QuakeNet

Irc, Eggdrop, BNC problems and discusion.

Moderator: Moderators

Postby oman99 » Fri Jun 11, 2004 10:44 pm

Hi there!
I have compiled and configured an EggDrop for QuakeNet but when it connects it gets G-Lined.
(Not a suprise after i read their rules of 5 connections for each IP)

Now my question is this: Is there any way that the PolarHome IP can get "trusted" on QuakeNet and if so what do i need to do get get my EggDrop cleared for it?

I´m on the RedHat part of PolarHome and the EggDrop is 1.6.15
oman99
 

Postby DenisF » Fri Jun 11, 2004 11:37 pm

We already have a 100 connection trust, there's a problem with a few open ports though, Qnet glines us for open proxies.

I'll try to get Z to fix it asap.
Image
[ FAQ ] :: [ Policy ] :: [ Port Forwarding Guide ] :: [ Search ]
User avatar
DenisF
Forum Admin
Forum Admin
 
Posts: 679
Joined: Mon Dec 16, 2002 9:09 pm
Location: Israhell

Postby oman99 » Fri Jun 11, 2004 11:47 pm

It´s no need to rush it on my account ;)

My main concearn was if it was possible to get the little fellow on QuakeNet at all. :rolleyes:
oman99
 

Postby DenisF » Sat Jun 12, 2004 1:26 am

Yeah it's possible, up until about a month ago when someone opened one of the ports that Qnet scans for proxies.

I tried to get Z to close all of them, but no reply yet. sorry.

will be fixed asap though :)
Image
[ FAQ ] :: [ Policy ] :: [ Port Forwarding Guide ] :: [ Search ]
User avatar
DenisF
Forum Admin
Forum Admin
 
Posts: 679
Joined: Mon Dec 16, 2002 9:09 pm
Location: Israhell

Postby birberto » Thu Jun 17, 2004 3:45 pm

I have a question related to this topic: How many Polarhome connections are trusted by Undernet?
"Dubito ergo cogito, cogito ergo sum." (Descartes)
User avatar
birberto
Advanced Member
 
Posts: 67
Joined: Sat Feb 21, 2004 2:03 pm
Location: Székelyudvarhely

Postby ConsumeR » Thu Nov 11, 2004 4:37 pm

Hello!

I just got shell accout and have set-up psyBNC. It still gets G-line for open proxies. Is there any chance the problem will be fixed? Or do you have a suggestion on what port to use.
Ty for answering! :wink:

Oh and what about ircnet? Is there i/I-line ?
ConsumeR
Newbie
 
Posts: 4
Joined: Thu Nov 11, 2004 4:29 pm

Postby Matej » Sat Nov 20, 2004 1:07 pm

Code: Select all
12:05 -!- Irssi: Connection to stockholm.se.quakenet.org established
12:05 !stockholm.se.quakenet.org *** Looking up your hostname
12:05 !stockholm.se.quakenet.org *** