Hidden hubs/hidden servers/flat lists (was RE: Do we need mo

General talk about EFnet

Moderators: Website/Forum Admins, EFnet/General Moderators

-wassup-
Posts: 103
Joined: Wed Aug 13, 2003 8:25 pm
Location: Middle East

Postby -wassup- » Thu Jun 10, 2004 8:14 pm

leeh wrote: because the users cant be packeted directly, so theyll take out the server instead.
why not just hide what server a user is using then? i'm suprised efnet hasnt done this already - its already in the code after all.
Hardy
Site Admin
Posts: 394
Joined: Wed Jul 02, 2003 4:54 pm
Location: Oslo, Norway
Contact:

Postby Hardy » Thu Jun 10, 2004 9:41 pm

-wassup- wrote:
leeh wrote: because the users cant be packeted directly, so theyll take out the server instead.
why not just hide what server a user is using then? i'm suprised efnet hasnt done this already - its already in the code after all.
We just arent that desperate yet *cough* undernet.. *cough* :)

But i would like to see flattend /links and hubs hidden from the links output tho. No one needs to see how we are routing the net to find the soft spots...
-- Hardy
Administrator: irc.underworld.no
Services Administrator
http://www.efnet.org admin/staff
wundr
Posts: 140
Joined: Sun Jul 06, 2003 11:34 pm
Location: Japan

Postby wundr » Fri Jun 11, 2004 4:36 am

Hardy wrote:But i would like to see flattend /links and hubs hidden from the links output tho. No one needs to see how we are routing the net to find the soft spots...
_________________
-- Hardy
Administrator: irc.avalonworks.ca & irc.mzima.net
http://www.efnet.info admin/staff
what is your opinion of http://map.efnet.info then?
Personally, I find it very interesting, but then again, I don't packet, and I also don't run a server listed on there...
Hardy
Site Admin
Posts: 394
Joined: Wed Jul 02, 2003 4:54 pm
Location: Oslo, Norway
Contact:

Postby Hardy » Fri Jun 11, 2004 8:22 am

wundr wrote:
Hardy wrote:But i would like to see flattend /links and hubs hidden from the links output tho. No one needs to see how we are routing the net to find the soft spots...
_________________
-- Hardy
Administrator: irc.avalonworks.ca & irc.mzima.net
http://www.efnet.info admin/staff
what is your opinion of http://map.efnet.info then?
Personally, I find it very interesting, but then again, I don't packet, and I also don't run a server listed on there...
I love the map function, but if we decided to flattend links and hide the hubs it had to be removed offcourse. The reason we can have the map page now is because its just a graphical output of /links , so no "secret" information is given out.

If you look at the map im sure you can see the weak points of the network right now, and agree that the one hubbing most or bridging toward europe is the most "effective" target to hit if you want to create some chaos. With flat links they wouldnt know who hubbed the most.

But this should really be in a new thread..
-- Hardy
Administrator: irc.underworld.no
Services Administrator
http://www.efnet.org admin/staff
Hwy
Posts: 66
Joined: Wed Jul 16, 2003 12:27 pm

Postby Hwy » Fri Jun 11, 2004 12:02 pm

Some servers already have flattened links enabled (most of the ratbox and hybrid 7 ones, except demon)

With flattened links, any hybrid 7/ircd-ratbox server can set itself hidden (by setting the serverhide { hidden = yes; }; option in the conf. The only problem is that Hybrid 6 and csircd servers are a weak point, since they do not support flattened links or hiding hubs (but besides the csircd servers (prison, concentric/xo's client server, and nac), are there any client servers running Hybrid 6?).

Note that hybrid 6 hubs can hide themselves too, the hidden option is a kludgy hack, they would just need to put '(H) ' in front of their server comment field in the M: line (without the ' of course)

PS. yes, can you split this thread?
leeh
ircd-ratbox coder
Posts: 48
Joined: Wed Jul 02, 2003 5:43 pm
Location: UK

Postby leeh » Fri Jun 11, 2004 12:58 pm

-wassup- wrote:why not just hide what server a user is using then? i'm suprised efnet hasnt done this already - its already in the code after all.
One of the main reasons undernet can do serverhiding and efnet cant is organisation. To do serverhiding, you have to resort to channels for finding opers as you have to disable stats p. Undernet has the ability to say "#channel is our official oper channel, you will find an oper in there who will help you". On efnet youd have to rely on the goodwill of opers, which could be fun ;-).
Hwy
Posts: 66
Joined: Wed Jul 16, 2003 12:27 pm

Postby Hwy » Fri Jun 11, 2004 1:04 pm

-wassup- wrote:why not just hide what server a user is using then? i'm suprised efnet hasnt done this already - its already in the code after all.
It's not in all code...Hybrid 6's serverhide is broken, csircd has no serverhide functionality at all, and there's always ways around it and ways a smart abuser could narrow down a server the client is on.

