| Re: anyone looking to rent server PLEASE READ!!! [message #223729 is a reply to message #222790] |
Sat, 30 September 2006 13:16   |
fl00d3d
Messages: 1107
Registered: August 2003
Location: Iowa, USA
Karma: 0
|
General (1 Star)
Viva la Resistance! |
|
|
| Quote: |
...Yeah because you can magically sniff client info out when you're not the server...
|
| Quote: |
...plaintext chat protocol...
|
That is where the problem starts.
You do not have to be on any server to sniff out its traffic. You simply have to be on its network segment. Hook your computer up to a hub and plug another computer into it -- then sniff out port 6667 on it and see what you come up with.  And for the record, not even SSL is secure anymore. Additionally, IRC likes to wrap up all kinds of information about its clients and hand them out to any users by default (ie. whois).
IRC6 http://www.irc.org/irc6.html I never claimed it was in the TCP stack. I'm not confused. Ironically I was going to ask you to post your seven layers of the model, but then I thought "any numbnut can google information". Again, I'm not saying you don't know what you're talking about -- but you're really going off the deep end insisting that IRC isn't insecure. And for the record, I never once said that the other protocols were any more/less secure. Though I do think that IRC has no place on a secure network. Other protocols have more control information and well-established signatures that can be filtered by IDS's. IRC does, too, but as you've pointed out yourself it is a different kind of protocol.
You went through the trouble of listing out your certifications which apparently makes you a resident expert of security. So tell me, how many servers have you hacked? How many times have you exploited the IRC protocol? How many times have you done 'penetration testing' professionally?
|
|
|
|
| Re: anyone looking to rent server PLEASE READ!!! [message #223732 is a reply to message #222790] |
Sat, 30 September 2006 13:20 |
 |
xptek
Messages: 1410
Registered: August 2004
Location: USSA
Karma: 0
|
General (1 Star) |
|
|
It's supposed to be a plaintext chat protocol. That's kind of the point.
I'd suggest you reevaluate your "insecure" judgement when you've developed a few IRCds yourself.
| Quote: |
You went through the trouble of listing out your certifications which apparently makes you a resident expert of security. So tell me, how many servers have you hacked? How many times have you exploited the IRC protocol? How many times have you done 'penetration testing' professionally?
|
What? Why would I hack a server because I have some retarded certs?
| Quote: |
Hook your computer up to a hub and plug another computer into it -- then sniff out port 6667 on it and see what you come up with.
|
Sniff port 80, change your forums password, and see what you come up with.
Oh and maybe use a switch so your data isn't blasted to every computer on the hub and its uncle?
cause = time
[Updated on: Sat, 30 September 2006 13:23] Report message to a moderator |
|
|
|
|
|
| Re: anyone looking to rent server PLEASE READ!!! [message #223737 is a reply to message #223732] |
Sat, 30 September 2006 13:30 |
fl00d3d
Messages: 1107
Registered: August 2003
Location: Iowa, USA
Karma: 0
|
General (1 Star)
Viva la Resistance! |
|
|
| xptek wrote on Sat, 30 September 2006 16:20 |
It's supposed to be a plaintext chat protocol. That's kind of the point.
I'd suggest you reevaluate your "insecure" judgement when you've developed a few IRCds yourself.
|
That is the point of the protocol: to be an insecure plaintext protocol. And because you have worked with IRCd doesn't make you a security expert on it.
| xptek wrote on Sat, 30 September 2006 16:20 |
What? Why would I hack a server because I have some retarded certs?
|
I was making a point ... and that point was, that just because you know something about servers, services, or protocols doesn't mean that you understand the security risks with it. I, on the other hand, have done all of those things and have a lot of experience with "hacking". And not the script kiddie, "lets download a point-and-click port flooder" kind of hacking either. That doesn't count.
| xptek wrote on Sat, 30 September 2006 16:20 |
Sniff port 80, change your forums password, and see what you come up with. Oh and maybe use a switch so your data isn't blasted to every computer on the hub and its uncle?[/size]
|
Dedicated servers are usually hooked up to their own port on a switch, yes. But ports can be mirrored, clients can be compromised, and you still have a protocol with no built-in security to stop things like 'Joe Anonymous' from whois'ing your IP/hosting/etc. information or sending you .exe's cuz you're a dumbass and you accepted the file. It's definitely not built to be secure. Thus why any intelligent host would be selective about how they permit the protocol on their network.
| Yoshimitsu wrote on Sat, 30 September 2006 16:22 |
That only works if you're physically in between the the client computer and the modem.
|
You wouldn't be more wrong. ^^
|
|
|
|
| Re: anyone looking to rent server PLEASE READ!!! [message #223742 is a reply to message #223737] |
Sat, 30 September 2006 13:43 |
|
xptek
Messages: 1410
Registered: August 2004
Location: USSA
Karma: 0
|
General (1 Star) |
|
|
| Quote: |
That is the point of the protocol: to be an insecure plaintext protocol. And because you have worked with IRCd doesn't make you a security expert on it.
|
It's not always plaintext, and the fact that it's plaintext doesn't make it inherently insecure.
Multiple IRCds, btw.
| Quote: |
I was making a point ... and that point was, that just because you know something about servers, services, or protocols doesn't mean that you understand the security risks with it. I, on the other hand, have done all of those things and have a lot of experience with "hacking". And not the script kiddie, "lets download a point-and-click port flooder" kind of hacking either. That doesn't count.
|
Oh fun. Mindtzar and I used to automatically root 1000s of Chinese/Taiwanese hosts back when we were nice and 'tarded. What does this have to do with the security of a protocol?
| Quote: |
and you still have a protocol with no built-in security
|
I guess EV1 should disallow HTTP too.
| Quote: |
to stop things like 'Joe Anonymous' from whois'ing your IP/hosting/etc.
|
Most modern IRCds have full hostmasking. I don't know where you're going with this one..
| Quote: |
information or sending you .exe's cuz you're a dumbass and you accepted the file.
|
IRC has no built-in file transfer method. DCC is not part of the IRC protocol.
cause = time
|
|
|
|
|
|
| Re: anyone looking to rent server PLEASE READ!!! [message #223745 is a reply to message #222790] |
Sat, 30 September 2006 13:47 |
fl00d3d
Messages: 1107
Registered: August 2003
Location: Iowa, USA
Karma: 0
|
General (1 Star)
Viva la Resistance! |
|
|
I don't want to argue about IRC. This is getting a bit absurd. Have fun with IRC 
As for EV1, it is a matter of preference. You've stated your opinion (which was targeting Neron Hosting) and I've stated mine. Life moves on, I have better things to do with my day. 
[Updated on: Sat, 30 September 2006 13:48] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Search
Help
Members
Register
Login
Home
