Eggheads: Feature requests
elylevy at cs.huji.ac.il
Thu Sep 12 12:02:00 CST 2002
we had a very long discussion on it on eggdev you are invited to look at
the archive and see some ideas people made.
ie ssl encrypts but doesn't check you are giving it to the right person.
ideas for hubs to return only ok/nok and not pass passwords at all to
prevent brute force. don't forget that if someone hacked a shell he can
simply kill -HUP the bot and add some nice tcl lines to the config file
which would give him +n and his own passwords.or add some sniffer.
The problem of hacked shell is much bigger than simply sniffing.
so things like encrypted config files or even remote ones.
and so on... recommanded reading;)
On Thu, 12 Sep 2002, Wiktor Wodecki wrote:
> security through obscurity doesn't work...if they have access to your
> shell they simply run your bot through a debugger and get cleartext
> passwords next time someobdy uses the bot.
> what we would need is an authentication connect to the botnet and no
> real userfiles (so you cannot simply conenct a bot, you have to allow it
> on the hub, for example). this would prevent others from stealing
> passwords. however, if they got root on the shell there's no way in
> protecting the passwords, the attacker might simply read out the
> On Thu, Sep 12, 2002 at 04:12:48PM +0000, Ronny V?rdal wrote:
> > <some of the content has been removed>
> > > That is always a possibility. But i have a stable hub on a good connection
> > > and a alt-hub if that onegoes down. I'm really willing to take a chance
> > > with that rather than to have my userfile cracked on some remote shell.
> > >
> > > Minor userfile is ok as long as it doesnt store any passwords and is synched
> > > to the real userfile.
> > </removement>
> > Why not just use another encryption? Make your own encryption module with your own algorithm maybe? Or a not so common encryption (execept double ROT-13 :p), so that it will be harder to decrypt cuz people expect to face blowfish, des3 or md5or something in your userfile.
> > > Andri
> > > aka Merlin at IRCnet
> > Inputs from ting that is...
> Wiktor Wodecki | http://johoho.eggheads.org
More information about the Eggheads