Re: Blocking IRC Access

From: Tim Syratt (tims_at_syratt.com)
Date: 11/18/03

  • Next message: Philip Wagenaar: "Betr.: Blocking IRC Access" 
    Date: Tue, 18 Nov 2003 10:39:40 +1100 (EST)
To: "J. Bilder" <electro@bildz.dyndns.org>

    Hi Mike,

    Jeff is correct. I run an IRC server that sits on a 10,000 user network
    and the amount of open proxies that are used as BNC's, particularly from within
    networks is incredible.

    I'd perhaps think about looking at your network, considering what you
    REALLY need your users to access.. Focus on each department individually
    and their needs, put it on paper and impliment (if you dont already) some
    VLANS with controlled access.. Perhaps even look at Cisco URT if you need
    to dynamically assign VLANs on login.

    You also need to look at your servers inside your lan, and make sure none
    of them can be used to bounce outside the firewall (proxy servers, http
    servers etc) on an obscure port and over to an IRC network..

    Good Luck!

    Tim Syratt

    On Mon, 17 Nov 2003, J. Bilder wrote:

    > Irc isn't the easiest to close. If they are looking to block IRC, then
    > they better block all the ports so that people cant BNC to other hosts.
    > Depending upon how the network is setup, you can BNC on any port to get
    > outside. Unless of course the company has a firewall that only allows
    > proxy sessions from a few hosts, and all other ports are locked down to
    > servers as well. Then it would be especially hard to get outside. They
    > would probably also be looking for someone scanning the firewall to see
    > where they could potentially find an open port to get out on as well.
    >
    > HTH
    >
    > - Jeff
    >
    >
    > On Mon, 2003-11-17 at 14:46, Mike wrote:
    > > Hi All,
    > > I'm looking at moving my career towards security, so was interested when I
    > > received an email from our security department that stated they would be
    > > blocking IRC by closing ports 6665-6669.
    > >
    > > I would have thought a lot more ports would need to be closed if the secops
    > > wanted to completely block IRC.
    > >
    > > What is the "best" way to disable access to IRC?
    > >
    > > Block known ports, what ports would need to be blocked?
    > >
    > > Or just drop packets, how would that be done?
    > >
    > > We use Cisco equipment and are primarily a win2k 70% winxp 30% site
    > >
    > > Like I said I'm wanting to move into security, but at the moment I wouldn't
    > > even class myself as a novice.
    > >
    > > Any input I could get from this list will be very much appreciated!
    > >
    > > Thanks
    > > Mike
    > >
    > >
    > >
    > > ---------------------------------------------------------------------------
    > > Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    > > The Presidio integrates PGP data encryption and XML Web Services security to
    > > simplify the management and deployment of PGP and reduce overall PGP costs
    > > by up to 80%.
    > > FREE WHITEPAPER & 30 Day Trial -
    > > http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    > > ----------------------------------------------------------------------------
    > >
    >
    >
    > ---------------------------------------------------------------------------
    > Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    > The Presidio integrates PGP data encryption and XML Web Services security to
    > simplify the management and deployment of PGP and reduce overall PGP costs
    > by up to 80%.
    > FREE WHITEPAPER & 30 Day Trial -
    > http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    > ----------------------------------------------------------------------------
    >

    ---------------------------------------------------------------------------
    Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    The Presidio integrates PGP data encryption and XML Web Services security to
    simplify the management and deployment of PGP and reduce overall PGP costs
    by up to 80%.
    FREE WHITEPAPER & 30 Day Trial -
    http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    ----------------------------------------------------------------------------

  • Next message: Philip Wagenaar: "Betr.: Blocking IRC Access"

    Relevant Pages

    • Re: Ports Base
      ... That will gain you the benefits of an up-to-date ports tree. ... you start installing ports, you have the pkgdb to deal with. ... I use something like this to rapidly deploy new FreeBSD servers. ... Due to network ...
      (freebsd-questions)
    • Please help me with my PF config
      ... I work in a school, ... have to connect to some servers in another school because we share databases ... servers in the other school network, and only this servers, no other ip ... connect to the services ports ...
      (freebsd-questions)
    • Re: ORA-12535: TNS:operation timed out errors for over a year now...
      ... I don't speak cognos or oracle. ... servers of any flavour on any switch and I'll understand all but sql ... They are convinced it is a network issue. ... is Oracle using random return ports (by default Oracle always uses 2 ...
      (comp.databases.oracle.server)
    • Re: Servers at different site arent showing up in Network Neighbo
      ... Remember also do you remote clients have a wins definition, ... > static mapping for the two servers at the remote site. ... > mapping for the two servers, and they still don't show up in Network ... What ports do I have to have open on the firewalls for WINS ...
      (microsoft.public.win2000.active_directory)
    • Re: Betr.: Re: MS Patches Management software: SUS vs 3rd party
      ... > it retrieves all patches at once. ... There is no management in SUS, ... > If they are planning to include the Windows NT 4.0 servers for the ... >> simplify the management and deployment of PGP and reduce overall PGP ...
      (Security-Basics)