[IRCServices] /ns ghost exploit

J.Brown (Ender/Amigo) ender at enderboi.com
Thu Mar 14 10:50:01 PST 2002 

I believe what he's trying to get at is this:

 - User 'nick' registers 'othernick', 'anothernick', 'toomanynicks'.
 - User 'nick' has a script which will ghost any other user using those
nicknames
 - New user connects with nickname 'othernick' and gets ghosted straight
away by the script.

Personally, I really don't see too much of a problem with this. Sure, it
would be nice if the new user was just asked by Nickserv to change his
nickname - but..


Regards,        | Server Admin: bean.esper.net
		| Server Admin: forte.nevernet.net
                |
        Ender   | http://www.enderboi.com/
  (James Brown) | [Nehahra, ScummVM, PureLS, www.QuakeSrc.org]

On Thu, 14 Mar 2002, Andrew Church wrote:

> Date: Thu, 14 Mar 2002 17:42:56 JST
> From: Andrew Church <achurch at achurch.org>
> Reply-To: ircservices at ircservices.za.net
> To: ircservices at ircservices.za.net
> Subject: Re: [IRCServices] /ns ghost exploit
>
>      Services does not use SVSKILL in the first place, and does not allow
> GHOST anyway without a password unless the calling user is on the access
> list of the target nick _and_ the nick does not have the SECURE option set.
> Have you modified Services?
>
>   --Andrew Church
>     achurch at achurch.org
>     http://achurch.org/
>
> >Something I recently became aware of was users "abusing" the ghost command.
> >
> >When the ghost command is issued, Services will SVSKILL the user from the
> >network. However, the new trend appears to be setting up a notify script,
> >which will automatically ghost any user trying to use a given nickname.
> >This quickly became popular. How this came to my attention is that a new
> >user was trying to access the network but was repeatedly killed by the
> >ghost command.
> >
> >Use of "kill immediate" should be sufficient for those users who do not
> >want people using their nicknames and can be handled by services with a
> >nick change so I do not see use of the command in this manner as
> >beneficial.
> >
> >One way to remove this exploit which seems the least complex to actually
> >manage is to only trigger the ghost if the target is currently identified.
> >
> >This would mean that in the event a user got disconnected before they were
> >able to identify, they would be unable to remove a real 'ghost' on
> >reconnect with the ghost command, but they could use 'recover'
> >and 'release' instead. I believe that the 'recover' will "guest" a user
> >where NSForceNickChange is enabled.
> >
> >--
> >Mark.
> >
> >
> >------------------------------------------------------------------
> >To unsubscribe or change your subscription options, visit:
> >http://www.ircservices.za.net/mailman/listinfo/ircservices
> ------------------------------------------------------------------
> To unsubscribe or change your subscription options, visit:
> http://www.ircservices.za.net/mailman/listinfo/ircservices
>