[SWLUG] irc question

Dave Cridland [Home] dave at cridland.net
Tue Dec 24 02:36:20 UTC 2002


On Mon, 23 Dec 2002 17:47:04 +0000
bascule <asura at theexcession.co.uk> wrote:

> hi dave,
> thanks for the reply, i can't find any evidence of identd on my system, i 
> assume its files go by that name? i'm looking at xchat too, ksirc does have a 
> preference page for 'realname' but it still passes my local username to the 
> irc server, without going into details while i mostly go places where i know 
> the people or trust them, i do ocasionally pop into channels where this isn't 
> true,
> i am currently behind a version of mandrakes recently released 
> multi-network-firewall but instead of a developing maturity overcoming me as 
> i age i'm simply becoming more and more paraniod - anyone have any tinfoil?

If you're really paranoid, I did see someone coming into IRC through IPv6, with a hostname which had an A record (IPv4 address) of 127.0.0.1. Of course, the IPv6 AAAA or A6 (whichever we're meant to be using these days) was valid, but the 37337 hax00rs (etc) didn't quite follow that possibility.

Now, on with some probably more useful advice...

The kiddie-crackers seem to be scanning entire ranges these days, so protecting yourself by spoofing your local user account isn't likely to gain you much anyway. Check that your firewall isn't allowing anything at all initiated from the "rest of the world" unless you explicitly want it, and keep you machines thoroughly up to date. Useful tools for this are:

 - Windows Update for those Windows machines, if you have any.
 - APT for RedHat, Debian. (APT on RedHat from http://www.freshrpms.net/ for those that haven't used it yet - very good stuff)

For Mandrake you're on your own as far as I'm concerned - rumourmilling has not inclined me to try this distro in anger yet.

For a firewall, assuming a 2.4 kernel with iptables enabled, examine the attached file, or look in Rusty's Remarkably Unreliable Guides, which has varying complexities of firewalls for you to play with.

I enclose the one I was running across a BT Openworld ADSL until recently. (Without editing, so you get to see what my private network looks like.) It's a script which creates a firewall and saves the config to a suitable place for RedHat 7.1+ to use. Anything with "PREROUTING" in is port forwarding, which you may be able to drop. It logs naughty people. This is especially fun if you're on IRC, since you can PRIVMSG people who're port scanning.

It could potentially be refactored to work with any old distribution, since after all it's actively building a firewall.

Older and simpler versions are probably about if you scout about on Google, since I used to hand it out across IRC fairly regularly.

Looking at ksirc, it does not appear to provide an option to change the username given to the IRC server, so it looks like either you change your IRC client to one that gives you this option, or else you edit ksirc's source code to have this option, or finally you stop and ask yourself whether you really ought to care - especially given that your real username is now in a public mail archive anyway, and is probably easily Googlable for a detirmined cracker.

> welcome to the group!

Ta muchly (Or Diolch yn fawr - I've got that far in my Welsh learning, although it's probably spelt all wrong.)

Dave.
--
Who has disovered that from page 3 on Google, it's no longer all about him anymore - some Paul Cridland sneaks in at link 28. With quotes around my name, link 43 is the first non-me, but I'd completely forgotten about http://chaos2.org/~jacob/quotes.html - just a shame the SLirc FAQ isn't there too.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iptables.sh
Type: application/x-sh
Size: 4676 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/swlug/attachments/20021224/4c079800/attachment.sh>


More information about the Swlug mailing list