– IRC News

All about Internet Relay Chat

UnrealIRCd team releases patch against Firefox XPS Attack

In a posting on the UnrealIRCd project website, coder Syzop announced a module that can help mitigate and completely stop the so-called “Firefox XPS Attack” (NSFW link).

The attack, which exploits the fact that malicious JavaScript can send arbitrary data to a wide range of ports, gained publicity when it was used against the freenode network over a period of a few weeks.

Even though the Mozilla project has a blocklist of ports that are specifically not allowed to be communicated to, the port commonly used by IRC networks (6667) was not on those lists.

The attack – which ironically doesn’t affect Safari, Internet Explorer or Firefox with the NoScript extension – only works if the targeted IRC server does not use anti-spoofing measures before proceeding to the login phase.

UnrealIRCd generally is immune to the threat when it was compiled with the NOSPOOF feature which is enabled by default for the Windows builds but an option that defaults to “no” on Linux (“Do you want to enable the server anti-spoof protection?” – the first question on ./Config).

With the module you can now instantly K/G/Z:Line such connections and therefore prevent them from filling up connection slots which might cause a DoS situation before they eventually time out. For maximum efficiency it is recommended you use both the module and the NOSPOOF option, however one works fine without the other.

To test whether your IRCd is vulnerable or the implemented measures against the attack are effective you can find the code that has been used against freenode here.

Thanks for the tip go to katsklaw!

Category: Hack, IRC, IRCd, Software

Your email address will not be published. Required fields are marked *