Not to mention the politics involved in voting serverhiding in...
User avatar
munky
Site Admin
Posts: 826
Joined: Wed Jul 02, 2003 4:54 pm
Location: Phoenix AZ
Contact:

Postby munky » Fri Jun 11, 2004 2:13 pm

personally, i think hiding client server information is more of a nuisance than anything. hidden hubs are fine, because the users don't need to know that information anyways

security through obscurity usually doesn't work, because there are always ways around it (ie - jump servers, /whois, find the server that tells you the idle time, and you are on the same server as them)
In God we trust,
Everyone else must have an X.509 certificate.
Hardy
Site Admin
Posts: 394
Joined: Wed Jul 02, 2003 4:54 pm
Location: Oslo, Norway
Contact:

Postby Hardy » Fri Jun 11, 2004 2:20 pm

Hwy wrote:
-wassup- wrote:why not just hide what server a user is using then? i'm suprised efnet hasnt done this already - its already in the code after all.
It's not in all code...Hybrid 6's serverhide is broken, csircd has no serverhide functionality at all, and there's always ways around it and ways a smart abuser could narrow down a server the client is on.

Not to mention the politics involved in voting serverhiding in...
The politics around itwould be awfull :)

However im afraid that some people feel we have to go the full step to do this by hiding what servers users are on and removing links totally.. But i just want to remove the hubs from it and how we are linking this network together, i dont think its needed to hide what servers the users are on yet.
-- Hardy
Administrator: irc.underworld.no
Services Administrator
http://www.efnet.org admin/staff
Hwy
Posts: 66
Joined: Wed Jul 16, 2003 12:27 pm

Postby Hwy » Sat Jun 12, 2004 1:02 am

munky wrote:...

security through obscurity usually doesn't work, because there are always ways around it (ie - jump servers, /whois, find the server that tells you the idle time, and you are on the same server as them)
That specific issue (local WHOIS) doesn't exist in most modern serverhiding algorithms (meaning you MUST do 'WHOIS nick nick' to get the idle time, if you're on the same server or not (these servers also don't permit 'WHOIS server nick)).

There are always ways not-protocol-related to determine servers (measuring lag for one, knowing which domains are not allowed on certain servers, social engineering). Protocol methods can be fixed, these others cannot.
User avatar
munky
Site Admin
Posts: 826
Joined: Wed Jul 02, 2003 4:54 pm
Location: Phoenix AZ
Contact:

Postby munky » Sat Jun 12, 2004 4:18 pm

last i checked, /whois nick on undernet would show idle time if you were local
In God we trust,
Everyone else must have an X.509 certificate.
User avatar
HM2K
Posts: 209
Joined: Thu Jul 24, 2003 5:34 pm
Location: UK
Contact:

Postby HM2K » Mon Jun 14, 2004 11:49 pm

I would hate to see the link list flattened (although I believe some servers already do... (limelight, xs4all, etc), or the server hidden in the whois, i think it would end up being like other networks...

Stuff like this, makes EFnet no longer EFnet... however I do not like change but as I have been told in the past, sometimes it is for the better... (ie: chanfix, however being banned from the request channel doesn't help my case :p)
- HM2K - https://hm2k.org/
leeh
ircd-ratbox coder
Posts: 48
Joined: Wed Jul 02, 2003 5:43 pm
Location: UK

Postby leeh » Tue Jun 15, 2004 3:38 am

HM2K wrote:I would hate to see the link list flattened (although I believe some servers already do... (limelight, xs4all, etc), or the server hidden in the whois, i think it would end up being like other networks...
I could understand your point with full serverhiding but not with flattened links. There is a case for users wanting to be able to know what server a user is on, however I dont see a reason for users to need to know the routing structure of the network..
User avatar
HM2K
Posts: 209
Joined: Thu Jul 24, 2003 5:34 pm
Location: UK
Contact:

Postby HM2K » Tue Jun 15, 2004 5:49 pm

I (sadly) find it interesting to know the network structure... especially from a country/international point of view...

I was actually thinking, does it actually make a big difference if the link list is flattened or not?

Surly the fact that someone knows the "weak spot" of the network doesn't make a difference, when you have hidden hubs etc...
- HM2K - https://hm2k.org/
seiki

Postby seiki » Tue Jun 15, 2004 8:56 pm

I'm strongly against flattened links, and hidden servernames. I think that's by far the lamest thing undernet has done in a long time.. (update, actually I think the nicklength change was even more lame, and recent).

on ircd.servercentral.net I don't allow servers to hide themselves or the routing hierarcy behind them. I host the map.efnet.info bot, and don't plan on changing my ways anytime soon. soo, plan on enjoying the pretty map for years to come.

-douglas

Who is online

Users browsing this forum: No registered users and 4 guests