home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: alt.irc
- Path: sparky!uunet!usc!zaphod.mps.ohio-state.edu!moe.ksu.ksu.edu!ux1.cso.uiuc.edu!news.cso.uiuc.edu!uxa.cso.uiuc.edu!dms50304
- From: dms50304@uxa.cso.uiuc.edu (Darkman)
- Subject: Re: Useless Bots
- References: <1992Jul27.100632.2332@rat.csc.calpoly.edu> <Bs23Gt.FMo@news.cso.uiuc.edu> <Bs52nD.L9L@news.cso.uiuc.edu> <CKD.92Jul29121848@loiosh.eff.org>
- Message-ID: <Bs6oF0.HrF@news.cso.uiuc.edu>
- Sender: usenet@news.cso.uiuc.edu (Net Noise owner)
- Organization: University of Illinois at Urbana
- Date: Thu, 30 Jul 1992 03:59:24 GMT
- Lines: 30
-
- ckd@eff.org (Christopher Davis) writes:
-
- >Darkman> == Darkman <dms50304@uxa.cso.uiuc.edu>
-
- > Darkman> Easy. Bots should never function of nicks,
-
- >True; nicks are not an identifier, just a temporary tag at best.
-
- > Darkman> use user@host, very reliable against all but those who know
- > Darkman> how to fake logins.
-
- >Well, gee, security through (not-very) obscurity... login faking is
- >trivial under most conditions (unless your server is set up to check
- >with identd, *and* your machine is running an identd, *and* you don't
- >switch servers to one that doesn't check with identd...)
-
- >This is also assuming that a server hasn't been compromised, which
- >allows you to fake both user and host (just ask BIFF@BIT.NET, who was
- >registered with NickServ for a while :-).
-
- I assume there aren't too many out there who can fake a host, I agree that
- faking a login is trivial. So, if you truly are paranoid just incorporate
- a password for each person to be oped on arrival. That would virtually
- guarentee a secure channel.
-
- --
- ___________________________________________________________.
- | Daryn Sharp /\ University of Illinois /\ Engineering |
- | Darkman@uiuc.edu \/ Champaign-Urbana \/ CS Major |
- !___________________________________________________________!
-
