Page 1 of 1

Security issue

Posted: Fri Apr 21, 2006 8:36 am
by Psadi
I had a user show me that he could get what I posted in a channel. Though he wasnt willing to show me how he did it. Im now wondering in what ways could he have done it. He wasnt in the channel. The channel has the modes +sntir set. The user is a normal user without any special privs. It looks to me that he can eavsdropp in some way. Don't know how though.

Also I wonder how I can make the channels more secure.

The ircservers I have talk ssl to each other. The services I have doesnt not.

Posted: Fri Apr 21, 2006 6:01 pm
by Matridom
are you running the latest Unreal?

Posted: Fri Apr 21, 2006 8:25 pm
by Psadi
Yes im running the latest build of Unreal.

Only way I can think of him doing this is that he got someone to install a script of some kind that he has made that forwards info to him.

Posted: Fri Apr 21, 2006 11:39 pm
by Stealth
That can very well be the case. It could also be he has happened to get a network sniffer on a connection to the network and can just pick it up. Have you tried using SSL? Have you tried doing this in an empty channel (ie. just you)?

Posted: Sat Apr 22, 2006 11:31 am
by Psadi
Stealth do you mean that if he connects a client with a network sniffer he can read what is posted in the channels even if he isnt in the channel? Or does he needs to be connected in another way?

Those of us that runs the server do use ssl most others dont. But server - server communication (unreal) is SSL.

But I think its a sniffer some way :/

Posted: Sat Apr 22, 2006 2:49 pm
by salama
he doesn't need to connect altogether. sniffer can operate everywhere on the way as the packet is transmitted. if anyone on that channel was without ssl, sniffing him would reveal the entire channel's content. using ssl improves security, but watch out for fingerprint change when examining server's public key