[Fwd: Re: Ubuntu irssi 0.8.12-4ubuntu2]

Aaron Toponce atoponce at ubuntu.com
Sun Oct 12 13:16:27 UTC 2008 

On Sun, Oct 12, 2008 at 11:44:18PM +1100, Sarah Hobbs wrote:
> Could you guys give some input on this please?

You bet! Here are my explanations on each:

>  -) Is this a freenode only specific issue? If not, why does the page
> only list freenode? I can understand that it's the most important for
> Ubuntu because irc.ubntu.com points there, but would changing the
> default port for OFTC to 7000 (as documented on their page as
> alternative) work here, too? I tried to update the page with respect
> to that, but I'm not too sure what port(range) the buggy routers are
> checking.

No. This is not a software bug, but a hardware problem. It only exists
with buggy routers on port 6667. Changing to another port fixes the
exploit. The page should list more than just Freenode, as it affects
routers connected to the IRC protocol, so any IRC server is vulnerable.

We could patch the IRC clients that we ship, so by default, each client
connects to Freenode on port 8001 and OFTC on 7000, I guess.

>  -) Isn't switching it per default for all users propably causing more
> troubles for firewall admins and similar than it solves? How common are
> these buggy routers?

Not really. If you want your users to connect to your service, and you
want to avoid the exploit, you'll make it available. If not, you won't.
Not a big deal really.

>  -) Why would changing the client be a fix when it's related to the port
> one connects to? It's not really clear here wether Colloquy is affected
> in itself even without a buggy router, but I guess that's what is meant
> here?

Any IRC software client is affected, as mentioned above, it's not a
software issue, but a hardware one. The router they are behind as a
client is causing the problem.

Hope that helps

-- 
 ,-O  Aaron Toponce
O   } Ubuntu Member
 `-O  http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 489 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-irc/attachments/20081012/982469f6/attachment.pgp>

More information about the Ubuntu-irc mailing list