ircd-hybrid IP/hostname cloaking README: ----------------------------------------------- $Id$ Copyright (c) 2005 by Alan 'knight-' LeVee of ChatJunkies IRC Network ----------------------------------------------- This README file is designed to cover the aspects of the IP cloaking features new to hybrid in the contrib module named ip_cloaking.c. The basis for the IP cloaking is to add some level of privacy for local users to have by cloaking, or rather masking a part of their hostname with a CRC32 polymorphism hash. This will make the necessary additions to the source code to allow IP cloaking to work as well as adding in a new user mode known as +h. Normally on most IRC daemons such as UnrealIRCd or ircu2, IP masking is assigned the user mode +x but since we use +x for external operator messages we used +h as the next logical step. Basically the IP cloaking is a proof of concept utilising a CRC32 based salt encryption method that UnrealIRCd uses but with some changes and bit stuffing and bit shifting. However, before you compile the contrib module, it is *strongly* recommended that you modify the ip_cloaking.c module and edit the following: #define KEY #define KEY2 #define KEY3 With different numbers than are present in the provided module. This insures that no one can really decipher the secret keys because they'll go on the basis that they are stock and not modified. To get proper or good entropy on random numbers rather than trying to guess them it is a good idea to use an entropy variable or device to grab them. If you have BASH available you can use the randomization variable called ${RANDOM} to get your bits. You need at least 3 secret keys in order for this to work, there is no preset requirement as to how many numbers per key is required but it should have at least 4 to 6 numbers on each block. If you want to do it easily and you have bash you can do the following command in a BASH shell: $ echo -e "#define KEY ${RANDOM}\n#define KEY2 ${RANDOM}\n#define KEY3 ${RANDOM}" You'll get an output similar to this: #define KEY 935 #define KEY2 23539 #define KEY3 22522 Once you run that command you can copy and paste the output into ip_cloaking.c and compile the module. However all servers *must* use the same secret keys in order for this to work properly or you'll run into problems especially for channel bans. Since you will also need the module m_change.so to go with IP cloaking it is best just to cd into the contrib. directory and build all the modules like so: cd contrib; make install Then you'll need to edit etc/ircd.conf and add the following lines to the modules {} block so you can load the module: module = "m_change.so"; module = "ip_cloaking.so"; Please note that *all* servers *must* have these modules loaded or IP cloaking will *not* work. Once this is done you can activate the IP cloaking by passing the following user mode: /MODE nickname +h You should then recieve a message: --- ec6f50f-8f92678.ypwest01.mi.comcast.net :is your visible host This means that anyone who runs WHOIS on you will receive that as the host response. However, if hide_spoof_ips is set to no yourself and IRC operators can get your true IP from WHOIS but no one else. Once user mode +h is set however, it cannot be unset (ala ircu2). Also as of right now, IP cloaking does not support IPv6 users due to the rare use of IPv6 and the difficulty in coding support for it. So if an IPv6 user tries to set +h they will get the following message: --- *** Sorry, IP cloaking does not support IPv6 users! If you have any questions please direct them to knight- on irc.chatjunkies.org in #cservice as this is not officially supported by the ircd-hybrid team. Thank you, and enjoy!