Oper Attempts

FuRiOuS · Lurker Joined: 01 Feb 2006 Posts: 244

I am going to spread the word because this is something that I personally feel is kinda dangerous to small networks. I have a module loaded on my network that allows me to see all oper attempts, including failed oper attempts. For failed attempts it gives me the user name of who tried to oper, what login name they tried to use and what password they used. For example this :

DELETED. Please see new forum rules about posting nicknames and ip addresses - Admin]

Is what I see. Now in the wrong hands this information could be VERY harmful. I have used a completely bogus login id, and password as well as changed the ip entry however I wanted to show people exactly what can be seem. This module that I have is freely available to any unreal network! Which most networks run unreal so that makes this a big issue. Not all networks are going to use the information in the wrong way, but just 1 wrong person with that info, who also finds out what network you are opered on, could lead to serious issues.

Yes there should be other security measures in place, but on a daily basis I see 2-4 of these failed attempts because they are set in the perform function for any network they log into. Instead of being network specific like they should.

Just figured I would pass this along, because I have even had other Net Admins do this, without realizing that their performs are set wrong.

katsklaw · Posted: May 31, 2006 6:11pm Post subject:

ok I can understand wanting to see fail oper attempts .. I can't see why you'd want to know what username and password were used .. what I totally fail to understand is why you think the info is dangerous in the wrong hands? .. it's obviously bad info .. thus useless info.

Crackers don't want a list of invalid passwords, they have no use for them. That's like me pasting a batch of invalid creditcard numbers to a public channel or me saying "hey guys .. my oper password is not easypasswd" ... totally useless info.

FuRiOuS · Lurker Joined: 01 Feb 2006 Posts: 244

katsklaw · Posted: May 31, 2006 7:57pm Post subject:

Yes, I understand you changed the info fo an example .. however, since it's a FAILED attempt .. it's obviously not the right info. That info may work on another network .. but not on your network .. thus useless on your network .. unless you have IRCops that are going to go to 3600+ other networks testing a bunch of passwords and hope they find the right one and hope the oper's hostmask on that network is set to *@* or it will still fail.

If that's your fear then don't broadcast the password replace it with a place holder like [something]:

Jason · Posted: May 31, 2006 9:12pm Post subject:

A failed oper attempt shouldn't be a big issue. You have a password and login name pair for a reason.

I know I sometimes ran clients that would oper up on connect, and forget about that when connecting to other networks. Stuff happens, so don't sweat the small stuff.

Plasma · Newbie Joined: 10 Dec 2003 Posts: 63

Id find seeing the login and password used useful in the event to see if someone is trying to guess the password which closely resembles the oper's real password etc, or its just random jibberish.

magpie · Idler Joined: 18 Jan 2004 Posts: 453 Location: Essex, UK

You actually know your opers' plaintext passwords? I always used to just give my admin a hash.

DeMiNe0 · Posted: Jun 01, 2006 5:15pm Post subject:

katsklaw · Posted: Jun 01, 2006 5:27pm Post subject:

magpie · Idler Joined: 18 Jan 2004 Posts: 453 Location: Essex, UK

I know what the module is supposed to do. The question was directed at Plasma.

EDIT: That damn katsklaw gets his post in just as I hit submit. :)

Plasma · Newbie Joined: 10 Dec 2003 Posts: 63

Nah, I made them use /mkpasswd and give me a hash.

I mean if I happened to see *my* password being written (or one of the other opers login names, they could see if their password was trying to be used) etc.

magpie · Idler Joined: 18 Jan 2004 Posts: 453 Location: Essex, UK

Gotcha.

MrBurns · Posted: Jun 24, 2006 11:40am Post subject:

I use Unreal and *without using any modules* can see all (failed) oper attempts (but not with username and password). Not that I see a need for that, if somebody I don't know tries to oper and Unreal itself doesn't gline the sucker for 9999 years then I will.

PingBad · Posted: Jun 24, 2006 6:14pm Post subject:

well, vanilla Unreal does mention the operid they tried opering up with (valid or otherwise)...

Scire · Newbie Joined: 14 Apr 2006 Posts: 84 Location: IRC

Wasn't the point of this thread to warn Ircops to make sure they don't have auto-id scripts running on their IRC clients when joining networks they are in fact not ops on??

..seems like it kind of derailed a bit

In any event thanks for the heads up FuRiOuS, I will pass this link along to my OPs.