Proxy blocking
Moderators: Website/Forum Admins, EFnet/General Moderators
Proxy blocking
Just curious, is there some reason why most of the servers are proactive about keeping proxies out but irc.nac.net could care less? The only reason why I ask is because it seems that spammers have chosen irc.nac.net as the server of choice for that reason.
Re: Proxy blocking
EFnet has a voted in requirement that all client servers should run a proxyscanner. Unfortunately isn’t every sever administrator as careful on keeping their proxyscanner up-to-date...evil wrote:Just curious, is there some reason why most of the servers are proactive about keeping proxies out but irc.nac.net could care less? The only reason why I ask is because it seems that spammers have chosen irc.nac.net as the server of choice for that reason.
I see, but I don't think irc.nac.net is doing any scanning because ports 8080 and 3128 have been popular proxy ports for a long time and the spammers are constantly using those. To make matters worse, doing a "stats p spammer_nick" just gets you banned from irc.nac.net. It's a bit irritating but it's not exactly my favorite server. I do however appreciate the excellent effort the other servers make in keeping out spammers.
There is no way for the EFnet way servers to "firewall" the ports used on the client end. Remember that the proxy ports has nothing to do with the IRC server, its what port the client machine is listening on for remote connections.
The most common way to prevent proxy/socks[4|5]/tor attacks on EFnet is implementing a BOPM (http://sourceforge.net/projects/bopm) client that basically got two features. It can do live scanning of connecting host, or query RBL lists (network blacklists) for every connecting IP to see if anyone else have blacklisted either the IP or the network its connecting from, and k/d-line any positives.
Unfortuately these lists requires alot of maintenance and attention, and the BOPMs needs to be updated with the most updated and recent RBL lists to be effective. Infact, many countries are forced to only use the RBL query method as live portscanning/querying is against the law in many counties (atleast in EU)
However, there are being implemented more effective list distributions as we speak to not only depend on RBL lists.
Hope this cleared things up a bit.
The most common way to prevent proxy/socks[4|5]/tor attacks on EFnet is implementing a BOPM (http://sourceforge.net/projects/bopm) client that basically got two features. It can do live scanning of connecting host, or query RBL lists (network blacklists) for every connecting IP to see if anyone else have blacklisted either the IP or the network its connecting from, and k/d-line any positives.
Unfortuately these lists requires alot of maintenance and attention, and the BOPMs needs to be updated with the most updated and recent RBL lists to be effective. Infact, many countries are forced to only use the RBL query method as live portscanning/querying is against the law in many counties (atleast in EU)
However, there are being implemented more effective list distributions as we speak to not only depend on RBL lists.
Hope this cleared things up a bit.
oper, efnet.demon.co.uk, efnet.port80.se & irc.efnet.nl
Who is online
Users browsing this forum: No registered users and 5 guests