in the future will opers need to have more control?

Discussion of EFnet's IRCDs (hybrid, ratbox, csircd)

Moderators: Website/Forum Admins, Software/IRCD Moderators

User avatar
munky
Site Admin
Posts: 826
Joined: Wed Jul 02, 2003 4:54 pm
Location: Phoenix AZ
Contact:

Postby munky » Fri Oct 10, 2003 1:34 pm

users machines generally don't get hacked because they IRC. probably >95% of the hacked machines on EFnet are on computers that were never on IRC before the drones were installed.

they get hacked by mass scanning tools, and often the same machine will be hacked 2-5 times by different groups. most of the time the drones are used for xdcc bots, but thats not always the case. anyone with a little bit of time and a scanner can get 100 drones by picking a couple of random cable/dsl netblocks. 100*1.5Mbit will take out most any user on EFnet (or server, for that matter). add to this the fact that many of them do spoofed syn/icmp attacks, and it can be quite difficult to block them without upstream cooperation.
In God we trust,
Everyone else must have an X.509 certificate.
-wassup-
Posts: 103
Joined: Wed Aug 13, 2003 8:25 pm
Location: Middle East

Postby -wassup- » Fri Oct 10, 2003 2:22 pm

yes that is true. but the thing is we can never totally abolish everything but we can help prevent things. for example bopm will help reduce proxy floods but sometimes it wont totally stop them. it also helps the user's mentality. some users just feel more secure if they have a spoofed adress. yes i know thats a false sense of security.....but these people who have a false sense of security barely bother patching their boxes anyways. also it reduces the amount of blame an oper gets if a user gets packeted. for example someone was blaming me because they got a lot of hits on port 139 and 445. it took me 20 minutes to explain to that person that it was an automatic scanning tool or a worm trying to go around. i do think spoofing is a good idea. it wont eliminate the problem but it can help.
User avatar
munky
Site Admin
Posts: 826
Joined: Wed Jul 02, 2003 4:54 pm
Location: Phoenix AZ
Contact:

Postby munky » Fri Oct 10, 2003 3:45 pm

since when was an oper to blame if a user got packeted?
In God we trust,
Everyone else must have an X.509 certificate.
-wassup-
Posts: 103
Joined: Wed Aug 13, 2003 8:25 pm
Location: Middle East

Postby -wassup- » Fri Oct 10, 2003 5:13 pm

i dont think its an oper is to blame....but the sad truth is that people have blamed me on my server for them being packeted. (not an efnet server)
prefect
Posts: 76
Joined: Mon Jul 14, 2003 6:25 pm
Location: Oslo

Postby prefect » Fri Oct 10, 2003 6:11 pm

munky wrote:since when was an oper to blame if a user got packeted?
never, unless it was the oper doing the packeting of course.

on the subject; userspoofing is the stupidest thing any network ever invented and would add to the "reasons-to-quit-being-on-EFnet-if-I-had-the-willpower-to-do-so"-list. people will always be dos'ed anyways, the only thing userspoofing will accomplish is making it harder to deal with abusive clients.
-wassup-
Posts: 103
Joined: Wed Aug 13, 2003 8:25 pm
Location: Middle East

Postby -wassup- » Fri Oct 10, 2003 6:54 pm

why would you say that people would quit efnet if they had user spoofing?
User avatar
Auriga
Posts: 78
Joined: Fri Jul 04, 2003 1:29 am
Location: Canada

Postby Auriga » Fri Oct 10, 2003 8:32 pm

prefect wrote:
munky wrote:since when was an oper to blame if a user got packeted?
never, unless it was the oper doing the packeting of course.

on the subject; userspoofing is the stupidest thing any network ever invented and would add to the "reasons-to-quit-being-on-EFnet-if-I-had-the-willpower-to-do-so"-list. people will always be dos'ed anyways, the only thing userspoofing will accomplish is making it harder to deal with abusive clients.
User spoofing certianly does make it a bit easier to hyjack other peoples accounts on bots and to masqurade as other users..

But i think most users would be happy if they could get spoofed, since .. i dont even know how many times I've been asked if joe user could get a spoof.
Efnet Operator..
RIP *.qeast.net I'll miss you! :(
Auriga is qurves slave! (is a Forum moderator)
wundr
Posts: 140
Joined: Sun Jul 06, 2003 11:34 pm
Location: Japan

Postby wundr » Sat Oct 11, 2003 3:04 pm

Auriga wrote:But i think most users would be happy if they could get spoofed, since .. i dont even know how many times I've been asked if joe user could get a spoof.
I think a lot of normal users on EFNet want a spoof as a status symbol. It shows that they "know people" and have "connections" ("hey, look at me, i'm special, i know an admin"). I think if everybody had a spoof (tho, it's starting to look like that some places on EFNet), then they wouldn't be nearly as special to people.
-wassup- wrote:why would you say that people would quit efnet if they had user spoofing?
because the hosts some people choose on other networks are EXTREMELY annoying. Yes, I know that people still create incredibly annoying real, valid hosts, but they would be so much more prevalent if all users could choose their own.

one problem i have with user spoofing is that it redirects DoS to the IRC server rather than the user. Usually, a user that gets attacked isn't completely innocent themselves. In my experience, the user who gets DoS'd would have been fine if they had been reasonable, and not pissed people off. Why should the IRC server get hit instead of the user who went around pissing people off in the first place? If they dish it out, maybe they should be prepared to take the consequences instead of pushing it onto the IRC server (tho, i know this doesn't help if the user is using open proxies or another host that they have no relation to).
User avatar
lucy
Posts: 234
Joined: Wed Jul 02, 2003 6:22 pm
Location: graceland
Contact:

