This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

Double whois

Help for those learning Tcl or writing their own scripts.
Post Reply
User avatar
FmX
Voice
Posts: 39
Joined: Wed Dec 06, 2006 12:42 pm

Double whois

Post by FmX »

Hello, guys i am using tcl script who make whois to someone and extract IP to channel. If i make whois to someone who is connected from my server there is no problem, but if want to somebody else from different server there is (spoofed) response instead of real IP. If i make double whois with my mirc client i can see real ip, but if i only use /whois NICK i also receive (spoofed).
My question is how to make tcl to use double whois to see the IP instead of spoofed.
Here is example with ordinary whois:
[18:43:05] John logged from (spoofed)
and double whois:
John logged from (1.2.3.4)
User avatar
CrazyCat
Revered One
Posts: 1304
Joined: Sun Jan 13, 2002 8:00 pm
Location: France
Contact:

Re: Double whois

Post by CrazyCat »

Depend on the reply you get: if it contains the nick and an information that the ip is spoofed, you can relaunch a /whois.

The danger is that you may flood the server with /whois commands if you don't get the real IP. You should probably add a counter (who($nick)) and stop if you did more than 2 /whois on $nick.

Can you give the raw responses to the /whois (spoofed one and real one) ?
User avatar
FmX
Voice
Posts: 39
Joined: Wed Dec 06, 2006 12:42 pm

Re: Double whois

Post by FmX »

Proc is this:

Code: Select all

proc getip {nick uhost handle chan text} {
    bind raw - 338 ip_from_whois
    putserv "whois [lindex [split $text] 0 ]"
    utimer 10 [list unbind raw - 338 ip_from_whois ]
}
Spoofed whois:

Code: Select all

:irc.xxx.xxx 338 Marty John :logged from (spoofed)
Non-spoofed double whois:

Code: Select all

:irc.xxx.xxx 338 Marty John :logged on from (1.2.3.4)
IRCD is ratbox. Only server administrators can see real IP, so BOT is Administrator now.
s
simo
Revered One
Posts: 1108
Joined: Sun Mar 22, 2015 2:41 pm

Re: Double whois

Post by simo »

If u get real ip from the server notice on connect it saves lot of whois I haven't used ratbox myselve used other ircds tho wich allow to retrieve real ip from server notice on connect of nick.
After research i found on ratbox ircd ircops use snomask +c or +C to see connections perhaps you could paste the notice you get from connecting nicks so we can extract nick and real ip from it to output in channel of choice.
Last edited by simo on Thu Apr 18, 2024 5:48 am, edited 2 times in total.
User avatar
CrazyCat
Revered One
Posts: 1304
Joined: Sun Jan 13, 2002 8:00 pm
Location: France
Contact:

Re: Double whois

Post by CrazyCat »

FmX wrote: Wed Apr 17, 2024 12:22 pm Proc is this:

Code: Select all

proc getip {nick uhost handle chan text} {
    bind raw - 338 ip_from_whois
    putserv "whois [lindex [split $text] 0 ]"
    utimer 10 [list unbind raw - 338 ip_from_whois ]
}
Well, I'll do that:
proc getip {nick uhost handle chan text} {
    set target [lindex [split $text] 0 ]
    incr ::whois($target)
    bind raw - 338 ip_from_whois
    putserv "whois $target"
    utimer 10 [list unbind raw - 338 ip_from_whois ]
}

proc ip_from_whois {from kw text} {
   # manage your $text as you want to extract $target 
   incr ::whois($target)
   if {[string match "*spoofed*" $text] && $::whois($target)<3} {
      getip $::botnick [getchanhost $::botnick] $::botnick #here $target
   }
}
Note: this is an example, calling a pub proc from an internal one is a bad idea, splitting getip in two parts (pub part and active proc) might be better, depends on how your script works
User avatar
FmX
Voice
Posts: 39
Joined: Wed Dec 06, 2006 12:42 pm

Re: Double whois

Post by FmX »

putserv "whois $target_nick $target_nick" did the trick :)
Thanks CrazyCat.
Simo +cC its not sutable because not all connection comes from my ircd. I am linked to other hub. Anyway with double target_nick everything is good now. :)
s
simo
Revered One
Posts: 1108
Joined: Sun Mar 22, 2015 2:41 pm

Re: Double whois

Post by simo »

I usually use whois nick nick as well wich gets more info from lot of ircds, glad you found a working solution.

Btw as network administrator you don't see connections from remote servers? That's odd you would expect a network administrator to see such information using proper snomasks.
Post Reply