Eggheads: RE: Strange questions from a N00B

Mon Aug 28 02:12:34 CDT 2006

Thanks again.  What would you suggest I should use for windows boxes?  The
prof said that we have to use Windows as the "target" boxes (I'm assuming
because they are more common, and most users don't "get it" when it comes to
security)

-----Original Message-----
From: eggheads-bounces at eggheads.org [mailto:eggheads-bounces at eggheads.org]
On Behalf Of Richard Brooklyn
Sent: August 28, 2006 2:07 AM
To: Eggdrop Discussion List
Subject: Re: Eggheads: RE: Strange questions from a N00B

On Mon, 2006-08-28 at 02:21 -0400, Jeeves Moss wrote:
> I was wondering how well egg drop worked with Norton and routers.  I can
see
> that Norton and other AV scanners would LOVE to sink their teeth into this
> piece of software.

Do you mean Norton for Windows? Eggdrop is a native Unix piece of
software. There are various unofficial ports to the Windows platform,
but I doubt you'll get much in the way of support due to their
unofficial nature, and possibly the high risk of someone putting in a
backdoor and you not knowing about it (and yes, this has actually
happened).

I don't see why Norton would identify eggdrop as a virus. At the very
most it should warn you that the software is present, as an eggdrop
could be included in some type of rootkit. But even then, I would
consider that to be a gross exaggeration. Eggdrop is legitimate
software, using it for malicious purposes is possible, but only in same
the way that you could use a home VCR to record something and sell it on
to your friends. The VCR itself isn't a bad thing, but can be used at
such. It's not like we're talking about SDBot here...

> Also, how well does it work with a router?  Does it
> maintain the outgoing connection, and how pervasive is it to connect to
the
> net if the default ports are blocked?  I would like to use it in a term
> paper that I will have to write later in this semester.  I look forward to
> hearing every one's opinions.

Well, my router works fine with Eggdrop. Of course, anything that has
strict outgoing connection policies is going to block the bot. For the
most basic operation, your router would need to allow the bot to have
outgoing connections to IRC server, of course. If you are behind a NAT
(as I am) and need to do file/userfile transfers in the bot (as I do)
then you'll need to forward some ports to the machine hosting the bot,
and tell the bot which ports it should use, as well as it's outside ip
address (see the configuration file for that). Even without port
forwarding, the bot will be able to download from other hosts if the
outgoing policy allows it.

The DCC protocol used on IRC requires the sending client to offer the
file at a specific ip and port. The downloading client would then need
to connect to the offering client in order to get the file. Eggdrop
doesn't have many firewall beating features (such as what Skype has),
but perhaps could be modified to do so.

If the 'default' port (I assume you mean port 6667) is blocked, then
you're going to have a hard time making it connect to an IRC server.
It's possible to make the bot use proxy servers, so you could perhaps
set one up outside the restrictive network on port 80 (if that's allowed
and not filtered in any way), and tell the bot to use that. If the
router is set up to disallow outgoing connection attempts to port 6667,
then there is a good reason why, and you should respect the wishes of
the people who maintain your network.

Good luck with your paper. By the way, what is the subject of your
paper? Is it specific to Eggdrop?

Regards,
Ribs.