Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!usc!snorkelwacker.mit.edu!stanford.edu!agate!usenet.ins.cwru.edu!gatech!prism!scott From: scott@prism.gatech.EDU (Scott Holt) Newsgroups: comp.unix.admin Subject: Re: IRC and Security Message-ID: <24519@hydra.gatech.EDU> Date: 17 Mar 91 18:31:59 GMT References: <7748@uceng.UC.EDU> Organization: Georgia Institute of Technology Lines: 52 There are a number of pluses and minuses concerning IRC - however, the so-called security problems it causes are problems it has in common with any communications medium. I don't think you will find any medium which has not been used for some criminal purpose at some time in its existance. The problems I have with IRC have nothing to do with security, but the resources it takes. It has been mentioned that IRC is not a heavy load on resources - to that my reply is b------t. It may be a minor drain on network facilities, but it is a serious drain on other resources. In particular, its a drain on the number of seats availble for people to do work on the systems that run IRC clients. It has gotten to the point where I can log into our main time-sharing resource at just about any given time of day and find 5-10 of the terminal ports consumed by people using IRC or something very much like it. This goes on at times when people trying to get a connection from our terminal server network get denied access because no ports are available. I hate to think how many workstation seats are used up with this stuff while others are waiting - what are we supposed to do, walk around an look over everyones'shoulders? Ok, so why do we not restrict acces to IRC clients on our system? Well, IRC client source is available from a number of places - in fact, we don't support IRC at all, a user found the source, installed it on his account and made it available to the rest of our users. I have a feeling that if we took it away from that user (which would open a whole new can of worms), it would simply reappear somewhere - etc,etc,etc...The folks who manage our systems have better things to do with their time. I think the only way to keep IRC and similar facilities from becoming more trouble than they are worth is for the folks to manage the relays to take more responsibility. For example, if some site administrators do not want people using IRC, then they should be able to have the relay operators configure the relay to deny access to their sites. Things like this are nice, and I will admit that they have potential value. However, the people who use them and support them have to put their use in perspective. At an institute such as ours, there are priorities that become painfully obvious when resources are limited. -Scott Disclaimer: these opinions are mine and may not represent those of my employer. -- This is my signature. There are many like it, but this one is mine. Scott Holt Internet: scott@prism.gatech.edu Georgia Tech UUCP: ..!gatech!prism!scott Office of Information Technology, Technical Services