this is a question that has probably been asked before, but I cannot find the thread or the answers:
when connected to an irc server is it possible to read the content of a channel if you are not actually in the channel? is it possible to read the queries of other users? is it possible to spy on dcc chat sessions?
thank you
It's possible, sure. Especially if you're infected with a trojan (such as Sub7). However, some IRC networks provide SSL connections (encrypted) to help combat such snoopings.
Not unless another user involved in one of those conversations is infected with a trojan.
its not exactly the same, but on some servers, admins can join the channel without a join message and with no name in the nicklist.
There are also some circomstances that I understand private (nickname targeted) messages can be snooped by certain opers on some servers/ networks, in instances where that user is suspected of spamming or harassment or whatnot.
I dont know if any checks are in place to prevent unwarranted snooping on people obviously not spamming, but the general rule of thumb is any machine you communicate to or through-- has the ability to spy on your conversation, sometimes very easily.
Larger networks are more trustworthy, while smaller privately run servers are more likely to have a voyeur admin/ oper.
- Raccoon
Larger networks are more trustworthy, while smaller privately run servers are more likely to have a voyeur admin/ oper.
I think this has more to do with IRCd functionality rather than the size of the server/network. To the best of my knowledge, and based on the IRCd's I have installed, configured and experimented with CR, Unreal, Dreamforge, Chatspace, IRC Plus and Bahamut, not one has a function that allows opers or anyone to perv at private chats. If any of the above can then the feature is either undoctumented or well-hidden.
I'd be interested to know what IRCd's do so I can find out what networks to avoid visiting.
unreal used to have usermode +I, which made someone completely invisible and able to spy on channels, but that was removed in later versions.
most times i think it can be done thru logs from the ircd... but your correct it is hidden and undocumented on how to do it
Mode +I can be recompiled into the IRCd. Lets also not forget how easy it would be to code a simple line or two to output certain user chats to a file on the box itself. If you have to ask yourself if its safe to talk on IRC, just don't. Don't waste your time asking yourself questions. Take your private conversation to email or some other secured messaging medium.
It is possible for an IRC server to intercept DCC communications; but I've never heard of any servers that actually do this -> plus you'd notice pretty easy if you were teh reciever/sender and knew the other's ip (and noticed how it was the server's IP)
most of the ircd's out there are based on GPL, and available by source. if such functions exist, they are possible to see in the code, and need probably some configuration switch to be set, or some configuration option ( runtime ).
it is much easier to snoop on what a user says if you have simply access to the machine where the ircd runs, and easily tcp-dump a certain IP's traffic, where everything is transmitted plaintext. such a ( shell ) script would run externally of the ircd, and use not many resources, except disk-space ... a little perl program would be enough to strip unwanted characters from the dump-file, and/or filter out specific portions of the text ... this does not work obviously for DCC's, which are only initiated through the server. ( of course, an ircd could filter the dcc, and, as already pointed out, intercept it, and log what is being passed through, or have it be intercepted by some other process or machine even. )
however, this would mean access to the machine where the ircd runs, and ... not many ppl, except the irc-admins themselves usually have that possibility.
)