projects / irc.git / blame
| Commit | Line | Data |
|---|---|---|
| 3bd189cb JR |
1 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> |
| 2 | <HTML> | |
| 3 | <HEAD> | |
| 4 | <TITLE> [IRCServices] /ns ghost exploit | |
| 5 | </TITLE> | |
| 6 | <LINK REL="Index" HREF="index.html" > | |
| 7 | <LINK REL="made" HREF="mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20/ns%20ghost%20exploit&In-Reply-To="> | |
| 8 | <META NAME="robots" CONTENT="index,nofollow"> | |
| 9 | <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> | |
| 10 | <LINK REL="Previous" HREF="002850.html"> | |
| 11 | <LINK REL="Next" HREF="002852.html"> | |
| 12 | </HEAD> | |
| 13 | <BODY BGCOLOR="#ffffff"> | |
| 14 | <H1>[IRCServices] /ns ghost exploit</H1> | |
| 15 | <B>Andrew Church</B> | |
| 16 | <A HREF="mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20/ns%20ghost%20exploit&In-Reply-To=" | |
| 17 | TITLE="[IRCServices] /ns ghost exploit">achurch at achurch.org | |
| 18 | </A><BR> | |
| 19 | <I>Thu Mar 14 19:17:00 PST 2002</I> | |
| 20 | <P><UL> | |
| 21 | <LI>Previous message: <A HREF="002850.html">[IRCServices] What is wrong? | |
| 22 | </A></li> | |
| 23 | <LI>Next message: <A HREF="002852.html">[IRCServices] /ns ghost exploit | |
| 24 | </A></li> | |
| 25 | <LI> <B>Messages sorted by:</B> | |
| 26 | <a href="date.html#2851">[ date ]</a> | |
| 27 | <a href="thread.html#2851">[ thread ]</a> | |
| 28 | <a href="subject.html#2851">[ subject ]</a> | |
| 29 | <a href="author.html#2851">[ author ]</a> | |
| 30 | </LI> | |
| 31 | </UL> | |
| 32 | <HR> | |
| 33 | <!--beginarticle--> | |
| 34 | <PRE> C'est la vie; I don't see this as a problem Services needs to handle. | |
| 35 | If you have particular users doing this and it annoys other users, deal | |
| 36 | with the trouble causers individually. | |
| 37 | ||
| 38 | --Andrew Church | |
| 39 | <A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices">achurch at achurch.org</A> | |
| 40 | <A HREF="http://achurch.org/">http://achurch.org/</A> | |
| 41 | ||
| 42 | >><i> Andrew Church wrote | |
| 43 | </I>>><i> Services does not use SVSKILL in the first place, | |
| 44 | </I>><i> | |
| 45 | </I>><i>Sorry, my mistake. I meant Services will issue a kill for that user. | |
| 46 | </I>><i> | |
| 47 | </I>>><i> and | |
| 48 | </I>>><i> does not allow | |
| 49 | </I>>><i> GHOST anyway without a password unless the calling user is on | |
| 50 | </I>>><i> the access | |
| 51 | </I>>><i> list of the target nick _and_ the nick does not have the | |
| 52 | </I>>><i> SECURE option set. | |
| 53 | </I>><i> | |
| 54 | </I>><i>I know this. It still does not prevent a user using services to kill | |
| 55 | </I>><i>another user just because they happen to use their nickname. | |
| 56 | </I>><i> | |
| 57 | </I>><i>Nick A register A and also registers or links B, C, D, E. | |
| 58 | </I>><i> | |
| 59 | </I>><i>A new user connects using nick B and would get the usual warning from | |
| 60 | </I>><i>services. However, before they have the opportunity to choose a new | |
| 61 | </I>><i>nickname, A who is identified and has the password for B issues /ns ghost B | |
| 62 | </I>><i>password either manually or from a script which kills that user from the | |
| 63 | </I>><i>network. I didn't highlight a problem with the way services checks a users | |
| 64 | </I>><i>right to issue the command, merely in the way that the command is open to | |
| 65 | </I>><i>abuse. | |
| 66 | </I>><i> | |
