blob: a89aa1549d89177503bc6c53eb642a5a05f8dbf0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
ircd-hybrid IP/hostname cloaking README:
-----------------------------------------------
$Id$
Copyright (c) 2005 by Alan 'knight-' LeVee of ChatJunkies IRC Network
-----------------------------------------------
This README file is designed to cover the aspects of the IP cloaking features
new to hybrid in the contrib module named ip_cloaking.c. The basis for the IP
cloaking is to add some level of privacy for local users to have by cloaking, or
rather masking a part of their hostname with a CRC32 polymorphism hash.
This will make the necessary additions to the source code to allow IP cloaking
to work as well as adding in a new user mode known as +h. Normally on most IRC
daemons such as UnrealIRCd or ircu2, IP masking is assigned the user mode +x but
since we use +x for external operator messages we used +h as the next logical
step.
Basically the IP cloaking is a proof of concept utilising a CRC32 based salt
encryption method that UnrealIRCd uses but with some changes and bit stuffing
and bit shifting. However, before you compile the contrib module, it is
*strongly* recommended that you modify the
ip_cloaking.c module and edit the following:
#define KEY
#define KEY2
#define KEY3
With different numbers than are present in the provided module. This insures
that no one can really decipher the secret keys because they'll go on the basis
that they are stock and not modified. To get proper or good entropy on random
numbers rather than trying to guess them it is a good idea to use an entropy
variable or device to grab them. If you have BASH available you can use the
randomization variable called ${RANDOM} to get your bits. You need at least 3
secret keys in order for this to work, there is no preset requirement as to how
many numbers per key is required but it should have at least 4 to 6 numbers on
each block. If you want to do it easily and you have bash you can do the
following command in a BASH shell:
$ echo -e "#define KEY ${RANDOM}\n#define KEY2 ${RANDOM}\n#define KEY3
${RANDOM}"
You'll get an output similar to this:
#define KEY 935
#define KEY2 23539
#define KEY3 22522
Once you run that command you can copy and paste the output into ip_cloaking.c
and compile the module. However all servers *must* use the same secret keys in
order for this to work properly or you'll run into problems especially for
channel bans.
Since you will also need the module m_change.so to go with IP cloaking it is
best just to cd into the contrib. directory and build all the modules like so:
cd contrib; make install
Then you'll need to edit etc/ircd.conf and add the following lines to the
modules {} block so you can load the module:
module = "m_change.so";
module = "ip_cloaking.so";
Please note that *all* servers *must* have these modules loaded or IP cloaking
will *not* work. Once this is done you can activate the IP cloaking by passing
the following user mode:
/MODE nickname +h
You should then recieve a message:
--- ec6f50f-8f92678.ypwest01.mi.comcast.net :is your visible host
This means that anyone who runs WHOIS on you will receive that as the host
response. However, if hide_spoof_ips is set to no yourself and IRC operators can
get your true IP from WHOIS but no one else. Once user mode +h is set however,
it cannot be unset (ala ircu2). Also as of right now, IP cloaking does not
support IPv6 users due to the rare use of IPv6 and the difficulty in coding
support for it. So if an IPv6 user tries to set +h they will get the following
message:
--- *** Sorry, IP cloaking does not support IPv6 users!
If you have any questions please direct them to knight- on irc.chatjunkies.org
in #cservice as this is not officially supported by the ircd-hybrid team. Thank
you, and enjoy!
|
