I don't have a formal risk analysis but I can tell you from experience
what we've seen from IRC on our campus:
1) It is a major tool used by bad guys globally to communicate with each
other. If you haven't already done it, you need to log into an IRC server
and just listen in to the conversations that are going on in channels like
#warez and others. You can quickly get a graduate education in how to
penetrate systems and where to find the tools to do it.
2) IRC bots are frequently used to control various malware including
various trojans. These trojans can affect Windows and Unix systems (among
others). Some of the worms from last fall had this feature. Monitoring IRC
traffic from your campus will frequently indicate hosts which are infected
with a worm that is either sending (frequently sensitive) information to
an IRC bot somewhere or is reporting in to the IRC bot so that it can be
remotely controlled. SQL-Slammer had this feature, if I remember
3) It is a major communications and file distribution tool for child
My hunch is that most innocent users of chat technology are using AIM,
MSN and other instant messaging rather than IRC. I think IRC still has
some anonymity that isn't available with the IM software.
Like every tool on the internet, IRC has legitimate uses but it is
definitely an application that we monitor more closely than others.
Ron Parker, Director of Information Technology, Brazosport College
Voice: (979) 230-3480 FAX: (979) 230-3111
On Wed, 4 Feb 2004, Ken Schindler wrote:
> My staff have become increasing concerned about security issues
> surrounding IRC chat.
> Does anyone have a good risk analysis of what comes with this
> Ken Schindler
> Executive Director of Information Technology
> Saginaw Valley State University
> [log in to unmask]
> FAX: 989-964-7446
> Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.