[Fwd: Re: Ubuntu irssi 0.8.12-4ubuntu2]

[M. Spruell]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aaron Toponce wrote:
> On Sun, Oct 12, 2008 at 11:44:18PM +1100, Sarah Hobbs wrote:
>> Could you guys give some input on this please?
> 
> You bet! Here are my explanations on each:
> 
>>  -) Is this a freenode only specific issue? If not, why does the page
>> only list freenode? I can understand that it's the most important for
>> Ubuntu because irc.ubntu.com points there, but would changing the
>> default port for OFTC to 7000 (as documented on their page as
>> alternative) work here, too? I tried to update the page with respect
>> to that, but I'm not too sure what port(range) the buggy routers are
>> checking.
> 
> No. This is not a software bug, but a hardware problem. It only exists
> with buggy routers on port 6667. Changing to another port fixes the
> exploit. The page should list more than just Freenode, as it affects
> routers connected to the IRC protocol, so any IRC server is vulnerable.
Actually, it affects all "common irc ports".  If the port range has been
set aside for "irc", the router is watching those ports for the exploit
string.

Freenode offers 8000, 8001 and 8002 as alternatives, as they are not
"common irc ports".  I am not sure that port 7000 is outside of this
"common irc port" range that the router monitors.

This exploit resets the router, so I'm sure it affects other apps
besides irc clients (it's just harder to notice when your web browser
sits and spins for other reasons, too).

M. Spruell



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFI8glCyz6+0fDuDXwRAo4XAKCQKXMcDPrywI0xGkcU5oSQP4mcXwCghtIK
idBCFm0yoRn31l5YQfZASFE=
=yP+4
-----END PGP SIGNATURE-----