Eggheads: Feature requests

Andri Óskarsson andri at scrolls.org
Sat Sep 14 18:35:01 CST 2002


Thank you all for a good response.

There are infinite ways of being paranoid of regards of security.

And of the regards of commercial shells being more secure, well... not in my
experience. I simply want to minimize the damage to my botnet if one shell
goes down.
>
> In 1.7/8, there will be no userfile transfer. User data will transfered
over
> the botnet to bots that request it. It might be a neat feature to make
user
> authentication work over the botnet, so that you can have a trusted bot
with
> all user passwords, and then untrusted bots can say "is this user/pass
valid?".
> Or taking it a step further, allow users to authenticate with your trusted
bot,
> and then the other bots don't even request a password, they just check
with the
> trusted bot to see if the user is authenticated.
>
> (Of course, any notion of a 'trusted' bot will only increase the amount of
> damage a person can do by compromising that bot.)

Excelent, i like this. But i still think that other botnet affers like
opping, unbaning, inviting bots should be shipped with eggdrop maybe as a
seperate module.

There's always a risk but some shells are more trustworthy than others. I
think that "is this password valid" is a good way to go. Possibly through
encrypted channels.

And for the possibility of simply reading the passwords through a debugger
is always an option too. But the thing is. Most of the kids who root these
machines dont even know what a debugger is. They simply use some tools given
to them and the fact of the matter is that there are alot of tools to
decrypt the current userfile available to those sort of people.

Ofcourse this is just me talking. And there's limited time that can be spent
on making changes in eggdrop.

>
> >
> > 2. SSL encrypted sockets.
> > --
> > So all botnet connections go through SSL and therefore harder to sniff.
I do
> > realize the cpu effect in this but I still find this a good feature.
>
> I already coded an ssl filter for 1.7 that allows you to add ssl to any
> connection. It's very easy. You'll be able to specify it in the config
file, or
> do it manually with a script or module (something like ssl_on $idx, which
will
> have to be run on both sides of the connection, presumably after some sort
of
> protocol negotiation).
>
> >
> > Bottomline is that I want to be able to put bots on shells i dont trust
100%
> > (which makes all shells except the ones i admin myself). I've been
>
> Unfortunately there's no such thing as 100% security on an untrusted
system.
> Even with SSL on your connections, it's easy for someone on a hacked shell
to
> read your private certificates or use ltrace/gdb to see the data after
it's
> been unencrypted.

Excelent!

Best regards,
Andri
aka Merlin at IRCnet




More information about the Eggheads mailing list