Double whois

[FmX]

Hello, guys i am using tcl script who make whois to someone and extract IP to channel. If i make whois to someone who is connected from my server there is no problem, but if want to somebody else from different server there is (spoofed) response instead of real IP. If i make double whois with my mirc client i can see real ip, but if i only use /whois NICK i also receive (spoofed).
My question is how to make tcl to use double whois to see the IP instead of spoofed.
Here is example with ordinary whois:
[18:43:05] John logged from (spoofed)
and double whois:
John logged from (1.2.3.4)

[CrazyCat]

Depend on the reply you get: if it contains the nick and an information that the ip is spoofed, you can relaunch a /whois.

The danger is that you may flood the server with /whois commands if you don't get the real IP. You should probably add a counter (who($nick)) and stop if you did more than 2 /whois on $nick.

Can you give the raw responses to the /whois (spoofed one and real one) ?

[FmX]

Proc is this:

Code: Select all

proc getip {nick uhost handle chan text} {
    bind raw - 338 ip_from_whois
    putserv "whois [lindex [split $text] 0 ]"
    utimer 10 [list unbind raw - 338 ip_from_whois ]
}

Spoofed whois:

Code: Select all

:irc.xxx.xxx 338 Marty John :logged from (spoofed)

Non-spoofed double whois:

Code: Select all

:irc.xxx.xxx 338 Marty John :logged on from (1.2.3.4)

IRCD is ratbox. Only server administrators can see real IP, so BOT is Administrator now.

[simo]

If u get real ip from the server notice on connect it saves lot of whois I haven't used ratbox myselve used other ircds tho wich allow to retrieve real ip from server notice on connect of nick.
After research i found on ratbox ircd ircops use snomask +c or +C to see connections perhaps you could paste the notice you get from connecting nicks so we can extract nick and real ip from it to output in channel of choice.

[CrazyCat]

Proc is this:

Code: Select all

proc getip {nick uhost handle chan text} {
    bind raw - 338 ip_from_whois
    putserv "whois [lindex [split $text] 0 ]"
    utimer 10 [list unbind raw - 338 ip_from_whois ]
}

Well, I'll do that:

proc getip {nick uhost handle chan text} {
    set target [lindex [split $text] 0 ]
    incr ::whois($target)
    bind raw - 338 ip_from_whois
    putserv "whois $target"
    utimer 10 [list unbind raw - 338 ip_from_whois ]
}

proc ip_from_whois {from kw text} {
   # manage your $text as you want to extract $target 
   incr ::whois($target)
   if {[string match "*spoofed*" $text] && $::whois($target)<3} {
      getip $::botnick [getchanhost $::botnick] $::botnick #here $target
   }
}

Note: this is an example, calling a pub proc from an internal one is a bad idea, splitting getip in two parts (pub part and active proc) might be better, depends on how your script works

[FmX]

putserv "whois $target_nick $target_nick" did the trick
Thanks CrazyCat.
Simo +cC its not sutable because not all connection comes from my ircd. I am linked to other hub. Anyway with double target_nick everything is good now.

[simo]

I usually use whois nick nick as well wich gets more info from lot of ircds, glad you found a working solution.

Btw as network administrator you don't see connections from remote servers? That's odd you would expect a network administrator to see such information using proper snomasks.