[Dshield] Blocking IRC
keith at keithbergen.com
Tue Nov 18 13:44:48 GMT 2003
Historically, IRC servers have used those TCP ports (and
primarily 6667) as the main server ports, however a lot of
IRC servers now offer web based interfaces. Those work on
your standard port 80, which is much more difficult for the
IT department to block. In addition, many IRC servers have
expanded their ports.
I help administer an IRC network, and we have 6661-6669
available. We also opened up 7001 years ago so that AOL users
could connect (as AOL either blocked 6661-6669, or used it
for something else). We also allow 4400 and 7070. All of
these extra ports are in no way a standard, but this shows
you an example of how difficult it would be to block out all
---- Original message ----
>Date: Tue, 18 Nov 2003 19:27:14 +1300
>From: "Mike" <mjcarter at ihug.co.nz>
>Subject: [Dshield] Blocking IRC
>To: <list at dshield.org>
>I originally sent this to another list, A few things I
learnt from that was
>that I didn't include enough info, so here goes with this
>I'm looking at moving my career towards security, so was
interested when I
>received an email from our security department that stated
they would be
>blocking IRC by closing ports 6665-6669.
>I would have thought a lot more ports would need to be
closed if the secops
>wanted to completely block IRC.
>What is the "best" way to disable access to IRC?
>Block known ports, what ports would need to be blocked?
>Or just drop packets, how would that be done?
>We use Cisco equipment and are primarily a win2k 70% winxp
>Like I said I'm wanting to move into security, but at the
moment I wouldn't
>even class myself as a novice.
>Additional info for the Dsheild list:
>Our security team is wanting to block access for users using
an IRC client.
>They want to stop viruses from infecting through IRC.
>And they want it to be seamless and low on overhead.
>Someone mentioned "Please keep in mind that you have just
>configuration to the whole world." (not sure if I'm breaking
>rules/ethics, this person doesn't know I posted his response
here but I
>thought it was relevant to answer anyone who thought the
>I didn't say who I work for and I used my personal email
account to send my
>question to the list but I appreciated the input.
>Any input I could get will be very much appreciated!
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see:
More information about the list