| View previous topic :: View next topic |
| Author |
Message |
Pithlit
l33t
Joined: 27 Dec 2003
Posts: 887
Location: fuhen
|
 Posted: Sat Mar 04, 2006 8:54 pm Post subject: Weird IRC exploit? [SOLVED-ish - netgear router issue] |
 |
|
Yesterday a guy used something that (at least to me) was explained as a Norton exploit on IRC:
| Quote: | <nick> DCC SEND "string" 0 0 0
* nick1 has quit (Read error: Connection reset by peer)
* nick2 has quit (Read error: Connection reset by peer)
* nick3 has quit (Read error: Connection reset by peer)
* nick4 has quit (Read error: Connection reset by peer)
* nick5 has quit (Read error: Connection reset by peer)
....
* nickn has quit (Read error: Connection reset by peer) |
So, being a good guy that I normaly am, I switched to a channel I hang in with a couple of friends (all linux users), convinced nothing bad will happen. You know... just to let them know...
| Quote: | <Pithlit> DCC SEND "string" 0 0 0
* NegativeK has quit (Read error: Connection reset by peer)
<Pithlit> WTF?!?
<M'hael> Was that intended? |
Imagine my surprise. So we started playing along.
1. NegativeK uses Debian stable with 2.6.8 and x-chat 2.4 ... he gets killed...
2. He updates x-chat to 2.6.1 ... and gets killed...
(Booo... Debian... BOOOO!!!!)
3. He switches to another box running Gentoo 2.6.13 and ircII... and gets killed again!
(Oooops... aint debians fault...)
He doesn't use Norton... and we don't know wtf is going on. Clearly it's not a bug within the irc client or kernel...
_________________
If someone solves a problem for you say thanks... and put [SOLVED] in the title!
Last edited by Pithlit on Sat Mar 04, 2006 9:23 pm; edited 1 time in total |
|
| Back to top |
|
 |
Pithlit
l33t
Joined: 27 Dec 2003
Posts: 887
Location: fuhen
|
| Posted: Sat Mar 04, 2006 9:22 pm Post subject: |
|
|
Hmm... nevermind... seems to be a router issue.
| Quote: | <NegativeK> And, yup, it's a netgear issue.
<Pithlit> o.O
<NegativeK> I wonder..
<negk> Connecting on port 7000 bypasses it.
<Nulani> DCC SEND "string" 0 0 0
<NegativeK> DCC SEND "boobies" 0 0 0
<NegativeK> Yay.
|
*note* negk and NegativeK are the same person.
_________________
If someone solves a problem for you say thanks... and put [SOLVED] in the title! |
|
| Back to top |
|
|
MrUlterior
Guru
Joined: 22 Mar 2005
Posts: 511
Location: Switzerland
|
| Posted: Sun Mar 05, 2006 9:55 am Post subject: |
|
|
Looks like "string" is the "stopkeylogger" / "startkeylogger" prob in symantec's junk.
This has been allover the news ....
http://www.theregister.co.uk/2006/03/03/symantec_security_glitch/
What do you mean by router issue? THe router is a win32 box with symantec?
_________________
Misanthropy 2.0 - enough hate to go around
|
|
| Back to top |
|
|
Pithlit
l33t
Joined: 27 Dec 2003
Posts: 887
Location: fuhen
|
| Posted: Sun Mar 05, 2006 7:57 pm Post subject: |
|
|
Router is a Wifi Netgear box. Connecting to IRC on port 7000 fixes the issue. And no, it's not the same thing as startkeylogger.
_________________
If someone solves a problem for you say thanks... and put [SOLVED] in the title! |
|
| Back to top |
|
|
MrUlterior
Guru
Joined: 22 Mar 2005
Posts: 511
Location: Switzerland
|
| Posted: Sun Mar 05, 2006 8:03 pm Post subject: |
|
|
| Pithlit wrote: | | Router is a Wifi Netgear box. Connecting to IRC on port 7000 fixes the issue. And no, it's not the same thing as startkeylogger. |
Port 7000 is usually SSL on IRC, so that's not really a fix, it's a different protocol almost.
_________________
Misanthropy 2.0 - enough hate to go around
|
|
| Back to top |
|
|
Pithlit
l33t
Joined: 27 Dec 2003
Posts: 887
Location: fuhen
|
| Posted: Wed Mar 08, 2006 6:54 pm Post subject: |
|
|
At the risk of sounding ungrateful... How the hell does changing a port change a protocol?!? It doesn't matter what port 7000 is usually used for. It fixes things. In fact... any port but 6667 fixes things.
One of many news regarding this issue.
_________________
If someone solves a problem for you say thanks... and put [SOLVED] in the title! |
|
| Back to top |
|
|
|
Networking & Security
