ViewVC Help
View File | Revision Log | Show Annotations | View Changeset | Root Listing
root/svn/ircd-hybrid/contrib/README.cloaking
Revision: 30
Committed: Sun Oct 2 20:03:27 2005 UTC (18 years, 5 months ago) by adx
File size: 3787 byte(s)
Log Message:
- imported sources
- can be moved later according to the directory/branching scheme,
  but we need the svn up

File Contents

# Content
1 ircd-hybrid IP/hostname cloaking README:
2 -----------------------------------------------
3 $Id: README.cloaking,v 1.9 2005/09/07 14:51:25 knight Exp $
4
5 Copyright (c) 2005 by Alan 'knight-' LeVee of ChatJunkies IRC Network
6 -----------------------------------------------
7
8 This README file is designed to cover the aspects of the IP cloaking features
9 new to hybrid in the contrib module named ip_cloaking.c. The basis for the IP
10 cloaking is to add some level of privacy for local users to have by cloaking, or
11 rather masking a part of their hostname with a CRC32 polymorphism hash.
12
13 This will make the necessary additions to the source code to allow IP cloaking
14 to work as well as adding in a new user mode known as +h. Normally on most IRC
15 daemons such as UnrealIRCd or ircu2, IP masking is assigned the user mode +x but
16 since we use +x for external operator messages we used +h as the next logical
17 step.
18
19 Basically the IP cloaking is a proof of concept utilising a CRC32 based salt
20 encryption method that UnrealIRCd uses but with some changes and bit stuffing
21 and bit shifting. However, before you compile the contrib module, it is
22 *strongly* recommended that you modify the
23 ip_cloaking.c module and edit the following:
24
25 #define KEY
26 #define KEY2
27 #define KEY3
28
29 With different numbers than are present in the provided module. This insures
30 that no one can really decipher the secret keys because they'll go on the basis
31 that they are stock and not modified. To get proper or good entropy on random
32 numbers rather than trying to guess them it is a good idea to use an entropy
33 variable or device to grab them. If you have BASH available you can use the
34 randomization variable called ${RANDOM} to get your bits. You need at least 3
35 secret keys in order for this to work, there is no preset requirement as to how
36 many numbers per key is required but it should have at least 4 to 6 numbers on
37 each block. If you want to do it easily and you have bash you can do the
38 following command in a BASH shell:
39
40 $ echo -e "#define KEY ${RANDOM}\n#define KEY2 ${RANDOM}\n#define KEY3
41 ${RANDOM}"
42
43 You'll get an output similar to this:
44
45 #define KEY 935
46 #define KEY2 23539
47 #define KEY3 22522
48
49 Once you run that command you can copy and paste the output into ip_cloaking.c
50 and compile the module. However all servers *must* use the same secret keys in
51 order for this to work properly or you'll run into problems especially for
52 channel bans.
53
54 Since you will also need the module m_change.so to go with IP cloaking it is
55 best just to cd into the contrib. directory and build all the modules like so:
56
57 cd contrib; make install
58
59 Then you'll need to edit etc/ircd.conf and add the following lines to the
60 modules {} block so you can load the module:
61
62 module = "m_change.so";
63 module = "ip_cloaking.so";
64
65 Please note that *all* servers *must* have these modules loaded or IP cloaking
66 will *not* work. Once this is done you can activate the IP cloaking by passing
67 the following user mode:
68
69 /MODE nickname +h
70
71 You should then recieve a message:
72
73 --- ec6f50f-8f92678.ypwest01.mi.comcast.net :is your visible host
74
75 This means that anyone who runs WHOIS on you will receive that as the host
76 response. However, if hide_spoof_ips is set to no yourself and IRC operators can
77 get your true IP from WHOIS but no one else. Once user mode +h is set however,
78 it cannot be unset (ala ircu2). Also as of right now, IP cloaking does not
79 support IPv6 users due to the rare use of IPv6 and the difficulty in coding
80 support for it. So if an IPv6 user tries to set +h they will get the following
81 message:
82
83 --- *** Sorry, IP cloaking does not support IPv6 users!
84
85 If you have any questions please direct them to knight- on irc.chatjunkies.org
86 in #cservice as this is not officially supported by the ircd-hybrid team. Thank
87 you, and enjoy!

Properties

Name Value
svn:eol-style native
svn:keywords "Id Revision"