View Issue Details

IDProjectCategoryView StatusLast Update
0004010unrealircdpublic2013-05-06 07:13
ReporterJobe Assigned Tonenolod 
PrioritynormalSeverityfeatureReproducibilityN/A
Status resolvedResolutionfixed 
Fixed in Version3.4-alpha1 
Summary0004010: Listen block "hidden" option.
DescriptionSimple suggestion for a listen block option called "hidden" to allow users to use /stats P but still keep some ports hidden from them without blocking /stats P entirely. Of course opers would still be able to see hidden ports too.
TagsNo tags attached.
3rd party modules

Activities

katsklaw

2011-04-12 06:04

reporter   ~0016647

Last edited: 2011-04-12 06:12

What's the point in hiding ports? Clients are either allowed to use them or they aren't.

I can see hiding ports if you could specify how many users can connect to a port and have a reserved port for opers and hide it from non-opers, but you can't so i see no point in it.

scenarios:
1> user can connect to the port thus it should be visible.
2> user can't because it's for servers, set it to serversonly.
3> You don't want users or servers on the port, then why have it open?

Jobe

2011-04-13 09:08

reporter   ~0016648

Quite simply put because many Admins disable /stats p to stop users seeing server only ports and as a side effect stops users seeing which ports are available to them. The proposal for a hidden flag is so said Admins can hide server ports without preventing users from listing ports that are available.

So at present it's only an all or nothing approach. Where as with the hidden flag it gives an Admin the flxibility to hide only selected ports.

katsklaw

2011-04-14 02:30

reporter   ~0016649

I understand, but still fail to see the harm in users seeing ports they cant use. My questions were simply out of curiosity. However, I haven't any objection to the feature either.

Stealth

2011-09-11 01:29

reporter   ~0016748

Perhaps we should just make the stats output hide server ports all the time?

Clients should never need to know (or have access to) server ports, since that's one step closer to being able to hack in a link or spoof another server during a netsplit.

katsklaw

2011-09-11 02:10

reporter   ~0016749

Last edited: 2011-09-11 02:10

Admins need to see server and client ports to insure they are actually bound and which options are on the ports ssl, zip .. etc.

syzop

2012-12-15 20:50

administrator   ~0017266

A simple portscan is all it takes, so hiding ports doesn't sound too useful...

Still, we could go for Stealth's idea, but only for non-opers:
Hide non-client ports to regular users, but do show them to ircops.

Then, if you still want to hide (regular) client ports in /stats P, then you could just block it and mention the 'OK ports' in your MOTD instead.

nenolod

2013-05-06 07:13

reporter   ~0017496

http://hg.unrealircd.org/hg/unreal/rev/8cc454554f82

Issue History

Date Modified Username Field Change
2011-03-14 13:19 Jobe New Issue
2011-04-12 06:04 katsklaw Note Added: 0016647
2011-04-12 06:05 katsklaw Note Edited: 0016647
2011-04-12 06:11 katsklaw Note Edited: 0016647
2011-04-12 06:12 katsklaw Note Edited: 0016647
2011-04-13 09:08 Jobe Note Added: 0016648
2011-04-14 02:30 katsklaw Note Added: 0016649
2011-09-11 01:29 Stealth Note Added: 0016748
2011-09-11 02:10 katsklaw Note Added: 0016749
2011-09-11 02:10 katsklaw Note Edited: 0016749
2012-12-15 20:50 syzop Note Added: 0017266
2013-05-06 07:13 nenolod Note Added: 0017496
2013-05-06 07:13 nenolod Status new => resolved
2013-05-06 07:13 nenolod Fixed in Version => 3.4-alpha1
2013-05-06 07:13 nenolod Resolution open => fixed
2013-05-06 07:13 nenolod Assigned To => nenolod