ircd-hybrid-7.2/contrib/README.cloaking

ircd-hybrid IP/hostname cloaking README:
-----------------------------------------------
$Id$

Copyright (c) 2005 by Alan 'knight-' LeVee of ChatJunkies IRC Network
-----------------------------------------------

This README file is designed to cover the aspects of the IP cloaking features
new to hybrid in the contrib module named ip_cloaking.c. The basis for the IP
cloaking is to add some level of privacy for local users to have by cloaking, or
rather masking a part of their hostname with a CRC32 polymorphism hash.

This will make the necessary additions to the source code to allow IP cloaking
to work as well as adding in a new user mode known as +h. Normally on most IRC
daemons such as UnrealIRCd or ircu2, IP masking is assigned the user mode +x but
since we use +x for external operator messages we used +h as the next logical
step.

Basically the IP cloaking is a proof of concept utilising a CRC32 based salt
encryption method that UnrealIRCd uses but with some changes and bit stuffing
and bit shifting. However, before you compile the contrib module, it is
*strongly* recommended that you modify the
ip_cloaking.c module and edit the following:

#define KEY
#define KEY2
#define KEY3

With different numbers than are present in the provided module. This insures
that no one can really decipher the secret keys because they'll go on the basis
that they are stock and not modified. To get proper or good entropy on random
numbers rather than trying to guess them it is a good idea to use an entropy
variable or device to grab them. If you have BASH available you can use the
randomization variable called ${RANDOM} to get your bits. You need at least 3
secret keys in order for this to work, there is no preset requirement as to how
many numbers per key is required but it should have at least 4 to 6 numbers on
each block. If you want to do it easily and you have bash you can do the
following command in a BASH shell:

$ echo -e "#define KEY  ${RANDOM}\n#define KEY2 ${RANDOM}\n#define KEY3
${RANDOM}"

You'll get an output similar to this:

#define KEY  935
#define KEY2 23539
#define KEY3 22522

Once you run that command you can copy and paste the output into ip_cloaking.c
and compile the module. However all servers *must* use the same secret keys in
order for this to work properly or you'll run into problems especially for
channel bans.

Since you will also need the module m_change.so to go with IP cloaking it is
best just to cd into the contrib. directory and build all the modules like so:

cd contrib; make install

Then you'll need to edit etc/ircd.conf and add the following lines to the
modules {} block so you can load the module:

module = "m_change.so";
module = "ip_cloaking.so";

Please note that *all* servers *must* have these modules loaded or IP cloaking
will *not* work. Once this is done you can activate the IP cloaking by passing
the following user mode:

/MODE nickname +h

You should then recieve a message:

--- ec6f50f-8f92678.ypwest01.mi.comcast.net :is your visible host

This means that anyone who runs WHOIS on you will receive that as the host
response. However, if hide_spoof_ips is set to no yourself and IRC operators can
get your true IP from WHOIS but no one else. Once user mode +h is set however,
it cannot be unset (ala ircu2). Also as of right now, IP cloaking does not
support IPv6 users due to the rare use of IPv6 and the difficulty in coding
support for it. So if an IPv6 user tries to set +h they will get the following
message:

--- *** Sorry, IP cloaking does not support IPv6 users!

If you have any questions please direct them to knight- on irc.chatjunkies.org
in #cservice as this is not officially supported by the ircd-hybrid team. Thank
you, and enjoy!
Revision:	31
Committed:	Sun Oct 2 20:34:05 2005 UTC (18 years, 6 months ago) by knight
Original Path:	*ircd-hybrid/contrib/README.cloaking*
File size:	3732 byte(s)
Log Message:	- Fix svn:keywords
#	User	Rev	Content
1	adx	30	ircd-hybrid IP/hostname cloaking README:
2			-----------------------------------------------
3	knight	31	$Id$
4	adx	30
5			Copyright (c) 2005 by Alan 'knight-' LeVee of ChatJunkies IRC Network
6			-----------------------------------------------
7
8			This README file is designed to cover the aspects of the IP cloaking features
9			new to hybrid in the contrib module named ip_cloaking.c. The basis for the IP
10			cloaking is to add some level of privacy for local users to have by cloaking, or
11			rather masking a part of their hostname with a CRC32 polymorphism hash.
12
13			This will make the necessary additions to the source code to allow IP cloaking
14			to work as well as adding in a new user mode known as +h. Normally on most IRC
15			daemons such as UnrealIRCd or ircu2, IP masking is assigned the user mode +x but
16			since we use +x for external operator messages we used +h as the next logical
17			step.
18
19			Basically the IP cloaking is a proof of concept utilising a CRC32 based salt
20			encryption method that UnrealIRCd uses but with some changes and bit stuffing
21			and bit shifting. However, before you compile the contrib module, it is
22			strongly recommended that you modify the
23			ip_cloaking.c module and edit the following:
24
25			#define KEY
26			#define KEY2
27			#define KEY3
28
29			With different numbers than are present in the provided module. This insures
30			that no one can really decipher the secret keys because they'll go on the basis
31			that they are stock and not modified. To get proper or good entropy on random
32			numbers rather than trying to guess them it is a good idea to use an entropy
33			variable or device to grab them. If you have BASH available you can use the
34			randomization variable called ${RANDOM} to get your bits. You need at least 3
35			secret keys in order for this to work, there is no preset requirement as to how
36			many numbers per key is required but it should have at least 4 to 6 numbers on
37			each block. If you want to do it easily and you have bash you can do the
38			following command in a BASH shell:
39
40			$ echo -e "#define KEY ${RANDOM}\n#define KEY2 ${RANDOM}\n#define KEY3
41			${RANDOM}"
42
43			You'll get an output similar to this:
44
45			#define KEY 935
46			#define KEY2 23539
47			#define KEY3 22522
48
49			Once you run that command you can copy and paste the output into ip_cloaking.c
50			and compile the module. However all servers must use the same secret keys in
51			order for this to work properly or you'll run into problems especially for
52			channel bans.
53
54			Since you will also need the module m_change.so to go with IP cloaking it is
55			best just to cd into the contrib. directory and build all the modules like so:
56
57			cd contrib; make install
58
59			Then you'll need to edit etc/ircd.conf and add the following lines to the
60			modules {} block so you can load the module:
61
62			module = "m_change.so";
63			module = "ip_cloaking.so";
64
65			Please note that all servers must have these modules loaded or IP cloaking
66			will not work. Once this is done you can activate the IP cloaking by passing
67			the following user mode:
68
69			/MODE nickname +h
70
71			You should then recieve a message:
72
73			--- ec6f50f-8f92678.ypwest01.mi.comcast.net :is your visible host
74
75			This means that anyone who runs WHOIS on you will receive that as the host
76			response. However, if hide_spoof_ips is set to no yourself and IRC operators can
77			get your true IP from WHOIS but no one else. Once user mode +h is set however,
78			it cannot be unset (ala ircu2). Also as of right now, IP cloaking does not
79			support IPv6 users due to the rare use of IPv6 and the difficulty in coding
80			support for it. So if an IPv6 user tries to set +h they will get the following
81			message:
82
83			--- *** Sorry, IP cloaking does not support IPv6 users!
84
85			If you have any questions please direct them to knight- on irc.chatjunkies.org
86			in #cservice as this is not officially supported by the ircd-hybrid team. Thank
87			you, and enjoy!