On Fri, 24 Oct 2003 13:33:32 -0700, Tom <tb.31020.nospam@comcast.net> wrote: > I used to use mIRC a lot, but I knew Windows expertly enough that > things like DCC didn't scare me. I'm scared I'll open a security hole > on my system if I use BitchX and install identd. > > (1) Is BitchX secure by default? Yes, it's merely an IRC client. However, security flaws can always come up, but it's usually only some kind of *local* exploit or some _really_ dumb configuration setup on the user's end. ;) Never should the client itself be susceptible to a remote attack out of the box. You shouldn't really have any problems. Questions? Just ask. ;) > (2) Is Linux identd secure by default? Does it work behind firewall? Depends on how you define 'secure.' As a service, identd is probably the safest service next to no service at all. The real concern is that identd is a privacy risk, but even as concerned about privacy as I am, I don't really buy that. And identd can easily be forged, so that issue is moot. (identd is a poor way for authentication, however, so if you plan on using identd to authenticate yourself: don't. IRC servers use it to prevent abuse.) It will also work behind a firewall if you open (or forward) the port (identd lives on 113, if I recall.) I run pidentd, and it's fine. > (3) Is DCC and crap like that secure by default? Yes. I have my firewall forward about 10 ports to my machine for DCC transfers; I have never had a problem using DCC. But then again, I rarely use it. Now, if you do something dumb like transfer a virus, you're out of luck. That tends to be a problem on systems designed in such a way, and susceptible to viruses the same way, like Windows. ;) > I know *live* in IRC, I'm scared to death of using it on "your own > turf". Should I be? Nope. ;) -- scott c. linnenbringer | sl@panix.com http://www.panix.com/~sl | sl@moslug.org jabber: sl@theoretic.com | irc: Jawoota
Attachment:
pgpxto7GxwlMa.pgp
Description: PGP signature