DCC Exploit Fix
(New page: On IRC, there is a small group of abusive users that finds it funny to send invalid DCC commands causing certain vulnerable users to disconnect. This causes a somewhat large spamming of di...)
Newer edit →
Revision as of 23:38, 8 December 2009
On IRC, there is a small group of abusive users that finds it funny to send invalid DCC commands causing certain vulnerable users to disconnect. This causes a somewhat large spamming of disconnect and reconnect messages and is generally disruptive to the channel. The issue is due to a bug in certain routers. However, even when the router itself cannot be fixed, (which is, unfortunately, often the case) a workaround is available.
There are two options for fixing this issue: either Update Firmware or Change Port.
Update Firmware
Most router manufacturers have provided an updated firmware for their router that fix this particular exploit. Please check with their website for upgrades and installation instructions.
Change Port
The easiest way to work around this issue is to change the port through which you connect to DareNET (or other IRC networks). Most clients automatically connect to port 6667 when using an IRC server, but DareNET also offers the ability to connect to port 7000. This will prevent this particular exploit from affecting you.
Remember that you will have to close and reopen your IRC client for the changes to take effect (or otherwise make sure that the new connection settings are applied on reconnection).
XChat users can change this by going to XChat -> Network List, selecting DareNET Servers, clicking Edit, and change irc.darenet.org to irc.darenet.org/7000 (if DareNET is not in your network list, then manually specify port 7000 when connecting).
XChat-GNOME users can change this by going to Edit -> Preferences. Then select Networks on the side. Double-click on DareNET Servers on the right, click the servers tab, and then change irc.darenet.org to irc.darenet.org/7000. Remember to press enter before you click Close or your changes will not be saved.
Konversation users can go to File -> Server list -> Edit, click on the server name (e.g. irc.darenet.org), click on Edit, and change the port from 6667 to 7000.
Pidgin users can go to Tools -> Accounts, choose your irc.darenet.org account, -> Modify -> Show more options, and change the port from 6667 to 7000, -> Save.
Irssi users can type /connect irc.darenet.org 7000 every time they connect or, as a long term solution modify the port with commands /server add -network DareNET -port 7000 irc.darenet.org (to modify the settings) and /save (to make them permanent).
mIRC users can change this by going to Tools -> Options -> Servers -> DareNET. Then select Edit and change the port from 6667 to 7000. Remember to click Ok to save the changes.
weechat users should edit ~/.weechat/weechat.rc (nano ~/.weechat.weechat.rc), and, in the [server] section, change server_port = 6667 to server_port = 7000 and save the changes.
Chatzilla connection settings cannot be edited in a straightforward way in the GUI. When making a new connection, the port can be chosen by connecting with command /server irc.darenet.org 7000 or by connecting to irc://irc.darenet.org:7000
Colloquy can be configured to connect to port 7000 by expanding the dialog to create a new connection to show details, changing the Chat Server Port from 6667 to 7000 and ticking the "Remember this connection" checkbox.
The procedure for other IRC clients is similar, but the syntax is slightly different. Most other IRC clients use irc.darenet.org:7000 to specify port 7000.
See Also
Broken NAT firmware:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1067
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1068
Over-zealous anti-malware: