Eggheads: Feature requests

stdarg stdarg at
Thu Sep 12 12:31:01 CST 2002

--- Andri_Óskarsson <andri at> wrote:
> 1. Userfile caching option
> --
> When this is enabled the bot does not save ANY users or password to the
> userfile even if its set to share flags. Just saves the information in memory
> and asks the hub bot for user information and verifies if the passwords are
> correct and simply caches the info. Ofcourse this offers the ability to sniff
> botnet traffic and get valid passwords. Wait for request feature 2.

In 1.7/8, there will be no userfile transfer. User data will transfered over
the botnet to bots that request it. It might be a neat feature to make user
authentication work over the botnet, so that you can have a trusted bot with
all user passwords, and then untrusted bots can say "is this user/pass valid?".
Or taking it a step further, allow users to authenticate with your trusted bot,
and then the other bots don't even request a password, they just check with the
trusted bot to see if the user is authenticated.

(Of course, any notion of a 'trusted' bot will only increase the amount of
damage a person can do by compromising that bot.)

> 2. SSL encrypted sockets.
> --
> So all botnet connections go through SSL and therefore harder to sniff. I do
> realize the cpu effect in this but I still find this a good feature.

I already coded an ssl filter for 1.7 that allows you to add ssl to any
connection. It's very easy. You'll be able to specify it in the config file, or
do it manually with a script or module (something like ssl_on $idx, which will
have to be run on both sides of the connection, presumably after some sort of
protocol negotiation).

> Bottomline is that I want to be able to put bots on shells i dont trust 100%
> (which makes all shells except the ones i admin myself). I've been 

Unfortunately there's no such thing as 100% security on an untrusted system.
Even with SSL on your connections, it's easy for someone on a hacked shell to
read your private certificates or use ltrace/gdb to see the data after it's
been unencrypted.

> Thanks for your time
> regards,
> Merlin at IRCnet
> ps: dont make fun of my english, im from europe, heh

Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes

More information about the Eggheads mailing list