UnrealIRCd team releases patch against Firefox XPS Attack

Hello there! If you are new here, you might want to subscribe to the RSS feed for more & updated news about the world of IRC.

You're also welcome to follow us on Twitter or join our Facebook Fanpage.

If you liked this post, please show your support by clicking on our flattr button - thank you! :)

In a posting on the UnrealIRCd project website, coder Syzop announced a module that can help mitigate and completely stop the so-called “Firefox XPS Attack” (NSFW link).

The attack, which exploits the fact that malicious JavaScript can send arbitrary data to a wide range of ports, gained publicity when it was used against the freenode network over a period of a few weeks.

Even though the Mozilla project has a blocklist of ports that are specifically not allowed to be communicated to, the port commonly used by IRC networks (6667) was not on those lists.

The attack – which ironically doesn’t affect Safari, Internet Explorer or Firefox with the NoScript extension – only works if the targeted IRC server does not use anti-spoofing measures before proceeding to the login phase.

UnrealIRCd generally is immune to the threat when it was compiled with the NOSPOOF feature which is enabled by default for the Windows builds but an option that defaults to “no” on Linux (“Do you want to enable the server anti-spoof protection?” – the first question on ./Config).

With the module you can now instantly K/G/Z:Line such connections and therefore prevent them from filling up connection slots which might cause a DoS situation before they eventually time out. For maximum efficiency it is recommended you use both the module and the NOSPOOF option, however one works fine without the other.

To test whether your IRCd is vulnerable or the implemented measures against the attack are effective you can find the code that has been used against freenode here.

Thanks for the tip go to katsklaw!

XChat Author Warns for Firefox Exploit A second more serious security issue has been discovered which...
Some UnrealIRCd 3.2.8.1 downloads trojaned [Update 3] Syzop of the UnrealIRCd project just posted an announcement on...
Stskeeps quits developing for UnrealIRCd In an announcement on the IRCd's website, Stskeeps posts his...
UnrealIRCd updates their IRCd to 3.2.8.1 The UnrealIRCd project released a bugfix release of version 3.2.8...
Syzop resigns his position on the UnrealIRCd project Today, In an unexpected announcement on their homepage www.unrealircd.com and...

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/digg_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/reddit_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/dzone_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/stumbleupon_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/delicious_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/blinklist_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/blogmarks_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/newsvine_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/technorati_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/google_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/myspace_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/facebook_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/yahoobuzz_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/twitter_48.png

Tags: Hack, IRC, Software, Unreal IRCd

This entry was posted on Monday, March 1st, 2010 at 5:14 pm and is filed under Hack, IRC, IRCd, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

IRC-Junkie.org – IRC News

UnrealIRCd team releases patch against Firefox XPS Attack

Leave a Reply