software/RELEASES/ircservices/achurch.org/services/lists/ircservices/2002/002843.html

   1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
   2 <HTML>
   3  <HEAD>
   4    <TITLE> [IRCServices] /ns ghost exploit
   5    </TITLE>
   6    <LINK REL="Index" HREF="index.html" >
   7    <LINK REL="made" HREF="mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20/ns%20ghost%20exploit&In-Reply-To=">
   8    <META NAME="robots" CONTENT="index,nofollow">
   9    <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
  10    <LINK REL="Previous"  HREF="002842.html">
  11    <LINK REL="Next"  HREF="002844.html">
  12  </HEAD>
  13  <BODY BGCOLOR="#ffffff">
  14    <H1>[IRCServices] /ns ghost exploit</H1>
  15     <B>Mark Hetherington</B>
  16     <A HREF="mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20/ns%20ghost%20exploit&In-Reply-To="
  17        TITLE="[IRCServices] /ns ghost exploit">mark at ctcp.net
  18        </A><BR>
  19     <I>Thu Mar 14 03:04:01 PST 2002</I>
  20     <P><UL>
  21         <LI>Previous message: <A HREF="002842.html">[IRCServices] [OFFTOPIC] web client
  22 </A></li>
  23         <LI>Next message: <A HREF="002844.html">[IRCServices] /ns ghost exploit
  24 </A></li>
  25          <LI> <B>Messages sorted by:</B>
  26               <a href="date.html#2843">[ date ]</a>
  27               <a href="thread.html#2843">[ thread ]</a>
  28               <a href="subject.html#2843">[ subject ]</a>
  29               <a href="author.html#2843">[ author ]</a>
  30          </LI>
  31        </UL>
  32     <HR>
  33 <!--beginarticle-->
  34 <PRE>Something I recently became aware of was users &quot;abusing&quot; the ghost command.
  35
  36 When the ghost command is issued, Services will SVSKILL the user from the
  37 network. However, the new trend appears to be setting up a notify script,
  38 which will automatically ghost any user trying to use a given nickname.
  39 This quickly became popular. How this came to my attention is that a new
  40 user was trying to access the network but was repeatedly killed by the
  41 ghost command.
  42
  43 Use of &quot;kill immediate&quot; should be sufficient for those users who do not
  44 want people using their nicknames and can be handled by services with a
  45 nick change so I do not see use of the command in this manner as
  46 beneficial.
  47
  48 One way to remove this exploit which seems the least complex to actually
  49 manage is to only trigger the ghost if the target is currently identified.
  50
  51 This would mean that in the event a user got disconnected before they were
  52 able to identify, they would be unable to remove a real 'ghost' on
  53 reconnect with the ghost command, but they could use 'recover'
  54 and 'release' instead. I believe that the 'recover' will &quot;guest&quot; a user
  55 where NSForceNickChange is enabled.
  56
  57 --
  58 Mark.
  59
  60
  61
  62 </PRE>
  63
  64 <!--endarticle-->
  65     <HR>
  66     <P><UL>
  67         <!--threads-->
  68         <LI>Previous message: <A HREF="002842.html">[IRCServices] [OFFTOPIC] web client
  69 </A></li>
  70         <LI>Next message: <A HREF="002844.html">[IRCServices] /ns ghost exploit
  71 </A></li>
  72          <LI> <B>Messages sorted by:</B>
  73               <a href="date.html#2843">[ date ]</a>
  74               <a href="thread.html#2843">[ thread ]</a>
  75               <a href="subject.html#2843">[ subject ]</a>
  76               <a href="author.html#2843">[ author ]</a>
  77          </LI>
  78        </UL>
  79
  80 </body></html>