Solved

Interesting IRC question ... 500 points up for grabs

Posted on 2004-08-20
7
227 Views
Last Modified: 2013-11-21

A friend uses IRC extensively ....

He asked me a little while ago an interesting question ... and I have just thought of posting it here now, and maybe get an answer to it ...

He said to me that whenever he seems to have private conversations with persons from a lot of the channels, there seem to be some people aware of what they are talking about .... in the private chats. He uses mIRC.

Is this possible, and how was that achieved and how can one combat this issue?



0
Comment
Question by:CrisAndrei
7 Comments
 
LVL 19

Expert Comment

by:Dexstar
Comment Utility
CrisAndrei:

> He said to me that whenever he seems to have private conversations with
> persons from a lot of the channels, there seem to be some people aware
> of what they are talking about .... in the private chats. He uses mIRC.
>
> Is this possible, and how was that achieved and how can one combat this issue?

Well, it is *possible*, but not very likely.  IRC is inherently insecure.  Each person connects to a server, and the servers themselves are all interconnected.  Anyone between you and the server you are using, or anyone between the person you're talking with and the server they're using, or anyone between the two servers COULD monitor the network traffic and see what you're talking about.  Furthermore, anyone who operates an IRC server could log anything you say and record it forever.

However, since there are hundreds of thousands of people using IRC, with lots of private chats going on, it's just unreasonable to monitor them all.

The solution is to use a DCC chat (tricky to do behind firewalls, but still possible).  DCC means "Direct Client-to-Client", so the two people are talking directly without any IRC server involved.  That means that only people between you and the other person could listen in, which dramatically reduces the number of people who could listen in.

Another way (or to be used in combination with DCC) would be to use a client that supports some level of encryption.  Trillian does, but I'm not sure of any others, although they do exist.

HTH,
Dex*
0
 
LVL 8

Expert Comment

by:Wojciech Duda
Comment Utility
Actually has your friend thought about the possibility that if he has a private chat his partner could be telling details to someone else, also via a private chat?
0
 

Author Comment

by:CrisAndrei
Comment Utility

This is what happened:
He logged into a Undernet, and joined a motoring club channel.
There's been some arguements within the channel, at which stage, he opened a private chat with a very good friend of his.
They were talking in private about the arguement that going on in the channel, at which point, one of the other people from the channel, whom the arguement was going against, started posting their private chat.

My friend got quite upset, and closed the irc client, and he's been very upset ever since, as this affected him badly.
Hence his question to me as to how this may have been achieved.....

0
 
LVL 19

Accepted Solution

by:
Dexstar earned 500 total points
Comment Utility
CrisAndrei:

> There's been some arguements within the channel, at which stage, he opened a private
> chat with a very good friend of his.

Well, you know what they say about arguing on the Internet being like competing in the Special Olympics, right?

> My friend got quite upset, and closed the irc client, and he's been very upset ever
> since, as this affected him badly.
> Hence his question to me as to how this may have been achieved.....

There are a couple of ways this could've happened:
    1) His friend told the other guy what was being said (Occam's Razor tends to make this think this is the correct option)
    2) The other guy was an IRC operator and had the power to monitor the chat.
    3) One or other's computer was hacked into which allowed the other guy to monitor what was being said.
    4) The other guy was impersonating his friend, so the private chat was REALLY with the other guy, not his friend.

BTW, a DCC chat would've only prevented #2.  Anyway, IRC is like the wild west:  It's mostly safe, but there are some real jackasses out there and you should be careful.  Regardless, he shouldn't let anything about IRC upset him that much.  It's just IRC.

-D*
0
 
LVL 1

Expert Comment

by:Alien3
Comment Utility
yeah i agree.

it takes a person with packet sniffer to sniff the IRCd  ( Internet Relay Chat Deamon) Software that usually runs on linux systems.  

Im IRC operator on many irc networks and I cant really sniff the chat myself because I dont have access to most of IRCd's  
you have to be owner of IRCd yourself to find out what going on your IRCd server.  

also
using SSL connection would stop sniffers from reading your private chats.  



0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now