IRC Channel Access

Technomage technomage.hawke at gmail.com
Fri Nov 13 17:23:54 MST 2009


Sean Parsons wrote:
> They say there is some DCC exploit my router is susceptible to, but can't be
> specific, so they run some test on my connection and then kick/ban me from
> channels. There is nothing wrong with my Linksys WRT54G router, except some
> script kiddies on their network flood channels and I will apparently loose
> connection and be dropped. So instead of educating people or patching their
> servers, they kick//ban people, and when you ask questions the play with
> their bots and pelt you with useless links... 6 on 1 is a bit overwhelming.
>
>  
>
> I tried 3 clients, same thing. Whatever they have built tests connections.
> They can't explain why this is an issue to them if my connection gets
> dropped, it's really my problem... They suggested changing from port 6667 to
> 8001 and after a great deal of confusion about "how " to do it in the
> various clients, I was still kicked/banned from certain channels. So I give
> up with these guys and their power trip. I've done nothing but
> read/learn/contribute so I'm not a threat, but they feel this is the way to
> handle things.
>
>  
>
> The DCC problem has been an issue for years, but to suddenly target users in
> chat rooms designed to educate, is ridiculous and irresponsible behavior. So
> I'd rather not use freenode, unless I have no other choice. BTW I am on a
> fixed IP so it wouldn't take much for then to ban me from every channel..
>
>  
>
> Sean Parsons
>
>  
>
> From: plug-discuss-bounces at lists.plug.phoenix.az.us
> [mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Bob
> Elzer
> Sent: Friday, November 13, 2009 9:42 AM
> To: 'Main PLUG discussion list'
> Subject: RE: IRC Channel Access
>
>  
>
> It's kind of like a web page, it's only on the one server.
>
>  
>
> But unless you have a static IP, I'm not sure how they could ban you.
>
>  
>
> You could try loggin on with a different name, and even a different client.
>
>  
>
>  
>
>  
>
>   _____  
>
> From: plug-discuss-bounces at lists.plug.phoenix.az.us
> [mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Sean
> Parsons
> Sent: Friday, November 13, 2009 8:22 AM
> To: 'Main PLUG discussion list'
> Subject: IRC Channel Access
>
> Is freenode the only access to PLUG-AZ? I seem to have been kicked out of a
> channel because my "router" is buggy, some exploit they say I am susceptible
> to and there for are banned from the #Ubuntu channel entirely. The ops think
> its funny to gang up and pelt you with conflicting answers and when you call
> them on their behavior you get lectured on net etiquette, kettle? 
>
>  
>
> Needless to say I am too old for kid games, is there another server that has
> access to the channel?
>
>  
>
> Sean Parsons
>   
Sean, this info was a bit new for me so I looked it up:

***********************************************


        DCC SEND exploit

The DCC send exploit can refer to two bugs, a variant buffer overflow 
<http://en.wikipedia.org/wiki/Buffer_overflow> error in mIRC 
<http://en.wikipedia.org/wiki/MIRC> triggered by filenames longer than 
14 characters^[1] 
<http://en.wikipedia.org/wiki/Direct_Client-to-Client#cite_note-0> and 
an input validation error 
<http://en.wikipedia.org/w/index.php?title=Input_validation_error&action=edit&redlink=1> 
in some routers manufactured by Netgear 
<http://en.wikipedia.org/wiki/Netgear>, D-Link 
<http://en.wikipedia.org/wiki/D-Link> and Linksys 
<http://en.wikipedia.org/wiki/Linksys>, triggered by the use of port 
0^[/citation needed 
<http://en.wikipedia.org/wiki/Wikipedia:Citation_needed>/] . The router 
exploit, in particular, may be triggered when the phrase 'DCC SEND ' 
followed by at least 6 characters without spaces or newlines appears 
anywhere in a TCP 
<http://en.wikipedia.org/wiki/Transmission_Control_Protocol> stream on 
port 6667, not just when an actual DCC SEND request has been made. (from 
http://en.wikipedia.org/wiki/Direct_Client-to-Client)


***********************************************

learn something new every day. :)
Unfortunately, they don't specify which models are affected, or even 
what the test is to determine
if you have an affected model. Personally, I don't use such commodity 
devices as they cannot handle
some of the traffic I put through here daily (several other game players 
in the house wanting access
on specific ports, torrent traffic, all that). I use an openbsd box 
(which gives me full control of what
where and how). I could help you setup one if you want.



More information about the PLUG-discuss mailing list