[ubuntu-uk] IRC security mention in Ubuntu Weekly News 27

Michael Wood admin at x3n.me.uk
Mon Jan 15 18:26:14 GMT 2007


alan c wrote:
> I  have only used IRC a few times, and have only a vague idea of the 
> issues around it. I noyice in UWN 27 that
> =====
> If you are using IRC to connect to any of the Ubuntu IRC channels, the 
> IRC Operator's Team would like to inform you that to make your 
> connection secure you should use port 8001 when connecting to any of 
> the Freenode servers. There has been a recent surge in people 
> exploiting vulnerable routers of IRC users. Using port 8001 will 
> prevent you from being disconnected from one of these DCC attacks. It 
> is also recommended that you download and install the latest firmware 
> for your router. Do note that all these attacks do is disconnect you 
> from the IRC server. So to avoid being banned from a channel due to 
> join and part flooding, fix your settings now.
> =====
>
>   
These kinds of attacks are quite rare and do not damage your system they 
are just cause inconvenience to the user.

They also only effect certain models and makes of (broadband) router.

Effectively what the attacker does is send some malformed packets (data) 
to your internet IP address via IRC (using DCC),
a few routers have bugs in their firmware (the on-board software) which 
don't deal with these malformed packets
correctly and the connection gets reset.

Port 8001 is immune to this attack which is why they are recommending 
it. In your irc clients stored server settings you can usually
change which port it uses to connect.

> I presume the port used is fairy easy to examine by each user, however 
> the comment about router firmware suggests more complications for 
> users who are not really very technically experienced (I include 
> myself here).
>
>   
If you're rarely on IRC I wouldn't give this much thought.
> I trust that this list can keep patience in mind and as ever be 
> patient with handholding (me) when  time is available to sort out this 
> issue?
> tia
>   


-- 
/\/\ichael [ email at michaelwood.me.uk  ]
  \/\/ood  [ http://michaelwood.me.uk ]




More information about the ubuntu-uk mailing list