Postby lucy » Sat Oct 11, 2003 4:05 pm

personally i wish there was a policy that only opers had spoofs.
people usually want them to look cool and show they have oper friends...
or to avoid packets, which to me seems like the stupidest reason ever to give a spoof.
i never had a spoof before i got an o:line, i always used bnc's. i know shell accounts normally cost money, but if irc is that important to a person, they can fork out a little extra money.
i've seen people say 'i'll never use a bnc!!' but not hesitate to beg for spoofs.
seiki

Postby seiki » Sat Oct 11, 2003 8:02 pm

lucy wrote:personally i wish there was a policy that only opers had spoofs...
If there was such a policy, would everyone comply?

-douglas
-wassup-
Posts: 103
Joined: Wed Aug 13, 2003 8:25 pm
Location: Middle East

Postby -wassup- » Sat Oct 11, 2003 8:43 pm

wundr wrote: because the hosts some people choose on other networks are EXTREMELY annoying. Yes, I know that people still create incredibly annoying real, valid hosts, but they would be so much more prevalent if all users could choose their own.

one problem i have with user spoofing is that it redirects DoS to the IRC server rather than the user. Usually, a user that gets attacked isn't completely innocent themselves. In my experience, the user who gets DoS'd would have been fine if they had been reasonable, and not pissed people off. Why should the IRC server get hit instead of the user who went around pissing people off in the first place? If they dish it out, maybe they should be prepared to take the consequences instead of pushing it onto the IRC server (tho, i know this doesn't help if the user is using open proxies or another host that they have no relation to).
yes i can see your point here, and it is making me rethink if spoofing is actually a good idea.
User avatar
Auriga
Posts: 78
Joined: Fri Jul 04, 2003 1:29 am
Location: Canada

Postby Auriga » Sun Oct 12, 2003 2:06 pm

seiki wrote:
lucy wrote:personally i wish there was a policy that only opers had spoofs...
If there was such a policy, would everyone comply?

-douglas
Does everyone comply now?

I think you have your anwser already :)
Efnet Operator..
RIP *.qeast.net I'll miss you! :(
Auriga is qurves slave! (is a Forum moderator)
Ashen
Posts: 1
Joined: Fri Nov 28, 2003 6:38 pm

Postby Ashen » Fri Nov 28, 2003 6:45 pm

I run a free shells provider, and I provide users shell accounts which they can use to run bncs
on for large networks that don't allow spoofed hosts/vhosts.

I quite like it that efnet for example doesn't allow spoofed hosts, despite some form of:
x!y@ip1.ip2.ip3.ip4
becoming
x!y@ip1.ip2.ip3.cloak
being a good idea, becuase having to use bncs makes users aware of OSes other then windows,
helps them learn tech knowledge, and generally makes them more aware of IRC, and a more
enlightened user.

I've been DOSed due to running a free shells provider, yes, but I control my own firewalls
and since I'm colocated it's bloody hard to DOS me offline.
Currently I have about 90-100 users (depending if you count the semiidle ones), and I don't
really have problems on irc.... and neither do my users, incoming attacks are dealt with and
all in all using a bnc on a well maintained server somewhere is a very good way to irc.

I don't even have to ask the efnet server admins for I:Lines or anything, (given the absolute
apathy I have encountered from the admins of many irc servers, I don't even bother asking
anymore)...... I simply add a half-dozen more IPs or so to my Box (each with distinct hosts
and matching rdns so they can get on irc) and my users are fine.

Yeah, I've taken down a few abusive users (one within 2 minitues of the abuse occuring...
ah, thank you perl scripts)..... but all in all, I'd reccomend that user knowledge (be it via bnc
etc) is a better method of combating abuse (you should see the number of users that can't
even use the banmode properly on channels... *shudder*) then ircd features.

However that said, I grew up as a user on unreal ircd networks, and I can testify they are
a LOT better at dealing with most any kind of problem you can imagine then efnet/undernet/
the large networks are.

User knowledge, and sensibly planned ircd features are the way to go, imho.

-Ashen
-wassup-
Posts: 103
Joined: Wed Aug 13, 2003 8:25 pm
Location: Middle East

Postby -wassup- » Mon Dec 01, 2003 5:14 am

well jeremy has created a spoofing patch for ratbox, which he implements in his own ircd (freeworld ircd). its available at http://ircd.botbay.net/pub/ratbox/3-Feature/jeremy/. thanks a bunch jeremy :D

this implements user spoofing in the forum of blah@<netname>-<number>.isp.com or for non resolving users, 4.4.5.3452 or similiar.
duke
Posts: 4
Joined: Sun Aug 10, 2003 3:09 pm
Location: NO

Re: in the future will opers need to have more control?

Postby duke » Mon May 10, 2004 10:36 am

lucy wrote:maybe its how you approach opers or something.... cause i've never ever had a problem finding a prison oper.
or maybe its because your nick is lucy ? and theres one squadrillion horny opers out there with no life :P

no harm meant, just a thought. we see it all the time when someone with a female nick joins, so why not?
As nightfall does not come at once, neither does oppression. It is in such twilight that we all must be aware of change in the air - however slight - lest we become victims of the darkness.

Who is online

Users browsing this forum: No registered users and 4 guests