[IRCServices] auto suspension after invalid passwords
Mark Hetherington
markh at eurodltd.co.uk
Fri Mar 23 13:59:01 PST 2001
If the nickname is suitably protected, e.g. SET KILL IMMED and a limited
access list, then the nickname cannot be used by anyone other than the
actual services root so it will not happen.
If it is still of concern, expiring a suspension invoked purely by the
invalid password trap would fix this since the nickname would return to use
after a set period while still making life difficult enough for would be
password crackers since they cannot "brute force" through multiple
connections/logons and will have to wait a fair amount of time between
attempts.
An "accumulator" could be used to invoke a permanent suspension for the case
of a very determined and patient crack attempt.
Mark.
CTCP Networks.
> -----Original Message-----
> From: ircservices-admin at ircservices.za.net
> [mailto:ircservices-admin at ircservices.za.net]On Behalf Of
> Andrew Church
> Sent: 23 March 2001 11:28
> To: ircservices at ircservices.za.net
> Subject: Re: [IRCServices] auto suspension after invalid passwords
>
>
> >If this feature is enabled, a rogue user could suspend
> anyone's nick - even
> >the services roots'. surely this is a bit of a problem? Comments?
>
> Hm, this is a good point. Suggestions (other than the
> obvious "don't
> automatically suspend nicks")?
>
> --Andrew Church
> achurch at achurch.org | New address - please note.
> http://achurch.org/ | メールアドレスが変わりました。
>
> -----------------------------------------------------------
> To unsubscribe, mail ircservices-request at ircservices.za.net
> with the word UNSUBSCRIBE in the subject of the mail.
> http://www.ircservices.za.net/mailman/listinfo/ircservices