Home page logo
/

bugtraq logo Bugtraq mailing list archives

Long-standing bug in AustNet IRC network Virtual World
From: gbayley () AUSMAC NET (Grant Bayley)
Date: Sat, 3 Apr 1999 15:55:31 +1000


Hi folks,

I've documented (with examples) a long standing bug in the AustNet IRC
network "Virtual World" service which masks user IP address/hostnames for
the purpose of preventing nukes and other fun things.  The admins have
known about it for some time but seem to want to fix things like LoveOP
which sends lame love messages rather than helping their users stay
anonymous and secure, something they tout quite widely on their webpage.

In short, it uses a trivial but brute force attack using /who queries even
when the user is set to +i (invisible).

I've documented it at:

        http://www.2600.org.au/austnet-hack.html

And there is a plain text version at:

        http://www.2600.org.au/austnet-hack.txt

I should mention in passing that other IRC networks like Xnet that offer
hostname/ip masking do not suffer from the same bug.

Have fun.

Grant


___________________________________________________
Grant Bayley
- Network Administrator, Batey Kazoo Communications
- Administrator, The AusMac Archive
http://www.ausmac.net/    gbayley () ausmac net
__________________________________________________



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]