Uncloaking IP Addresses on IRC

Presented at DerbyCon 3.0 All in the Family (2013), Sept. 29, 2013, 2 p.m. (50 minutes)

Ever wanted to find out someone’s IP address online? Of course you have! Tracing “calls” on the Internet is much more complicated than on the plain old telephone network. This expose` includes a history of traditional techniques used to discover the IP address of a target user in: chat rooms, forums and other types of social networking sites. Attention will be centered around a fundamental weakness in the IRC protocol that allows client IP addresses to be determined. Proof-of-concept samples targetting multiple IRC daemons will be released. Prizes will be awarded to the most interesting submissions for an online edition of ‘Spot The Fed.’

Presenters:

• Derek Callaway
  At the time of writing, Derek is currently an independent security contractor (and in the past for @stake and Symantec.) He’s written various tool packages including a Linux stealth patch to evade nmap’s transport layer OS detection as well as porkbind, a nameserver security scanner. In 2007, he won Cenzic’s SANS contest.

Links:

• https://infocon.org/cons/DerbyCon/DerbyCon 3 2013/video/Uncloaking IP Addresses On IRC Derek Callaway.mp4

Similar Presentations:

• DEF CON 7 (1999) / IP V.6 Overview
• DEF CON 10 (2002) / Extreme IP Backtracing
• DEF CON 15 (2007) / Saving The Internet With Hate