Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Unet-Opers] abuse of nickserv (fwd)

From: danny () CHATSYSTEMS COM (danny)
Date: Thu, 25 Mar 1999 20:50:36 -0600

Actually, Undernet IRC went a step further, and voted earlier as a team that
we would protect the nicknames of select services for dalnet. Every Undernet
server is required to have a configuration line which disables users from
being able to use the specified nicknames. It was brought to our attention
that McLean.va* was missing this configuration lines, and it has been notified
and requested to add it promptly.

 When this is fully in place, it will not be possible to use the restricted
nicknames on an Undernet server. thus much more effective then trying to
use a pseudo client or fake bot to jupe the nickname.

        Danny Mitchell.
        Undernet Services Developer. <WildThang () undernet org>

Scott Fendley was known to have stated:

---------- Forwarded message ----------
Date: Tue, 23 Mar 1999 22:13:29 -0800
From: Nelson Little <nel74 () TIG COM AU>
To: BUGTRAQ () NETSPACE ORG
Subject: abuse of nickserv

Hi,

Many people that IRC on Dalnet have scripts which automatically identify
their nicknames via "/msg nickserv identify your_password" This works fine,
however,if you also IRC on Undernet you can run into a problem. Undernet
has no nickserv so if someone on Undenet decides to use the nick "nickserv"
they will be exposed to countless passwords from all the people that
automatically identify themselves. Once the evil user has these passwords
they can jump on Dalnet and steal that person's nick and change the
password. With a bit of brain power, and I won't go into how, they can also
abuse op in any channels that person has op access in.

Dalnet has been advised and starting on April 15th, you'll need to identify
to NickServ using /msg NickServ () services dal net IDENTIFY instead of just
using /msg NickServ IDENTIFY.

All the other IRC networks that I tested have a nickserv bot which halts
the abuse mentioned above.

Regards
Nelson




--
--------------------=================================--------------------------
              DannyM  -- http://www.chatsystems.com/danny/resume.html
               Unix Administrator - TCP/IP client-server Programmer
--------------------=================================--------------------------
Everything that I post is of my personal opinion, and not that of my employer!

Mouse Potato: The on-line, wired generation's answer to the couch potato.
Previous By Date Next
Previous By Thread Next

Current thread: