VampYre
03-02-2006, 06:58 PM
Strange startkeylogger IRC/Norton Bug - DCC SEND BUG
I'm not quite sure what the problem is with this, but I'm told its a problem with norton personal firewall.
When you type "startkeylogger" in a populated IRC channel you will notice that many of the clients in the channel quit, with the quit message: "Read error: Connection reset by peer".
If you are caught doing ANY EXPLOIT in #videopimp or any of its affliate channels, Expect to be banned....for 180 days... (NO MERCY FOR EXPLOITERS!)
This is your only warning...
It's made it to SlashDot (http://it.slashdot.org/article.pl?sid=06/03/03/004215&from=rss)
Update...More Info...
What's going on is, there's a problem with the way some Norton firewall products listen for and respond to a certain bit of malware called Spybot (http://securityresponse.symantec.com/avcenter/attack_sigs/s20713.html). So apparently whenever Norton sees the string 'startkeylogger' in an IRC session (whether private message or in a channel), it disconnects you from IRC. You can rejoin IRC almost immedaitely, but the problem will happen anytime that string is seen. And a lot of immature people think it's great fun to send that string and watch people be disconnected.
As of 7:30 PM pacific time on February 23, 2006, we don't see any response or solution to this from Norton/Symantec. We encourage those of you who run their product to complain to them about it!
The temporary solution, for those of your running Norton firewall products:
Norton -> Intrusion detection -> configure tab -> advanced tab --> uncheck Spybot keylogger item
This does open you to the Spybot attack. While we consider the risk kinda low, we invite you to read everything at the link above and make your own decision in the matter. And let us know if you hear of any other solutions - especially a fix from Norton!
If you are getting this from people DCC SEND ". . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . " 0 0 0
It's yet another exploit. From what we know it's caused by a problem in a few routers
netgear wgt624v2
linksys wrt54g
linksys 5port switch
netgear WGR614 V6
hopefully linksys/netgear will fix the firmware.
the workaround is to connect via a different port than 6667
like 6666, most servers have them open. try /stats P to find an alternative port
so if you see people peering after DCC SENd blah blah stuff
tell them to connect via 6666
the dcc send one affects a few routers... linksys/netgear it seems
they have an nat handler installed for port 6667
IF YOU ARE CAUGHT DOING OR ATTEMPTING TO DO ANY OF THESE COMMANDS IN AN OPEN CHANNEL OR VIA PM/NOTICE/CTCP/ECT EXPECT TO ENJOY A 180 DAY BAN!
I'm not quite sure what the problem is with this, but I'm told its a problem with norton personal firewall.
When you type "startkeylogger" in a populated IRC channel you will notice that many of the clients in the channel quit, with the quit message: "Read error: Connection reset by peer".
If you are caught doing ANY EXPLOIT in #videopimp or any of its affliate channels, Expect to be banned....for 180 days... (NO MERCY FOR EXPLOITERS!)
This is your only warning...
It's made it to SlashDot (http://it.slashdot.org/article.pl?sid=06/03/03/004215&from=rss)
Update...More Info...
What's going on is, there's a problem with the way some Norton firewall products listen for and respond to a certain bit of malware called Spybot (http://securityresponse.symantec.com/avcenter/attack_sigs/s20713.html). So apparently whenever Norton sees the string 'startkeylogger' in an IRC session (whether private message or in a channel), it disconnects you from IRC. You can rejoin IRC almost immedaitely, but the problem will happen anytime that string is seen. And a lot of immature people think it's great fun to send that string and watch people be disconnected.
As of 7:30 PM pacific time on February 23, 2006, we don't see any response or solution to this from Norton/Symantec. We encourage those of you who run their product to complain to them about it!
The temporary solution, for those of your running Norton firewall products:
Norton -> Intrusion detection -> configure tab -> advanced tab --> uncheck Spybot keylogger item
This does open you to the Spybot attack. While we consider the risk kinda low, we invite you to read everything at the link above and make your own decision in the matter. And let us know if you hear of any other solutions - especially a fix from Norton!
If you are getting this from people DCC SEND ". . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . " 0 0 0
It's yet another exploit. From what we know it's caused by a problem in a few routers
netgear wgt624v2
linksys wrt54g
linksys 5port switch
netgear WGR614 V6
hopefully linksys/netgear will fix the firmware.
the workaround is to connect via a different port than 6667
like 6666, most servers have them open. try /stats P to find an alternative port
so if you see people peering after DCC SENd blah blah stuff
tell them to connect via 6666
the dcc send one affects a few routers... linksys/netgear it seems
they have an nat handler installed for port 6667
IF YOU ARE CAUGHT DOING OR ATTEMPTING TO DO ANY OF THESE COMMANDS IN AN OPEN CHANNEL OR VIA PM/NOTICE/CTCP/ECT EXPECT TO ENJOY A 180 DAY BAN!