0003893: Firefox XPS IRC Attack - UnrealIRCd Bug Tracker

(0016037)
syzop (administrator)
2010-02-28 17:53

Is that the same as 0003862 ?
And does the suggested module therein help against this ?
(As you can see I was happy to do something about it, but got no feedback at all. If it's the same issue, that is.)

(0016038)
syzop (administrator)
2010-02-28 18:09
edited on: 2010-02-28 18:10

Seems so. Thanks for the heads up.
I'll enhance my module a bit (it was just proof-of-concept) and make it more public ;)

EDIT: btw, it should be mentioned that enabling NOSPOOF protects against this attack. Well, the clients will take up unknown connections, of course...

(0016039)
R-TypeEman (reporter)
2010-02-28 19:29

that module seems to do the trick

thanks

(0016040)
syzop (administrator)
2010-02-28 19:36

Ok :)
I've posted it on the website / news section: http://forums.unrealircd.com/viewtopic.php?t=6458 [^]
I wasn't paying too much attention to generic IRC news for the past 6 weeks or so, and nobody informed me until now about this.. so thanks again.

(0016164)
syzop (administrator)
2010-07-14 17:07

ohnobinki: what do you think, I have my free module and such, I feel like it can be quite important for ircds to have...
Shall I just throw it in the unreal tree?

Another question is, should I call it like m_<whatever>, and make it included in commands.so too? That way, each ircd will run it. If I don't then many won't use it.
Feels like a good idea..

(0016203)
ohnobinki (developer)
2010-07-16 01:24

I think the module should be accepted as official (and thus shipped with unrealircd-3.2.9).

I'm not sure if it's necessary to have it compiled into commands.so. 3.2.9 will have NOSPOOF enabled by default now -- perhaps that is enough. But, yes, I don't know why an IRCd wouldn't want to have this. (it doesn't look like my uncertainty here is of any help ;-) ).

(0016211)
syzop (administrator)
2010-07-16 14:52

hehehe
ok, let's put it in then. and yeah link it in commands.
perhaps name it m_something too so loadmodule m_*.so will include them if someone doesn't use commands.so.

still, have to think about the default settings. some users reported an annoying amount of notices regarding bots (webspiders) going to their ircd. hmmmm.

Issue History
Date Modified	Username	Field	Change
2010-02-28 17:35	R-TypeEman	New Issue
2010-02-28 17:53	syzop	Note Added: 0016037
2010-02-28 18:09	syzop	Note Added: 0016038
2010-02-28 18:09	syzop	Note Edited: 0016038
2010-02-28 18:09	syzop	Note Edited: 0016038
2010-02-28 18:10	syzop	Note Edited: 0016038
2010-02-28 19:29	R-TypeEman	Note Added: 0016039
2010-02-28 19:36	syzop	Note Added: 0016040
2010-07-14 17:07	syzop	Note Added: 0016164
2010-07-14 17:07	syzop	Relationship added	child of 0003776
2010-07-14 18:01	syzop	QA	=> Not touched yet by developer
2010-07-14 18:01	syzop	U4: Need for upstream patch	=> No need for upstream InspIRCd patch
2010-07-14 18:01	syzop	U4: Upstream notification of bug	=> Not decided
2010-07-14 18:01	syzop	U4: Contributor working on this	=> None
2010-07-14 18:01	syzop	Status	new => confirmed
2010-07-14 18:01	syzop	View Status	private => public
2010-07-16 01:24	ohnobinki	Note Added: 0016203
2010-07-16 14:52	syzop	Note Added: 0016211
2010-09-06 15:05	ohnobinki	Status	confirmed => assigned
2010-09-06 15:05	ohnobinki	Assigned To	=> ohnobinki

Notes
(0016037) syzop (administrator) 2010-02-28 17:53	Is that the same as 0003862 ? And does the suggested module therein help against this ? (As you can see I was happy to do something about it, but got no feedback at all. If it's the same issue, that is.)

(0016038) syzop (administrator) 2010-02-28 18:09 edited on: 2010-02-28 18:10	Seems so. Thanks for the heads up. I'll enhance my module a bit (it was just proof-of-concept) and make it more public ;) EDIT: btw, it should be mentioned that enabling NOSPOOF protects against this attack. Well, the clients will take up unknown connections, of course...

(0016039) R-TypeEman (reporter) 2010-02-28 19:29	that module seems to do the trick thanks

(0016040) syzop (administrator) 2010-02-28 19:36	Ok :) I've posted it on the website / news section: http://forums.unrealircd.com/viewtopic.php?t=6458 [^] I wasn't paying too much attention to generic IRC news for the past 6 weeks or so, and nobody informed me until now about this.. so thanks again.

(0016164) syzop (administrator) 2010-07-14 17:07	ohnobinki: what do you think, I have my free module and such, I feel like it can be quite important for ircds to have... Shall I just throw it in the unreal tree? Another question is, should I call it like m_<whatever>, and make it included in commands.so too? That way, each ircd will run it. If I don't then many won't use it. Feels like a good idea..

(0016203) ohnobinki (developer) 2010-07-16 01:24	I think the module should be accepted as official (and thus shipped with unrealircd-3.2.9). I'm not sure if it's necessary to have it compiled into commands.so. 3.2.9 will have NOSPOOF enabled by default now -- perhaps that is enough. But, yes, I don't know why an IRCd wouldn't want to have this. (it doesn't look like my uncertainty here is of any help ;-) ).

(0016211) syzop (administrator) 2010-07-16 14:52	hehehe ok, let's put it in then. and yeah link it in commands. perhaps name it m_something too so loadmodule m_*.so will include them if someone doesn't use commands.so. still, have to think about the default settings. some users reported an annoying amount of notices regarding bots (webspiders) going to their ircd. hmmmm.