in the future will opers need to have more control?

Discussion of EFnet's IRCDs (hybrid, ratbox, csircd)

Moderators: Website/Forum Admins, Software/IRCD Moderators

-wassup-
Posts: 103
Joined: Wed Aug 13, 2003 8:25 pm
Location: Middle East

Postby -wassup- » Wed Sep 24, 2003 11:49 am

well the thing is that it is from random hosts. these worms/bots infect anything they can so when they connect you get 800 different bots from hundreds of different subnets. you would have to practically kline the whole internet to stop them :shock:
seiki

Postby seiki » Wed Sep 24, 2003 2:29 pm

-wassup- wrote:well the thing is that it is from random hosts. these worms/bots infect anything they can so when they connect you get 800 different bots from hundreds of different subnets. you would have to practically kline the whole internet to stop them :shock:


some have suggested we use an on-connect mechanism to ensure it's really a human connecting to the IRC server, and not an automation. For example, while registering the new connection, the IRC server would display a random 'ascii-art' figlet generated passphrase, which the user would have to read, and type in to gain access to the server.

-seiki
User avatar
deww
Posts: 125
Joined: Fri Jul 18, 2003 7:17 pm

Postby deww » Wed Sep 24, 2003 6:25 pm

Interesting idea seiki and actually I love it. It's a slight inconvenience, but if it's implementable so that it's not easily defeated (i.e., just script to look for the figlet and return an answer, easy to defeat), then it would save a lot of headaches for everyone in the long run.
User avatar
Gozem
Posts: 22
Joined: Mon Jul 14, 2003 6:42 pm

Postby Gozem » Thu Sep 25, 2003 2:54 am

seiki wrote:
some have suggested we use an on-connect mechanism to ensure it's really a human connecting to the IRC server, and not an automation. For example, while registering the new connection, the IRC server would display a random 'ascii-art' figlet generated passphrase, which the user would have to read, and type in to gain access to the server.

-seiki


And will effectly kill all those perfectly nonabusive eggdrops and other bots. Only way this can be used is to have to register at some site to get an "EFnet account" which later can be used. To get this account you must pass a turing test (interpreter a picture for example, easy for human, very hard for machine) at the site. Now you get some username+password you can use when connecting to any EFnet server.

But this wont happen since it requires EFnet to become a network where you need to register first, really register.
oper, irc.csbnet.se
-wassup-
Posts: 103
Joined: Wed Aug 13, 2003 8:25 pm
Location: Middle East

Postby -wassup- » Sun Sep 28, 2003 7:17 pm

and seeing how efnet doesnt even have chanserv/nickserv/etc that could seem a very long time off in the future.
seiki

Postby seiki » Wed Oct 01, 2003 4:06 pm

wasn't my idea.. I'm passing along what I heard. I personally think it would be a huge pain in the ass.

I just wanted to see what others thought about it.
User avatar
Auriga
Posts: 78
Joined: Fri Jul 04, 2003 1:29 am
Location: Canada

Postby Auriga » Thu Oct 02, 2003 3:04 am

I have a perfect solution.

Perm block all IP's to efnet, and make users register their IP with all the servers they want to use. :)

So easy...
To bad its not really reasonable.
Efnet Operator..
RIP *.qeast.net I'll miss you! :(
Auriga is qurves slave! (is a Forum moderator)
User avatar
deww
Posts: 125
Joined: Fri Jul 18, 2003 7:17 pm

Postby deww » Thu Oct 02, 2003 4:39 am

Auriga wrote:I have a perfect solution.

Perm block all IP's to efnet, and make users register their IP with all the servers they want to use. :)

So easy...
To bad its not really reasonable.

W00t. I wanna register 169.254.1.1 plz.k.thx!
Hardy
Site Admin
Posts: 394
Joined: Wed Jul 02, 2003 4:54 pm
Location: Oslo, Norway
Contact:

Postby Hardy » Thu Oct 02, 2003 1:54 pm

Auriga wrote:I have a perfect solution.

Perm block all IP's to efnet, and make users register their IP with all the servers they want to use. :)

So easy...
To bad its not really reasonable.


Isnt that like msn chat are doing, except they want to get payd for it and claims its to "make msn chat more safe for its users".

It would "work", but the usercount would drop like a rock and there would be other networks taking over the users.. and who would get all the money? Jafo? :D
-- Hardy
Administrator: irc.underworld.no
Services Administrator
http://www.efnet.org admin/staff
User avatar
Auriga
Posts: 78
Joined: Fri Jul 04, 2003 1:29 am
Location: Canada

Postby Auriga » Thu Oct 02, 2003 8:42 pm

Hardy wrote:
Auriga wrote:I have a perfect solution.

Perm block all IP's to efnet, and make users register their IP with all the servers they want to use. :)

So easy...
To bad its not really reasonable.


Isnt that like msn chat are doing, except they want to get payd for it and claims its to "make msn chat more safe for its users".

