Sent: Friday, July 19, 201
Cc: dalnet-src@dal.net; dalnet-services@dal.net
Subject: Re: [DALnet-src] User hostmasking
One concern that I would have is for the potential impersonation of representatives from businesses, like PayPal or (in the case of gaming) XBox Live or whatever. If someone could set their hostmask to CSR@paypal.com, or support@apple.com, it's not difficult to imagine that some users might be fooled into handing over sensitive account information.
oldcrow
On Fri, Jul 19, 2013 at 2:47 AM, Holbrook Bunting <holbrook@dal.net> wrote:
(If any of you got this twice, apologies, sent it from the wrong address the first go)
So, the idea of user hostmasking was brought up on the dalnet-src@ mailing list a few weeks ago and since we already have the ability in bahamut (via SVSHOST) to have services change a usershostname at anytime, I am thinking why not do this on a global scale?
efnet (and others using the same ircd) have the ability to give specific users their own custom host,on a server level, like handing out I:lines. We already have infrastructure setup for management of things in different areas via services (nickname/channel ownership, akill, etc).
On a small network I had running, I built into my services a way to allow users to set a "custom" hostname into NickServ done on the nick level, which worked a little like the /ns set url - command.
To create a new host for nick xyz (whilst using that nick), I would use; /ns set host some.random.hostname.
To turn off that option: /ns set host -
To minimise potential abuse, a list of hostmasks would say no you can't set your hostname to havethe word "dalnet" or "staff" or "*.dal.net" in it. If the user tried to set their host to be the same as another users host or ip, it would deny the request. Finally, once a hostname was set, services would not allow them to change the hostname for that nick again for 1 week (unless it was to turn it off).
For any other potential abuse problems that someone might cause, there was a kill switch which a CSOp could use to disallow the user from setting a custom host (kinda like freeze), remove any existing host already set.
This automated system looked beneficial in that any user could create their own unique hostname without having a bureaucratic system of having a specific team of opers having to grant or deny any request on a one-by-one basis.
So, with my system, when does services issue the SVSHOST command (aside from when using /ns set host)? The answer is it would happen when they /identify to their nickname (or another nickname that they aren't currently using) with a separate NOHOST option at the end for if they don't want the host applied at that time.
Does a system like this sound of interest to anyone? Does anyone think something like that would be too open for potential abuse? Does anyone have any differing views on how to best setup a user hostmasking system for the network?
Thanks,Holbrook aka zort aka srd
_______________________________________________
DALnet-src mailing list
DALnet-src@lists.dal.net
https://lists.dal.net/mailman/listinfo/dalnet-src