in the future will opers need to have more control?

[-wassup-]

well the thing is that it is from random hosts. these worms/bots infect anything they can so when they connect you get 800 different bots from hundreds of different subnets. you would have to practically kline the whole internet to stop them

[seiki]

well the thing is that it is from random hosts. these worms/bots infect anything they can so when they connect you get 800 different bots from hundreds of different subnets. you would have to practically kline the whole internet to stop them

some have suggested we use an on-connect mechanism to ensure it's really a human connecting to the IRC server, and not an automation. For example, while registering the new connection, the IRC server would display a random 'ascii-art' figlet generated passphrase, which the user would have to read, and type in to gain access to the server.

-seiki

[deww]

Interesting idea seiki and actually I love it. It's a slight inconvenience, but if it's implementable so that it's not easily defeated (i.e., just script to look for the figlet and return an answer, easy to defeat), then it would save a lot of headaches for everyone in the long run.

[Gozem]

some have suggested we use an on-connect mechanism to ensure it's really a human connecting to the IRC server, and not an automation. For example, while registering the new connection, the IRC server would display a random 'ascii-art' figlet generated passphrase, which the user would have to read, and type in to gain access to the server.

-seiki

And will effectly kill all those perfectly nonabusive eggdrops and other bots. Only way this can be used is to have to register at some site to get an "EFnet account" which later can be used. To get this account you must pass a turing test (interpreter a picture for example, easy for human, very hard for machine) at the site. Now you get some username+password you can use when connecting to any EFnet server.

But this wont happen since it requires EFnet to become a network where you need to register first, really register.

[-wassup-]

and seeing how efnet doesnt even have chanserv/nickserv/etc that could seem a very long time off in the future.

[seiki]

wasn't my idea.. I'm passing along what I heard. I personally think it would be a huge pain in the ass.

I just wanted to see what others thought about it.

[Auriga]

I have a perfect solution.

Perm block all IP's to efnet, and make users register their IP with all the servers they want to use.

So easy...
To bad its not really reasonable.

[deww]

I have a perfect solution.

Perm block all IP's to efnet, and make users register their IP with all the servers they want to use.

So easy...
To bad its not really reasonable.

W00t. I wanna register 169.254.1.1 plz.k.thx!

[Hardy]

I have a perfect solution.

Perm block all IP's to efnet, and make users register their IP with all the servers they want to use.

So easy...
To bad its not really reasonable.

Isnt that like msn chat are doing, except they want to get payd for it and claims its to "make msn chat more safe for its users".

It would "work", but the usercount would drop like a rock and there would be other networks taking over the users.. and who would get all the money? Jafo?

[Auriga]

I have a perfect solution.

Perm block all IP's to efnet, and make users register their IP with all the servers they want to use.

So easy...
To bad its not really reasonable.

Isnt that like msn chat are doing, except they want to get payd for it and claims its to "make msn chat more safe for its users".

It would "work", but the usercount would drop like a rock and there would be other networks taking over the users.. and who would get all the money? Jafo?

ahaha..
Oh um.. yea.. that's why its not really reasonable.
If there was an easier way, or some magical soloution, it would be nice for someone to come up with something, but i dont think there is.. or perhaps were just thinking along the wrong lines here.

Perhaps we need to start thinking in a different mindset. I just don't know what that is just yet.

[leeh]

Perhaps we need to start thinking in a different mindset. I just don't know what that is just yet.

Theres nothing saying you have to require registration - you could just make it optional to get something.. (ie, a user spoof).

[-wassup-]

this is an idea that could be interesting, and i think might just work. have that ascii picture authentication but make it not required. if the client does not give the passphrase then it gets a special flag marked on it as a possible bot. the server then traces over the network to find similiar clients with the possible bots and compares them to each other. so if it finds similiar nicks (such as a lot of clients with the nick blah<random number here>) or similiar things between the clients it gives an operator a notice so they can check up on it.
what do you guys think about this?

[munky]

i think you can provide the quad p4 xeon to go through all those steps for a million connections a day. (100000 + global connections, you have to keep nick, ident, host, gecos in tables and check all 4 tables on every connection attempt)

we already have SERVICES that can inform about too many connections from one host, and TCM/OPM/DDD/etc to check for gecos/ident/nick patterns. it just takes a little more effort on the opers part.

[Auriga]

Perhaps we need to start thinking in a different mindset. I just don't know what that is just yet.

Theres nothing saying you have to require registration - you could just make it optional to get something.. (ie, a user spoof).

You are right, but this still does not solve the problem of drones, and proxies, and spambots.

It just means we'll have less conections to look at ... but that being said, many of the problematic hosts on irc, are trojaned with more then one connection ... (One they dont know of..) and their own connection to irc, which means both will become spoofed if they choose to "register"? How do you manage spoofing people with dynamic ips's and idents? If they change their ident, we end up with an administrative nightmare of constantly responding to e-mails with spoof changes. I think we'd need to provide spoofed only servers where everyone registered.. might have access to a special IP and perhaps an Iline password..
But this also does not stop drone runners from just adding that iline, and server info to their drones...

When you really think about it.. problems.. problems...

There are to many things that can go wrong, and provide complancency about these spoofed hosts....

We still need to think up something else..

No matter what we do will appears "services" like.. and i dont know how many people would be willing to accept this on efnet. Although they really would have no choice.. eventually... because many networks are being forced to head in this direction in order to proect their "interests.

Its a matter of time until more people fuck shit up for the network, and more "services" and other things will need to be added to avoid giving control to the kiddies who would by choice bring the network into the ground.

[slushey]

Hi. I couldn't help but posting here when I logged on again today.

I hate it when Unreal is compared to hybrid, or most other generic IRCds. Unreal was made to be abused, plain and simple. Anyone that adds features that makes IRCops invincible is obviously in for a hard time. Almost every mid-sized network that has ran Unreal has had internal power struggles, or is just a network that havens tool abuse.

I know the Unreal project was started for the good of IRC. I was in the channel when Stskeeps first announced he was going to start an IRCd. I was there and saw Unreal grow. EFnet, as a network, has survived practically forever with hybrid, and not as many "features" as Unreal, and it will continue to grow.

</end 2 cents here>