Polarhome Community

by **oman99** » Fri Jun 11, 2004 10:44 pm

Hi there!
I have compiled and configured an EggDrop for QuakeNet but when it connects it gets G-Lined.
(Not a suprise after i read their rules of 5 connections for each IP)

Now my question is this: Is there any way that the PolarHome IP can get "trusted" on QuakeNet and if so what do i need to do get get my EggDrop cleared for it?

I´m on the RedHat part of PolarHome and the EggDrop is 1.6.15

by **DenisF** » Fri Jun 11, 2004 11:37 pm

We already have a 100 connection trust, there's a problem with a few open ports though, Qnet glines us for open proxies.

I'll try to get Z to fix it asap.

by **oman99** » Fri Jun 11, 2004 11:47 pm

It´s no need to rush it on my account

My main concearn was if it was possible to get the little fellow on QuakeNet at all. :rolleyes:

by **DenisF** » Sat Jun 12, 2004 1:26 am

Yeah it's possible, up until about a month ago when someone opened one of the ports that Qnet scans for proxies.

I tried to get Z to close all of them, but no reply yet. sorry.

will be fixed asap though

by **birberto** » Thu Jun 17, 2004 3:45 pm

I have a question related to this topic: How many Polarhome connections are trusted by Undernet?

by **ConsumeR** » Thu Nov 11, 2004 4:37 pm

Hello!

I just got shell accout and have set-up psyBNC. It still gets G-line for open proxies. Is there any chance the problem will be fixed? Or do you have a suggestion on what port to use.
Ty for answering! :wink:

Oh and what about ircnet? Is there i/I-line ?

by **Matej** » Sat Nov 20, 2004 1:07 pm

Code: Select all: 12:05 -!- Irssi: Connection to stockholm.se.quakenet.org established 12:05 !stockholm.se.quakenet.org *** Looking up your hostname 12:05 !stockholm.se.quakenet.org *** Checking Ident 12:05 !stockholm.se.quakenet.org *** Found your hostname 12:05 !stockholm.se.quakenet.org *** Got ident response 12:05 -!- open proxy. 12:05 -!- ERROR Closing Link: matej_ by stockholm.se.quakenet.org (G-lined) 12:05 -!- Irssi: Connection lost to stockholm.se.quakenet.org

Open Proxy/SOCKS by Zip
Sunday 23. April 2000 at 10:02 EEST

We have now started a security check whenever you connect to QuakeNet looking for Open Proxy/SOCKS. This means that when you connect it will check port 23 (telnet port, checks for a wingate telnet bounce) and port 1080 (socks/wingate port) for an unsecured SOCKS4 and SOCKS5 proxy. If a wingate telnet bounce is found on port 23 or if it finds an unsecured SOCKS4 or SOCKS5 Proxy (anonymously accessible), you will be g-lined (banned from the network).

You probably came to this FAQ because you got something like this when you tried to connect to QuakeNet:

Connecting to some.server.quakenet.org:6667

You are banned from connecting to this server ("Open Proxy. See

http://www.quakenet.org/openproxies.html. - ID: 666")

Closing Link: nick[IP.or.hostname.com] by some.server.quakenet.org (K-Lined)

Explanation:

You are running some sort of Proxy, probably Wingate or similiar. This Proxy is misconfigured. It does not only allow clients on your LAN to use it, but everyone on the Internet, without any Authentication. Such Proxies are frequently abused by flooders. This is why every client connecting to QuakeNet is scanned for an open Proxy, and G-Lined (Banned) when one is found.

To fix this, reconfigure your Proxy so that it is secure.

The G-Line will expire after 30 minutes. If your Proxy is secure, you should be able to reconnect after 30 minutes. If it isn't, you'll be banned again.

We are currently scanning Ports 80, 1080, 3128, 6588, 8000, 8080 & 45554. So if you get G-Lined you have a proxy listening on one or more of these ports.

You can enter the ID number you got in the gline-message below to get more detailed information about which proxies were found on you host.

