[IRCServices] /ns ghost exploit

Craig McLure frostycoolslug at hotmail.com
Thu Mar 14 15:00:01 PST 2002


i see his point..
if a new user comes on with the nick (lets say, Craig) and i was known as 
FrostyCoolSlug with this script..
he would show as online, and ht script would automatically ghost Craig
this will detur users from connecting to the network, especially if this has 
happened 2 or 3 times.
surley you can code services so the nickname can only be ghosted *AFTER* 
60secs of connecting? givin them time to change nicks :)
just my 2 pence :P


>From: "Mark Hetherington" <mark at ctcp.net>
>Reply-To: ircservices at ircservices.za.net
>To: ircservices at ircservices.za.net
>Subject: RE: [IRCServices] /ns ghost exploit
>Date: Thu, 14 Mar 2002 10:26:08 -0000 (GMT)
>
> > Andrew Church wrote
> >      Services does not use SVSKILL in the first place,
>
>Sorry, my mistake. I meant Services will issue a kill for that user.
>
> > and
> > does not allow
> > GHOST anyway without a password unless the calling user is on
> > the access
> > list of the target nick _and_ the nick does not have the
> > SECURE option set.
>
>I know this. It still does not prevent a user using services to kill
>another user just because they happen to use their nickname.
>
>Nick A register A and also registers or links B, C, D, E.
>
>A new user connects using nick B and would get the usual warning from
>services. However, before they have the opportunity to choose a new
>nickname, A who is identified and has the password for B issues /ns ghost B
>password either manually or from a script which kills that user from the
>network. I didn't highlight a problem with the way services checks a users
>right to issue the command, merely in the way that the command is open to
>abuse.
>
> > Have you modified Services?
>
>No.
>
>Mark.
>
> >
> >   --Andrew Church
> >     achurch at achurch.org
> >     http://achurch.org/
> >
> > >Something I recently became aware of was users "abusing" the
> > ghost command.
> > >
> > >When the ghost command is issued, Services will SVSKILL the
> > user from the
> > >network. However, the new trend appears to be setting up a
> > notify script,
> > >which will automatically ghost any user trying to use a
> > given nickname.
> > >This quickly became popular. How this came to my attention
> > is that a new
> > >user was trying to access the network but was repeatedly
> > killed by the
> > >ghost command.
> > >
> > >Use of "kill immediate" should be sufficient for those users
> > who do not
> > >want people using their nicknames and can be handled by
> > services with a
> > >nick change so I do not see use of the command in this manner as
> > >beneficial.
> > >
> > >One way to remove this exploit which seems the least complex
> > to actually
> > >manage is to only trigger the ghost if the target is
> > currently identified.
> > >
> > >This would mean that in the event a user got disconnected
> > before they were
> > >able to identify, they would be unable to remove a real 'ghost' on
> > >reconnect with the ghost command, but they could use 'recover'
> > >and 'release' instead. I believe that the 'recover' will
> > "guest" a user
> > >where NSForceNickChange is enabled.
> > >
> > >--
> > >Mark.
>
>--
>Mark.
>
>
>------------------------------------------------------------------
>To unsubscribe or change your subscription options, visit:
>http://www.ircservices.za.net/mailman/listinfo/ircservices




--
Craig McLure
Craig at e-tidalwave.org
WaveAdmin on the e-tidalwave IRC Network
Ride the Wave! www.e-tidalwave.org


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com