tools to a hidden directory Install Trojan binaries or runtime modules to hide presence and processes they are running.

6 Intruder Activity Almost impossible to detect intruders once they have gone through precautions and techniques. Sets up an invitation only channel for other intruders. Obtain copy of password file to be cracked off-line. Cracked passwords and logins traded in the intruder community.

7 Escape Plans if Detected Bailing out of the network. Trick DNS server in caching bogus hostname or address to make it more difficult to trace activity. Remove evidence of activity, install a network sniffer, Trojan important system binary files and leave quietly. Create a new account in case vulnerability is removed. Trojan the login process so it will allow intruder to login the next time.

8 How to Detect IRC Activity Check for evidence of IRC activity Monitor network traffic

9 Evidence of IRC Activity Look for suspicious hidden directories below root directory. Look for IRC files Eggdrop, mIRC, Pirch, Virc for Windows Homer and Ircle for Mac’s IRC support files that list servers, clients, and channels. Look for tool named datapipe.c Look for pornography

10 Monitor Network Traffic Analyze network traffic, searching for patterns similar to IRC traffic. IRC server is sending packers from a particular point to all channel clients. Network analyzer must keep track of packet header information regarding the source & destination address, port number and packet type.

11 Monitor Network Traffic Look at the content of each packet to match data against set of user defined strings. NICK – client’s nickname USER – user name PASS – password JOIN – joining a channel OPER – regular user wants to become channel operator PRIVMSG – private message

12 Recent trends of IRC Intruders using private channels. Using encryption as additional precautions. Eliminates any hope for successful packet content analysis strategies

13 The IRC Lab Denial of Service Attack using diemIRC Use mIRC scripting to create a backdoor

14 diemIRC Listens to port 6667 (used by IRC) for incoming connections. Crashes the victims mIRC session according to chosen exploit.

15 DoS Attacks Often more annoying than technically eloquent Most likely used by a “script kiddie” but more advanced attackers may use them as part of a large scale attack. Close unused ports, use a firewall, and update software for protection.

16 IRC backdoors Remote access tool IRC client acts as the backdoor client get a limited access to an infected system and modify, upload, download and run files Some IRC backdoors have additional functionalities that allow a hacker to perform malicious actions in IRC channels and in some cases can allow an attacker to completely take over an IRC channel

Download ppt "Internet Relay Chat Chandrea Dungy Derek Garrett #29."

Similar presentations

MASK. Agenda Introduction –IRC prelude –What is IRC? –How does IRC work? Architecture –Client/Server –IRC commands –3 major types of communication on.

MASK. Agenda Introduction –IRC prelude –What is IRC? –How does IRC work? Architecture –Client/Server –IRC commands –3 major types of communication on.
WARNING ! The system is either busy or has been unstable. You can wait and See if it becomes available again, or you can restart your computer. *

WARNING ! The system is either busy or has been unstable. You can wait and See if it becomes available again, or you can restart your computer. *
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 
Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.

Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
DDos Distributed Denial of Service Attacks by Mark Schuchter.

DDos Distributed Denial of Service Attacks by Mark Schuchter.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Similar presentations

Ads by Google