Request: Oper up port

These are old archives. They are kept for historic purposes only.
Locked
pete212
Posts: 80
Joined: Mon Jul 12, 2004 1:56 am

Request: Oper up port

Post by pete212 » Mon Mar 28, 2005 10:23 pm

I was wondering if it was possible to create a module to add to the O:line block for ex.

oper testoper {
class clients;
from {
userhost testoper@192.168.1.1:7005
};

so that only a user connecting on 7005 can oper up with that host, If its possible can someone create it or help me create it?

codemastr
Former UnrealIRCd head coder
Posts: 811
Joined: Sat Mar 06, 2004 8:47 pm
Location: United States
Contact:

Post by codemastr » Mon Mar 28, 2005 11:14 pm

It could be possible, yes. But if you don't know C and/or the unreal module API, it will be difficult. Even if you do know them it's still difficult as this requires reimplementing the /oper command.
-- codemastr

Syzop
UnrealIRCd head coder
Posts: 1955
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Post by Syzop » Tue Mar 29, 2005 1:48 am

I second that.
Additionally, it only makes sense to me to force admins to use a certain port if it would be something like forcing them to use SSL.. In that case, this module does exactly that.

pete212
Posts: 80
Joined: Mon Jul 12, 2004 1:56 am

Post by pete212 » Tue Mar 29, 2005 8:25 pm

although i find ssl quite annoying but useful for security i think the idea i came up with should be turned into a module :D

codemastr
Former UnrealIRCd head coder
Posts: 811
Joined: Sat Mar 06, 2004 8:47 pm
Location: United States
Contact:

Post by codemastr » Tue Mar 29, 2005 9:06 pm

I don't see how your suggestion provides even the slightest bit of security.
-- codemastr

pete212
Posts: 80
Joined: Mon Jul 12, 2004 1:56 am

Post by pete212 » Tue Mar 29, 2005 10:03 pm

open a port that isnt open to the public that no one knows about ex. (7032)


if its a private network, or in my case i have a local network so i want to have a port that is open to my local network but is closed to the outside internet, so no one outside can connect on that port therefore they cannot oper up :)

Syzop
UnrealIRCd head coder
Posts: 1955
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Post by Syzop » Tue Mar 29, 2005 11:07 pm

pete212 wrote:open a port that isnt open to the public that no one knows about ex. (7032)
Uh... security trough obscurity (and especially this example) is really a bad idea.
if its a private network, or in my case i have a local network so i want to have a port that is open to my local network but is closed to the outside internet, so no one outside can connect on that port therefore they cannot oper up :)
... but you could already have done that by just putting in proper oper::from::userhosts. Or if nobody on the internet should be allowed to connect, then proper listen/allow blocks.

TigerDragon
Posts: 10
Joined: Mon Mar 28, 2005 2:50 pm

Post by TigerDragon » Wed Mar 30, 2005 1:18 am

Or, if you're behind a router, just listen on a port that you do NOT redirect the outside world to.

listen *:6666-6669 {};

listen *:7000 {};

router config redirects ports 6666-6669 but not 7000;

You connect to 7000 from localhost and do all of your oper stuff from there. Better yet, make 7000 ssl compliant and connect with ssl enabled if you want encrypted traffic (depending on your level of paranoia.) No need for special modules, just need a reworking of your plan.

codemastr
Former UnrealIRCd head coder
Posts: 811
Joined: Sat Mar 06, 2004 8:47 pm
Location: United States
Contact:

Post by codemastr » Wed Mar 30, 2005 1:36 am

pete212 wrote:open a port that isnt open to the public that no one knows about ex. (7032)
Ever heard of a port scan? Give me about 30 seconds and I'll find the port.
-- codemastr

pete212
Posts: 80
Joined: Mon Jul 12, 2004 1:56 am

Post by pete212 » Wed Mar 30, 2005 2:52 am

The question isnt if you know how to find it, is if you know what it is for if you were a 'h4x0r' trying to get oper.

codemastr
Former UnrealIRCd head coder
Posts: 811
Joined: Sat Mar 06, 2004 8:47 pm
Location: United States
Contact:

Post by codemastr » Wed Mar 30, 2005 3:37 am

And I would. I would connect to your server, type /module. It would inform me that "operport" (or whatever the module would be called) is loaded. I would then scan for ports open on the system in an attempt to find this port. Most likely, I'll only have about 10 ports to try. I can quickly create a script that will connect to the open ports and detect if the port is IRC. If it is, I can then have it send an /oper command.
-- codemastr

pete212
Posts: 80
Joined: Mon Jul 12, 2004 1:56 am

Post by pete212 » Thu Mar 31, 2005 3:28 am

First of all i have a module to allow /module for only ircops :p and it wouldnt be named oper port or anything close to give any ideas maybe like m_login :p

codemastr
Former UnrealIRCd head coder
Posts: 811
Joined: Sat Mar 06, 2004 8:47 pm
Location: United States
Contact:

Post by codemastr » Thu Mar 31, 2005 3:55 am

Using a module to make /module oper only is something we consider unethical. Users have a right to know what things you have loaded. As a result of this, this thread is now closed.
-- codemastr

Locked