maybe it would work if a usaer had on both auto join on invite and auto rejoin on kick but it would still
assumeing both of theese were on it would take just over an hour on average to do someones entire ip
however i don't like hidden host at all because it means if you ban a user they can just get a new X account and come back. some isp's give users an entire subdomain to themselves so they could get as many new X accounts as they liked
the only soloution i can see to this is to make e-mail addresses visible and then have x enforce bans against them
From: Entrope <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [Coder-Com] +x mode (bug?)
Date: 16 Oct 2002 16:25:07 -0400
MIME-Version: 1.0
Received: from mc8-f24.law1.hotmail.com ([65.54.253.160]) by mc8-s13.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 16 Oct 2002 13:25:46 -0700
Received: from trek.sbg.org ([12.235.78.26]) by mc8-f24.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 16 Oct 2002 13:25:16 -0700
Received: by trek.sbg.org (Postfix)id 4A59C24A61; Wed, 16 Oct 2002 13:25:06 -0700 (PDT)
Received: by trek.sbg.org (Postfix, from userid 503)id EE7D324A62; Wed, 16 Oct 2002 13:25:05 -0700 (PDT)
Received: from sanosuke.troilus.org (pcp736266pcs.reston01.va.comcast.net [68.48.241.74])by trek.sbg.org (Postfix) with ESMTP id B08BF24A61for <[EMAIL PROTECTED]>; Wed, 16 Oct 2002 13:25:04 -0700 (PDT)
Received: by sanosuke.troilus.org (Postfix, from userid 1000)id D9D4B98001; Wed, 16 Oct 2002 16:25:07 -0400 (EDT)
Delivered-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
References: <[EMAIL PROTECTED]><000501c27544$35f96d40$0200a8c0@hidden> <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Lines: 22
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Honest Recruiter)
Sender: [EMAIL PROTECTED]
Precedence: bulk
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 16 Oct 2002 20:25:16.0835 (UTC) FILETIME=[23CF4730:01C27552]
James Evans <[EMAIL PROTECTED]> writes:
> Sounds like a way to still find out people's hosts.. Maybe not
> always doable but it would work in theory. Assuming everyone can
> only get one username, why have that in there?
If you want to try to ban *!*@*.isp1 (through ispN) and kick a user to
see if it keeps them out (and then refine the ban further once you
find a match) you _could_ use it as an oracle to guess someone's
hostname.
However, a successful attack requires that (a) their client
autorejoins on kick, (b) they do not notice or they ignore what you
are doing, and (c) you have an enormous amount of time to run the
attack, since it takes 6 seconds to run one check (ban, kick, unban
must be separate commands).
Testing using IP bans is probably an easier way to test than with
hostnames, but it still requires dozens of checks, and makes it
obvious what the attacker is trying to do.
Entrope
_________________________________________________________________
Get faster connections -- switch to MSN Internet Access! http://resourcecenter.msn.com/access/plans/default.asp
