Page 1 of 1

Request: Oper up port

Posted: Mon Mar 28, 2005 10:23 pm
by pete212
I was wondering if it was possible to create a module to add to the O:line block for ex.

oper testoper {
class clients;
from {
userhost [email protected]:7005
};

so that only a user connecting on 7005 can oper up with that host, If its possible can someone create it or help me create it?

Posted: Mon Mar 28, 2005 11:14 pm
by codemastr
It could be possible, yes. But if you don't know C and/or the unreal module API, it will be difficult. Even if you do know them it's still difficult as this requires reimplementing the /oper command.

Posted: Tue Mar 29, 2005 1:48 am
by Syzop
I second that.
Additionally, it only makes sense to me to force admins to use a certain port if it would be something like forcing them to use SSL.. In that case, this module does exactly that.

Posted: Tue Mar 29, 2005 8:25 pm
by pete212
although i find ssl quite annoying but useful for security i think the idea i came up with should be turned into a module :D

Posted: Tue Mar 29, 2005 9:06 pm
by codemastr
I don't see how your suggestion provides even the slightest bit of security.

Posted: Tue Mar 29, 2005 10:03 pm
by pete212
open a port that isnt open to the public that no one knows about ex. (7032)


if its a private network, or in my case i have a local network so i want to have a port that is open to my local network but is closed to the outside internet, so no one outside can connect on that port therefore they cannot oper up :)

Posted: Tue Mar 29, 2005 11:07 pm
by Syzop
pete212 wrote:open a port that isnt open to the public that no one knows about ex. (7032)
Uh... security trough obscurity (and especially this example) is really a bad idea.
if its a private network, or in my case i have a local network so i want to have a port that is open to my local network but is closed to the outside internet, so no one outside can connect on that port therefore they cannot oper up :)
... but you could already have done that by just putting in proper oper::from::userhosts. Or if nobody on the internet should be allowed to connect, then proper listen/allow blocks.

Posted: Wed Mar 30, 2005 1:18 am
by TigerDragon
Or, if you're behind a router, just listen on a port that you do NOT redirect the outside world to.

listen *:6666-6669 {};

listen *:7000 {};

router config redirects ports 6666-6669 but not 7000;

You connect to 7000 from localhost and do all of your oper stuff from there. Better yet, make 7000 ssl compliant and connect with ssl enabled if you want encrypted traffic (depending on your level of paranoia.) No need for special modules, just need a reworking of your plan.

Posted: Wed Mar 30, 2005 1:36 am
by codemastr
pete212 wrote:open a port that isnt open to the public that no one knows about ex. (7032)
Ever heard of a port scan? Give me about 30 seconds and I'll find the port.

Posted: Wed Mar 30, 2005 2:52 am
by pete212
The question isnt if you know how to find it, is if you know what it is for if you were a 'h4x0r' trying to get oper.

Posted: Wed Mar 30, 2005 3:37 am
by codemastr
And I would. I would connect to your server, type /module. It would inform me that "operport" (or whatever the module would be called) is loaded. I would then scan for ports open on the system in an attempt to find this port. Most likely, I'll only have about 10 ports to try. I can quickly create a script that will connect to the open ports and detect if the port is IRC. If it is, I can then have it send an /oper command.

Posted: Thu Mar 31, 2005 3:28 am
by pete212
First of all i have a module to allow /module for only ircops :p and it wouldnt be named oper port or anything close to give any ideas maybe like m_login :p

Posted: Thu Mar 31, 2005 3:55 am
by codemastr
Using a module to make /module oper only is something we consider unethical. Users have a right to know what things you have loaded. As a result of this, this thread is now closed.