The first web-published book, on 2000-01-07.

Internet > Internet Relay Chat (IRC) >

IRC Security

Similarly, Internet "chat" services like IRC could be used; indeed there's an emerging tradition of using IRC and similar services for real-time, anonymous, control of worms and viruses.

- M. Leech; Chinese Lottery Cryptanalysis Revisited: The Internet as a Codebreaking Tool; RFC 3607; September 2003.

See the Internet security section for general security information. This section describes IRC specific security risks. IRC is an insecure, public space, so you should have fun but be cautious:

  • Confidentiality. The IRC space is completely insecure with respect to confidentiality. Any user on IRC can record the conversation on a channel, and many people do. And anyone administering one of the servers on the network can record all of the conversations on that network.

    The one protection you have is that your identify should be restricted to your nickname. However, your real identify could be discovered based on your IP address in the event someone went to the trouble of breaking into the IRC web server logs.

    On systems like DALnet that provide you with a permanent nickname your identity is technically easier to discover, although in normal circumstances an IRC administrator will not provide this information to third parties unless under a valid court order.
  • Gender. IRC is a large public space, like a big city, and a woman can sometimes attract unwanted attention. Women shouldn't choose feminine nicknames unless they want to advertise their gender, and may want to choose a neutral name like "Yukon" or something similar.
  • Personal information. Never under any circumstance give out your address, phone number, real name, or other identifying information to anybody on the Internet, no matter who they say they are or what the reason is.
  • Viruses. Never run an IRC script or type a command that someone else asks you to, unless you are absolutely sure you know what it does. For example, the IRC command "/fserve 1 c:\" can give a hacker access to your hard drive. Other commands can give a hacker complete control of your IRC session with very undesirable results. This ability of IRC to run scripts has been exploited by worms to propagate across the Internet. And of course, make sure you are running a virus protection program.

Resources. The following sites provide more information on IRC security:

  • Hacking IRC - The Definitive Guide
__