| 67 | </I>>><i> Have you modified Services? | |
| 68 | </I>><i> | |
| 69 | </I>><i>No. | |
| 70 | </I>><i> | |
| 71 | </I>><i>Mark. | |
| 72 | </I>><i> | |
| 73 | </I>>><i> | |
| 74 | </I>>><i> --Andrew Church | |
| 75 | </I>>><i> <A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices">achurch at achurch.org</A> | |
| 76 | </I>>><i> <A HREF="http://achurch.org/">http://achurch.org/</A> | |
| 77 | </I>>><i> | |
| 78 | </I>>><i> >Something I recently became aware of was users "abusing" the | |
| 79 | </I>>><i> ghost command. | |
| 80 | </I>>><i> > | |
| 81 | </I>>><i> >When the ghost command is issued, Services will SVSKILL the | |
| 82 | </I>>><i> user from the | |
| 83 | </I>>><i> >network. However, the new trend appears to be setting up a | |
| 84 | </I>>><i> notify script, | |
| 85 | </I>>><i> >which will automatically ghost any user trying to use a | |
| 86 | </I>>><i> given nickname. | |
| 87 | </I>>><i> >This quickly became popular. How this came to my attention | |
| 88 | </I>>><i> is that a new | |
| 89 | </I>>><i> >user was trying to access the network but was repeatedly | |
| 90 | </I>>><i> killed by the | |
| 91 | </I>>><i> >ghost command. | |
| 92 | </I>>><i> > | |
| 93 | </I>>><i> >Use of "kill immediate" should be sufficient for those users | |
| 94 | </I>>><i> who do not | |
| 95 | </I>>><i> >want people using their nicknames and can be handled by | |
| 96 | </I>>><i> services with a | |
| 97 | </I>>><i> >nick change so I do not see use of the command in this manner as | |
| 98 | </I>>><i> >beneficial. | |
| 99 | </I>>><i> > | |
| 100 | </I>>><i> >One way to remove this exploit which seems the least complex | |
| 101 | </I>>><i> to actually | |
| 102 | </I>>><i> >manage is to only trigger the ghost if the target is | |
| 103 | </I>>><i> currently identified. | |
| 104 | </I>>><i> > | |
| 105 | </I>>><i> >This would mean that in the event a user got disconnected | |
| 106 | </I>>><i> before they were | |
| 107 | </I>>><i> >able to identify, they would be unable to remove a real 'ghost' on | |
| 108 | </I>>><i> >reconnect with the ghost command, but they could use 'recover' | |
| 109 | </I>>><i> >and 'release' instead. I believe that the 'recover' will | |
| 110 | </I>>><i> "guest" a user | |
| 111 | </I>>><i> >where NSForceNickChange is enabled. | |
| 112 | </I>>><i> > | |
| 113 | </I>>><i> >-- | |
| 114 | </I>>><i> >Mark. | |
| 115 | </I>><i> | |
| 116 | </I>><i>-- | |
| 117 | </I>><i>Mark. | |
| 118 | </I>><i> | |
| 119 | </I>><i> | |
| 120 | </I>><i>------------------------------------------------------------------ | |
| 121 | </I>><i>To unsubscribe or change your subscription options, visit: | |
| 122 | </I>><i><A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices">http://www.ircservices.za.net/mailman/listinfo/ircservices</A> | |
| 123 | </I> | |
| 124 | </PRE> | |
| 125 | ||
| 126 | <!--endarticle--> | |
| 127 | <HR> | |
| 128 | <P><UL> | |
| 129 | <!--threads--> | |
| 130 | <LI>Previous message: <A HREF="002850.html">[IRCServices] What is wrong? | |
| 131 | </A></li> | |
| 132 | <LI>Next message: <A HREF="002852.html">[IRCServices] /ns ghost exploit | |
| 133 | </A></li> | |
| 134 | <LI> <B>Messages sorted by:</B> | |
| 135 | <a href="date.html#2851">[ date ]</a> | |
| 136 | <a href="thread.html#2851">[ thread ]</a> | |
| 137 | <a href="subject.html#2851">[ subject ]</a> | |
| 138 | <a href="author.html#2851">[ author ]</a> | |
| 139 | </LI> | |
| 140 | </UL> | |
| 141 | ||
| 142 | </body></html> |