Uncloaking IP Addresses on IRC

DerbyCon 3.0 - All In The Family

Presented by: Derek Callaway
Date: Sunday September 29, 2013
Time: 15:00 - 15:50
Location: Track 2
Track: Fix Me

Ever wanted to find out someone’s IP address online? Of course you have! Tracing “calls” on the Internet is much more complicated than on the plain old telephone network. This expose` includes a history of traditional techniques used to discover the IP address of a target user in: chat rooms, forums and other types of social networking sites. Attention will be centered around a fundamental weakness in the IRC protocol that allows client IP addresses to be determined. Proof-of-concept samples targetting multiple IRC daemons will be released. Prizes will be awarded to the most interesting submissions for an online edition of ‘Spot The Fed.’

Derek Callaway

At the time of writing, Derek is currently an independent security contractor (and in the past for @stake and Symantec.) He’s written various tool packages including a Linux stealth patch to evade nmap’s transport layer OS detection as well as porkbind, a nameserver security scanner. In 2007, he won Cenzic’s SANS contest.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats