1 <!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 3.2//EN">
4 <TITLE> [IRCServices] /ns ghost exploit
6 <LINK REL=
"Index" HREF=
"index.html" >
7 <LINK REL=
"made" HREF=
"mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20/ns%20ghost%20exploit&In-Reply-To=3c9062fb.05657%40achurch.org">
8 <META NAME=
"robots" CONTENT=
"index,nofollow">
9 <META http-equiv=
"Content-Type" content=
"text/html; charset=us-ascii">
10 <LINK REL=
"Previous" HREF=
"002844.html">
11 <LINK REL=
"Next" HREF=
"002846.html">
13 <BODY BGCOLOR=
"#ffffff">
14 <H1>[IRCServices] /ns ghost exploit
</H1>
15 <B>J.Brown (Ender/Amigo)
</B>
16 <A HREF=
"mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20/ns%20ghost%20exploit&In-Reply-To=3c9062fb.05657%40achurch.org"
17 TITLE=
"[IRCServices] /ns ghost exploit">ender at enderboi.com
19 <I>Thu Mar
14 10:
50:
01 PST
2002</I>
21 <LI>Previous message:
<A HREF=
"002844.html">[IRCServices] /ns ghost exploit
23 <LI>Next message:
<A HREF=
"002846.html">[IRCServices] /ns ghost exploit
25 <LI> <B>Messages sorted by:
</B>
26 <a href=
"date.html#2845">[ date ]
</a>
27 <a href=
"thread.html#2845">[ thread ]
</a>
28 <a href=
"subject.html#2845">[ subject ]
</a>
29 <a href=
"author.html#2845">[ author ]
</a>
34 <PRE>I believe what he's trying to get at is this:
36 - User 'nick' registers 'othernick', 'anothernick', 'toomanynicks'.
37 - User 'nick' has a script which will ghost any other user using those
39 - New user connects with nickname 'othernick' and gets ghosted straight
42 Personally, I really don't see too much of a problem with this. Sure, it
43 would be nice if the new user was just asked by Nickserv to change his
47 Regards, | Server Admin: bean.esper.net
48 | Server Admin: forte.nevernet.net
50 Ender |
<A HREF=
"http://www.enderboi.com/">http://www.enderboi.com/
</A>
51 (James Brown) | [Nehahra, ScummVM, PureLS, www.QuakeSrc.org]
53 On Thu,
14 Mar
2002, Andrew Church wrote:
55 ><i> Date: Thu,
14 Mar
2002 17:
42:
56 JST
56 </I>><i> From: Andrew Church
<<A HREF=
"http://www.ircservices.za.net/mailman/listinfo/ircservices">achurch at achurch.org
</A>>
57 </I>><i> Reply-To:
<A HREF=
"http://www.ircservices.za.net/mailman/listinfo/ircservices">ircservices at ircservices.za.net
</A>
58 </I>><i> To:
<A HREF=
"http://www.ircservices.za.net/mailman/listinfo/ircservices">ircservices at ircservices.za.net
</A>
59 </I>><i> Subject: Re: [IRCServices] /ns ghost exploit
61 </I>><i> Services does not use SVSKILL in the first place, and does not allow
62 </I>><i> GHOST anyway without a password unless the calling user is on the access
63 </I>><i> list of the target nick _and_ the nick does not have the SECURE option set.
64 </I>><i> Have you modified Services?
66 </I>><i> --Andrew Church
67 </I>><i> <A HREF=
"http://www.ircservices.za.net/mailman/listinfo/ircservices">achurch at achurch.org
</A>
68 </I>><i> <A HREF=
"http://achurch.org/">http://achurch.org/
</A>
70 </I>><i> >Something I recently became aware of was users
"abusing
" the ghost command.
72 </I>><i> >When the ghost command is issued, Services will SVSKILL the user from the
73 </I>><i> >network. However, the new trend appears to be setting up a notify script,
74 </I>><i> >which will automatically ghost any user trying to use a given nickname.
75 </I>><i> >This quickly became popular. How this came to my attention is that a new
76 </I>><i> >user was trying to access the network but was repeatedly killed by the
77 </I>><i> >ghost command.
79 </I>><i> >Use of
"kill immediate
" should be sufficient for those users who do not
80 </I>><i> >want people using their nicknames and can be handled by services with a
81 </I>><i> >nick change so I do not see use of the command in this manner as
82 </I>><i> >beneficial.
84 </I>><i> >One way to remove this exploit which seems the least complex to actually
85 </I>><i> >manage is to only trigger the ghost if the target is currently identified.
87 </I>><i> >This would mean that in the event a user got disconnected before they were
88 </I>><i> >able to identify, they would be unable to remove a real 'ghost' on
89 </I>><i> >reconnect with the ghost command, but they could use 'recover'
90 </I>><i> >and 'release' instead. I believe that the 'recover' will
"guest
" a user
91 </I>><i> >where NSForceNickChange is enabled.
97 </I>><i> >------------------------------------------------------------------
98 </I>><i> >To unsubscribe or change your subscription options, visit:
99 </I>><i> ><A HREF=
"http://www.ircservices.za.net/mailman/listinfo/ircservices">http://www.ircservices.za.net/mailman/listinfo/ircservices
</A>
100 </I>><i> ------------------------------------------------------------------
101 </I>><i> To unsubscribe or change your subscription options, visit:
102 </I>><i> <A HREF=
"http://www.ircservices.za.net/mailman/listinfo/ircservices">http://www.ircservices.za.net/mailman/listinfo/ircservices
</A>
112 <LI>Previous message:
<A HREF=
"002844.html">[IRCServices] /ns ghost exploit
114 <LI>Next message:
<A HREF=
"002846.html">[IRCServices] /ns ghost exploit
116 <LI> <B>Messages sorted by:
</B>
117 <a href=
"date.html#2845">[ date ]
</a>
118 <a href=
"thread.html#2845">[ thread ]
</a>
119 <a href=
"subject.html#2845">[ subject ]
</a>
120 <a href=
"author.html#2845">[ author ]
</a>