Security issue

These are old archives. They are kept for historic purposes only.
Post Reply
Psadi
Posts: 42
Joined: Sat Mar 20, 2004 7:50 pm

Security issue

Post by Psadi » Fri Apr 21, 2006 8:36 am

I had a user show me that he could get what I posted in a channel. Though he wasnt willing to show me how he did it. Im now wondering in what ways could he have done it. He wasnt in the channel. The channel has the modes +sntir set. The user is a normal user without any special privs. It looks to me that he can eavsdropp in some way. Don't know how though.

Also I wonder how I can make the channels more secure.

The ircservers I have talk ssl to each other. The services I have doesnt not.

Matridom
Posts: 296
Joined: Fri Jan 07, 2005 3:28 am

Post by Matridom » Fri Apr 21, 2006 6:01 pm

are you running the latest Unreal?
Never argue with an idiot. They will bring you down to their level, then beat you with experience.

Psadi
Posts: 42
Joined: Sat Mar 20, 2004 7:50 pm

Post by Psadi » Fri Apr 21, 2006 8:25 pm

Yes im running the latest build of Unreal.

Only way I can think of him doing this is that he got someone to install a script of some kind that he has made that forwards info to him.

Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Post by Stealth » Fri Apr 21, 2006 11:39 pm

That can very well be the case. It could also be he has happened to get a network sniffer on a connection to the network and can just pick it up. Have you tried using SSL? Have you tried doing this in an empty channel (ie. just you)?

Psadi
Posts: 42
Joined: Sat Mar 20, 2004 7:50 pm

Post by Psadi » Sat Apr 22, 2006 11:31 am

Stealth do you mean that if he connects a client with a network sniffer he can read what is posted in the channels even if he isnt in the channel? Or does he needs to be connected in another way?

Those of us that runs the server do use ssl most others dont. But server - server communication (unreal) is SSL.

But I think its a sniffer some way :/

salama
Posts: 34
Joined: Sun Jun 19, 2005 8:27 am

Post by salama » Sat Apr 22, 2006 2:49 pm

he doesn't need to connect altogether. sniffer can operate everywhere on the way as the packet is transmitted. if anyone on that channel was without ssl, sniffing him would reveal the entire channel's content. using ssl improves security, but watch out for fingerprint change when examining server's public key

Post Reply