It would "work", but the usercount would drop like a rock and there would be other networks taking over the users.. and who would get all the money? Jafo? :D


ahaha..
Oh um.. yea.. that's why its not really reasonable.
If there was an easier way, or some magical soloution, it would be nice for someone to come up with something, but i dont think there is.. or perhaps were just thinking along the wrong lines here.

Perhaps we need to start thinking in a different mindset. I just don't know what that is just yet.
Efnet Operator..

RIP *.qeast.net I'll miss you! :(

Auriga is qurves slave! (is a Forum moderator)
leeh
ircd-ratbox coder
Posts: 48
Joined: Wed Jul 02, 2003 5:43 pm
Location: UK

Postby leeh » Fri Oct 03, 2003 11:38 pm

Auriga wrote:Perhaps we need to start thinking in a different mindset. I just don't know what that is just yet.


Theres nothing saying you have to require registration - you could just make it optional to get something.. (ie, a user spoof).
-wassup-
Posts: 103
Joined: Wed Aug 13, 2003 8:25 pm
Location: Middle East

Postby -wassup- » Sun Oct 05, 2003 7:07 pm

this is an idea that could be interesting, and i think might just work. have that ascii picture authentication but make it not required. if the client does not give the passphrase then it gets a special flag marked on it as a possible bot. the server then traces over the network to find similiar clients with the possible bots and compares them to each other. so if it finds similiar nicks (such as a lot of clients with the nick blah<random number here>) or similiar things between the clients it gives an operator a notice so they can check up on it.
what do you guys think about this?
User avatar
munky
Site Admin
Posts: 826
Joined: Wed Jul 02, 2003 4:54 pm
Location: Phoenix AZ
Contact:

Postby munky » Sun Oct 05, 2003 8:27 pm

i think you can provide the quad p4 xeon to go through all those steps for a million connections a day. (100000 + global connections, you have to keep nick, ident, host, gecos in tables and check all 4 tables on every connection attempt)

we already have SERVICES that can inform about too many connections from one host, and TCM/OPM/DDD/etc to check for gecos/ident/nick patterns. it just takes a little more effort on the opers part.
In God we trust,
Everyone else must have an X.509 certificate.
User avatar
Auriga
Posts: 78
Joined: Fri Jul 04, 2003 1:29 am
Location: Canada

Postby Auriga » Sun Oct 05, 2003 8:43 pm

leeh wrote:
Auriga wrote:Perhaps we need to start thinking in a different mindset. I just don't know what that is just yet.


Theres nothing saying you have to require registration - you could just make it optional to get something.. (ie, a user spoof).


You are right, but this still does not solve the problem of drones, and proxies, and spambots.

It just means we'll have less conections to look at ... but that being said, many of the problematic hosts on irc, are trojaned with more then one connection ... (One they dont know of..) and their own connection to irc, which means both will become spoofed if they choose to "register"? How do you manage spoofing people with dynamic ips's and idents? If they change their ident, we end up with an administrative nightmare of constantly responding to e-mails with spoof changes. I think we'd need to provide spoofed only servers where everyone registered.. might have access to a special IP and perhaps an Iline password..
But this also does not stop drone runners from just adding that iline, and server info to their drones...

When you really think about it.. problems.. problems...

There are to many things that can go wrong, and provide complancency about these spoofed hosts....

We still need to think up something else..

No matter what we do will appears "services" like.. and i dont know how many people would be willing to accept this on efnet. Although they really would have no choice.. eventually... because many networks are being forced to head in this direction in order to proect their "interests.

Its a matter of time until more people fuck shit up for the network, and more "services" and other things will need to be added to avoid giving control to the kiddies who would by choice bring the network into the ground.
Efnet Operator..

RIP *.qeast.net I'll miss you! :(

Auriga is qurves slave! (is a Forum moderator)
User avatar
slushey
Posts: 43
Joined: Sat Aug 09, 2003 4:11 pm
Location: Newfoundland, Canada
Contact:

Postby slushey » Mon Oct 06, 2003 12:11 pm

Hi. I couldn't help but posting here when I logged on again today.

I hate it when Unreal is compared to hybrid, or most other generic IRCds. Unreal was made to be abused, plain and simple. Anyone that adds features that makes IRCops invincible is obviously in for a hard time. Almost every mid-sized network that has ran Unreal has had internal power struggles, or is just a network that havens tool abuse.

I know the Unreal project was started for the good of IRC. I was in the channel when Stskeeps first announced he was going to start an IRCd. I was there and saw Unreal grow. EFnet, as a network, has survived practically forever with hybrid, and not as many "features" as Unreal, and it will continue to grow. :)

</end 2 cents here>
Humor is the best sense we ALL have in common.

slushey ....just me
nothing more.....nothing less

"In Canada we play Duck, Duck, Moose."

Return to “IRCD”

Who is online

Users browsing this forum: No registered users and 2 guests