> I think Dalnet and other networks use the same services so if > they could be > exploitable too. No. DALnet's services uses a 'services identifier', which is a unique identifier assigned to each client when they connect to the IRC network. Unless DALnet's services can confirm your services identifier, you will not get any identify-based privileges. I'd go into more detail as to exactly how this works, but DALnet's services is proprietary to the DALnet IRC Network, and I'm not allowed to discuss its security features publically. But suffice it to say that on DALnet, this should be impossible by explicit design. I find it hard to believe that any IRC network would fail as you described. People change nicknames all the time on an IRC network, and it would be literally moronic to use the nickname in an access check. (No offense intended to the specific network you mentioned.) David Schwartz (JoelKatz) Coding Director DALnet <JoelKatzat_private>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:56 PDT