IRC security services research

alyx · none Joined: 04 Nov 2010 Posts: 6

Hi all, I'm doing some research on IRC "security" services, and I'm curious: how many of you have actually had decent results when it comes to blocking open proxies due to port scanning incoming hosts (via BOPM, Omega, or whatever)? Also, if you have any other thoughts on these types of things, or really anything relating to irc security services, I'd love to get your comments! Thanks Smile

mouselike · Idler Joined: 09 Dec 2003 Posts: 380 Location: IRC

Hi there.

I think it not so much we've had luck with port scanning but more to-do with proxy/socks scanning. We find that open port's on a client's computer can pose no immediate threat to our network no more than a bnc set-up on a public shared server, it also becomes the responsibility of the computer / server owner to ensure the safety of that machine to which is beyond any irc operator control other than not to reveal their ip to make them more susceptible to intruders, thus an open port doesn't necessary mean a threat that should be acted on Smile

The real threat is insecure proxies and socks servers, which bopm and charybdis built in scanner do a wonderful job of catching, however I wouldn't say they are 100% effective as it does rely on available dnsbl's, frequently updated and reported new insecure sites.

Then there is the issue of botnet's which can slip passed most security services i find, defender alone is a threat in it's own due to the exploit but omega I can't comment on as i've never used it. bopm wont intercept a botnet either if it doesn't use a open proxy or get caught by any dnsbl if it aint black listed, normally in most cases with botnet's the host in which they are coming from is on a dynamic ip address anyway so renders black listing worthless.

In theory