Bugtraq mailing list archives
Long-standing bug in AustNet IRC network Virtual World
From: gbayley () AUSMAC NET (Grant Bayley)
Date: Sat, 3 Apr 1999 15:55:31 +1000
Hi folks, I've documented (with examples) a long standing bug in the AustNet IRC network "Virtual World" service which masks user IP address/hostnames for the purpose of preventing nukes and other fun things. The admins have known about it for some time but seem to want to fix things like LoveOP which sends lame love messages rather than helping their users stay anonymous and secure, something they tout quite widely on their webpage. In short, it uses a trivial but brute force attack using /who queries even when the user is set to +i (invisible). I've documented it at: http://www.2600.org.au/austnet-hack.html And there is a plain text version at: http://www.2600.org.au/austnet-hack.txt I should mention in passing that other IRC networks like Xnet that offer hostname/ip masking do not suffer from the same bug. Have fun. Grant ___________________________________________________ Grant Bayley - Network Administrator, Batey Kazoo Communications - Administrator, The AusMac Archive http://www.ausmac.net/ gbayley () ausmac net __________________________________________________
Current thread:
- Re: Possible local DoS in sendmail Anonymous (Mar 29)
- <Possible follow-ups>
- Possible local DoS in sendmail Lukasz Luzar (Apr 01)
- Re: Possible local DoS in sendmail KuRuPTioN (Apr 01)
- Re: Possible local DoS in sendmail Gregory Neil Shapiro (Apr 02)
- Re: Possible local DoS in sendmail Michał Szymański (Apr 02)
- Long-standing bug in AustNet IRC network Virtual World Grant Bayley (Apr 02)
- Re: Long-standing bug in AustNet IRC network Virtual World Paul McGovern (Apr 05)
- Re: Long-standing bug in AustNet IRC network Virtual World Henrik Edlund (Apr 06)
- Re: Long-standing bug in AustNet IRC network Virtual World Sean Kelly (Apr 07)
- Netcache snmp behaviour Marco Davids (Apr 06)
- Procmail version 3.13.1 released Philip Guenther (Apr 06)
- Digital Unix 4.0E /var permission Harhalakis Stefanos (Apr 04)
- ucd snmp vacm's public community access auth probs? + + (Apr 06)
- Re: Digital Unix 4.0E /var permission implosion (Apr 06)
- Re: Digital Unix 4.0E /var permission Harhalakis Stefanos (Apr 06)
- rsync 2.3.1 release - security fix Andrew Tridgell (Apr 07)