Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Long-standing bug in AustNet IRC network Virtual World

From: gbayley () AUSMAC NET (Grant Bayley)
Date: Sat, 3 Apr 1999 15:55:31 +1000

Hi folks,

I've documented (with examples) a long standing bug in the AustNet IRC
network "Virtual World" service which masks user IP address/hostnames for
the purpose of preventing nukes and other fun things.  The admins have
known about it for some time but seem to want to fix things like LoveOP
which sends lame love messages rather than helping their users stay
anonymous and secure, something they tout quite widely on their webpage.

In short, it uses a trivial but brute force attack using /who queries even
when the user is set to +i (invisible).

I've documented it at:

        http://www.2600.org.au/austnet-hack.html

And there is a plain text version at:

        http://www.2600.org.au/austnet-hack.txt

I should mention in passing that other IRC networks like Xnet that offer
hostname/ip masking do not suffer from the same bug.

Have fun.

Grant


___________________________________________________
Grant Bayley
- Network Administrator, Batey Kazoo Communications
- Administrator, The AusMac Archive
http://www.ausmac.net/    gbayley () ausmac net
__________________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: