]>
Commit | Line | Data |
---|---|---|
3bd189cb JR |
1 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> |
2 | <HTML> | |
3 | <HEAD> | |
4 | <TITLE> [IRCServices] /ns ghost exploit | |
5 | </TITLE> | |
6 | <LINK REL="Index" HREF="index.html" > | |
7 | <LINK REL="made" HREF="mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20/ns%20ghost%20exploit&In-Reply-To="> | |
8 | <META NAME="robots" CONTENT="index,nofollow"> | |
9 | <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> | |
10 | <LINK REL="Previous" HREF="002850.html"> | |
11 | <LINK REL="Next" HREF="002852.html"> | |
12 | </HEAD> | |
13 | <BODY BGCOLOR="#ffffff"> | |
14 | <H1>[IRCServices] /ns ghost exploit</H1> | |
15 | <B>Andrew Church</B> | |
16 | <A HREF="mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20/ns%20ghost%20exploit&In-Reply-To=" | |
17 | TITLE="[IRCServices] /ns ghost exploit">achurch at achurch.org | |
18 | </A><BR> | |
19 | <I>Thu Mar 14 19:17:00 PST 2002</I> | |
20 | <P><UL> | |
21 | <LI>Previous message: <A HREF="002850.html">[IRCServices] What is wrong? | |
22 | </A></li> | |
23 | <LI>Next message: <A HREF="002852.html">[IRCServices] /ns ghost exploit | |
24 | </A></li> | |
25 | <LI> <B>Messages sorted by:</B> | |
26 | <a href="date.html#2851">[ date ]</a> | |
27 | <a href="thread.html#2851">[ thread ]</a> | |
28 | <a href="subject.html#2851">[ subject ]</a> | |
29 | <a href="author.html#2851">[ author ]</a> | |
30 | </LI> | |
31 | </UL> | |
32 | <HR> | |
33 | <!--beginarticle--> | |
34 | <PRE> C'est la vie; I don't see this as a problem Services needs to handle. | |
35 | If you have particular users doing this and it annoys other users, deal | |
36 | with the trouble causers individually. | |
37 | ||
38 | --Andrew Church | |
39 | <A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices">achurch at achurch.org</A> | |
40 | <A HREF="http://achurch.org/">http://achurch.org/</A> | |
41 | ||
42 | >><i> Andrew Church wrote | |
43 | </I>>><i> Services does not use SVSKILL in the first place, | |
44 | </I>><i> | |
45 | </I>><i>Sorry, my mistake. I meant Services will issue a kill for that user. | |
46 | </I>><i> | |
47 | </I>>><i> and | |
48 | </I>>><i> does not allow | |
49 | </I>>><i> GHOST anyway without a password unless the calling user is on | |
50 | </I>>><i> the access | |
51 | </I>>><i> list of the target nick _and_ the nick does not have the | |
52 | </I>>><i> SECURE option set. | |
53 | </I>><i> | |
54 | </I>><i>I know this. It still does not prevent a user using services to kill | |
55 | </I>><i>another user just because they happen to use their nickname. | |
56 | </I>><i> | |
57 | </I>><i>Nick A register A and also registers or links B, C, D, E. | |
58 | </I>><i> | |
59 | </I>><i>A new user connects using nick B and would get the usual warning from | |
60 | </I>><i>services. However, before they have the opportunity to choose a new | |
61 | </I>><i>nickname, A who is identified and has the password for B issues /ns ghost B | |
62 | </I>><i>password either manually or from a script which kills that user from the | |
63 | </I>><i>network. I didn't highlight a problem with the way services checks a users | |
64 | </I>><i>right to issue the command, merely in the way that the command is open to | |
65 | </I>><i>abuse. | |
66 | </I>><i> | |
67 | </I>>><i> Have you modified Services? | |
68 | </I>><i> | |
69 | </I>><i>No. | |
70 | </I>><i> | |
71 | </I>><i>Mark. | |
72 | </I>><i> | |
73 | </I>>><i> | |
74 | </I>>><i> --Andrew Church | |
75 | </I>>><i> <A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices">achurch at achurch.org</A> | |
76 | </I>>><i> <A HREF="http://achurch.org/">http://achurch.org/</A> | |
77 | </I>>><i> | |
78 | </I>>><i> >Something I recently became aware of was users "abusing" the | |
79 | </I>>><i> ghost command. | |
80 | </I>>><i> > | |
81 | </I>>><i> >When the ghost command is issued, Services will SVSKILL the | |
82 | </I>>><i> user from the | |
83 | </I>>><i> >network. However, the new trend appears to be setting up a | |
84 | </I>>><i> notify script, | |
85 | </I>>><i> >which will automatically ghost any user trying to use a | |
86 | </I>>><i> given nickname. | |
87 | </I>>><i> >This quickly became popular. How this came to my attention | |
88 | </I>>><i> is that a new | |
89 | </I>>><i> >user was trying to access the network but was repeatedly | |
90 | </I>>><i> killed by the | |
91 | </I>>><i> >ghost command. | |
92 | </I>>><i> > | |
93 | </I>>><i> >Use of "kill immediate" should be sufficient for those users | |
94 | </I>>><i> who do not | |
95 | </I>>><i> >want people using their nicknames and can be handled by | |
96 | </I>>><i> services with a | |
97 | </I>>><i> >nick change so I do not see use of the command in this manner as | |
98 | </I>>><i> >beneficial. | |
99 | </I>>><i> > | |
100 | </I>>><i> >One way to remove this exploit which seems the least complex | |
101 | </I>>><i> to actually | |
102 | </I>>><i> >manage is to only trigger the ghost if the target is | |
103 | </I>>><i> currently identified. | |
104 | </I>>><i> > | |
105 | </I>>><i> >This would mean that in the event a user got disconnected | |
106 | </I>>><i> before they were | |
107 | </I>>><i> >able to identify, they would be unable to remove a real 'ghost' on | |
108 | </I>>><i> >reconnect with the ghost command, but they could use 'recover' | |
109 | </I>>><i> >and 'release' instead. I believe that the 'recover' will | |
110 | </I>>><i> "guest" a user | |
111 | </I>>><i> >where NSForceNickChange is enabled. | |
112 | </I>>><i> > | |
113 | </I>>><i> >-- | |
114 | </I>>><i> >Mark. | |
115 | </I>><i> | |
116 | </I>><i>-- | |
117 | </I>><i>Mark. | |
118 | </I>><i> | |
119 | </I>><i> | |
120 | </I>><i>------------------------------------------------------------------ | |
121 | </I>><i>To unsubscribe or change your subscription options, visit: | |
122 | </I>><i><A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices">http://www.ircservices.za.net/mailman/listinfo/ircservices</A> | |
123 | </I> | |
124 | </PRE> | |
125 | ||
126 | <!--endarticle--> | |
127 | <HR> | |
128 | <P><UL> | |
129 | <!--threads--> | |
130 | <LI>Previous message: <A HREF="002850.html">[IRCServices] What is wrong? | |
131 | </A></li> | |
132 | <LI>Next message: <A HREF="002852.html">[IRCServices] /ns ghost exploit | |
133 | </A></li> | |
134 | <LI> <B>Messages sorted by:</B> | |
135 | <a href="date.html#2851">[ date ]</a> | |
136 | <a href="thread.html#2851">[ thread ]</a> | |
137 | <a href="subject.html#2851">[ subject ]</a> | |
138 | <a href="author.html#2851">[ author ]</a> | |
139 | </LI> | |
140 | </UL> | |
141 | ||
142 | </body></html> |