80, 1080, 3128
6588

Code: Select all: 8000 tcp 0 0 *:8000 *:* LISTEN r_lela 14370

8080

45554

(11:25:37) * Connecting to gate.polarhome.com (8000)
(11:25:39) -Welcome- psyBNC2.2.2

Whic port is the bad guy?
Can someone do a port scan for open proxies?

by **DenisF** » Sat Nov 20, 2004 2:49 pm

root@mandrake~# nmap -v -sS -sV -sR -p 80,1080,3128,6588,8000,8080,45554 www.polarhome.com

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-11-20 14:41 IST
Host 11.198.216.81.dre.siw.siwnet.net (81.216.198.11) appears to be up ... good.
Initiating SYN Stealth Scan against 11.198.216.81.dre.siw.siwnet.net (81.216.198.11) at 14:41
Adding open port 80/tcp
Adding open port 8000/tcp
The SYN Stealth Scan took 1 second to scan 7 ports.
Initiating service scan against 2 services on 1 host at 14:41
The service scan took 8 seconds to scan 2 services on 1 host.
Interesting ports on 11.198.216.81.dre.siw.siwnet.net (81.216.198.11):
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.0.46 ((Unix) DAV/2 mod_ssl/2.0.46 OpenSSL/0.9.6b)
1080/tcp closed socks
3128/tcp closed squid-http
6588/tcp closed analogx
8000/tcp open irc-proxy psyBNC 2.2.2
8080/tcp closed http-proxy
45554/tcp closed unknown

Nmap run completed -- 1 IP address (1 host up) scanned in 16.338 seconds
root@mandrake~#

So it's a psybnc, owned by r_lela.

denisf@redhat~$ finger r_lela
Login: r_lela Name: robert lela
Directory: /home/r/r_lela Shell: /bin/bash
Office: roma italy, r_lela@virgilio.it
Never logged in.
No mail.
No Plan.

soooooooo, anyone who has a problem with qnet's gline. mail the guy

by **Matej** » Sat Nov 20, 2004 3:13 pm

So I was rite. It was r_lela.
I've mailed him and asked to change his port.

I'll propose to Zoli to shutdown ports 6588, 8000
on redhat and 45554 on HP-UX.

by **sjaz** » Sat Nov 20, 2004 4:09 pm

Or userdel r_lela

by **Matej** » Sat Nov 20, 2004 4:37 pm

Nah, he din't do anything bad.

by **DenisF** » Sat Nov 20, 2004 4:58 pm

That's a matter of perspective

I did, however, ask zoli like years ago to close down every known proxy port [gave him a list off a few irc network sites].

meh, why is it that no one ever reads my email :cry:

by **sjaz** » Sat Nov 20, 2004 8:45 pm

SPAMMER

by **zoli** » Sun Nov 21, 2004 11:17 am

hi,

I have a better idea.
I close these ports on gate directly.
1080, 3128, 6588, 8000, 8080, 45554 (all extept 80)
Hope this is acceptable.

by **sjaz** » Sun Nov 21, 2004 12:13 pm

That would be excellent Z.

by **Matej** » Sun Nov 21, 2004 1:06 pm

That's even better. Thanks.

by **DenisF** » Sun Nov 21, 2004 3:14 pm

Not to sound rude or anything, but that's exactly what i suggested quite the few months ago.

by **sjaz** » Sun Nov 21, 2004 3:40 pm

<3 Denis. You should do the same on mdk.

by **sputnik7_redhat** » Wed Jan 05, 2005 1:11 pm

I was having same problem so I thought I would use same thread instead of starting a new one. Everytime I try to connect bitchX to quakenet i get this.
[quakenet] *** Looking up your hostname
[quakenet] *** Checking Ident
[quakenet] *** Found your hostname
[quakenet] *** Got ident response
·f· open proxy. (from port80b.se.quakenet.org)
·f· Deleting server [94]

Is there anything that can be done about this? Is it something I messed up on my end or just a proxy running from somebody else? Thanks for any help

by **DenisF** » Wed Jan 05, 2005 1:36 pm

It's the same problem that existed for god knows how long.
there is a user who's running a psyBNC on a port that quakenet considers as proxy, thus the proxy glines.

having that said, we do have a trust on quakenet for a 100 concurrent users that i got like a year ago, but looks like until zoli bans those ports - no quakenet for polarhome

Polarhome Community

QuakeNet

same problem

Who is online