Hi folks, I've documented (with examples) a long standing bug in the AustNet IRC network "Virtual World" service which masks user IP address/hostnames for the purpose of preventing nukes and other fun things. The admins have known about it for some time but seem to want to fix things like LoveOP which sends lame love messages rather than helping their users stay anonymous and secure, something they tout quite widely on their webpage. In short, it uses a trivial but brute force attack using /who queries even when the user is set to +i (invisible). I've documented it at: http://www.2600.org.au/austnet-hack.html And there is a plain text version at: http://www.2600.org.au/austnet-hack.txt I should mention in passing that other IRC networks like Xnet that offer hostname/ip masking do not suffer from the same bug. Have fun. Grant ___________________________________________________ Grant Bayley - Network Administrator, Batey Kazoo Communications - Administrator, The AusMac Archive http://www.ausmac.net/ gbayleyat_private __________________________________________________
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:30 PDT