I need a tcl that scans users on connect to the server for proxy ports which I specify.(e.g. 8080 80 1080 etc.) I have found a script here called anti-socks1.1 but it only checks for port 1080. I want it to check for ports which I specify. To sum up the will be an oper bot and chechks users for proxy ports and kills if the port is open.
The server doesn't have admin and I only have an global oper. So I am not able to change server conf file or change services. The only way is to scan users with an eggdrop bot. Ant help would be apreciate Thanks...
Generally it's a bad idea to use such a script, for two reasons:
1) The script will block the eggdrop everytime it is trying to connect to the ports of a joining user. Especially on large channels, this will cause the bot to lag and maybe even timeout off the network, giving proxy abusers a while to join.
2) Scanning only whether the ports are open, will result in a huge number of false positives. Not everyone that has eg. port 8080 open, is actually using an open proxy! There sure are alot of well-configured HTTP proxies and the fact that such a proxy runs on the IRC user's host, should not automatically result in a kill, imo.
For the same reason, IRC networks that portscan on connect (a la DALnet) actually test if open proxy ports really are open proxies. They generate a request that is similar to what an abuser would use, and test for the result. If the proxy doesn't allow the issued request, the user is allowed to connect.
This will require the portscanner script to communicate with the proxy, and that's alot more complicated to implement... I actually think that TCL is not the most suitable language to code an automatic portscanner in; if you really want to use TCL, consider using "async" sockets and, as mentioned, test for the reaction of the supposed proxy (I'm sure there are already TCL scripts that do this).
Just some thoughts.
<font size=-1>[ This Message was edited by: RedAlert on 2002-04-06 04:52 ]</font>
I have seen that operserv isn't fast enough to ban flood clones which are joining rapidly to the server. Their ident's have been akilled but operserv delays and kills some of them after they join the channel. So it seems to me that using an eggdrop to scan these rapidly joining flooder's ips for open proxy ports and kill them if the ports are open will be a stupid activity.
On 2002-04-06 04:32, RedAlert wrote:
Generally it's a bad idea to use such a script, for two reasons:
1) The script will block the eggdrop everytime it is trying to connect to the ports of a joining user. Especially on large channels, this will cause the bot to lag and maybe even timeout off the network, giving proxy abusers a while to join.
2) Scanning only whether the ports are open, will result in a huge number of false positives. Not everyone that has eg. port 8080 open, is actually using an open proxy! There sure are alot of well-configured HTTP proxies and the fact that such a proxy runs on the IRC user's host, should not automatically result in a kill, imo.
For the same reason, IRC networks that portscan on connect (a la DALnet) actually test if open proxy ports really are open proxies. They generate a request that is similar to what an abuser would use, and test for the result. If the proxy doesn't allow the issued request, the user is allowed to connect.
This will require the portscanner script to communicate with the proxy, and that's alot more complicated to implement... I actually think that TCL is not the most suitable language to code an automatic portscanner in; if you really want to use TCL, consider using "async" sockets and, as mentioned, test for the reaction of the supposed proxy (I'm sure there are already TCL scripts that do this).
Just some thoughts.
<font size=-1>[ This Message was edited by: RedAlert on 2002-04-06 04:52 ]</font>
Just a quick comment as to point number 1. I'm not sure if 1.4 uses asynch sockets, but the latest version from http://dawg.oc255.net:81/ does. This means that the bot does not block on every join.