[IRCServices] /ns ghost exploit

Craig McLure frostycoolslug at hotmail.com
Thu Mar 14 22:24:01 PST 2002


yeah, if the user has identified, then it is an obvious ghost, if the user 
hasn, then it is prolly a mistake.. then we come across access lists.. some 
ppl dont need to identify cause their host is in them.. could this be a 
prob?


>From: "Mark Hetherington" <mark at ctcp.net>
>Reply-To: ircservices at ircservices.za.net
>To: ircservices at ircservices.za.net
>Subject: RE: [IRCServices] /ns ghost exploit
>Date: Thu, 14 Mar 2002 18:48:51 -0000 (GMT)
>
> > Andrew Church wrote:
> >      C'est la vie; I don't see this as a problem Services needs to 
>handle.
>
>I see. It is a problem Services introduced so it seemed appropriate for
>Services to handle it :(
>
> > If you have particular users doing this and it annoys other users, deal
> > with the trouble causers individually.
>
>Dealing with the current individuals concerned over this issue, does not
>make the problem go away. It merely creates a maintenance task each time
>someone new uses it. Prevention seems better than cure in this, as in any
>system.
>
>It seems odd that I can turn off Services' own ability to kill users in
>various circumstances (NSForceNickChange), but must allow users the power
>to use Services to kill another user off the network, especially when
>Services is already "handling" the user depending on registration options.
>A single 'if (has_identified_nick())' (or similar) on the target would seem
>to be a suitable solution and is the one I will look into implementing.
>
>--
>Mark.
>
>
>------------------------------------------------------------------
>To unsubscribe or change your subscription options, visit:
>http://www.ircservices.za.net/mailman/listinfo/ircservices




--
Craig McLure
Craig at e-tidalwave.org
WaveAdmin on the e-tidalwave IRC Network
Ride the Wave! www.e-tidalwave.org


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.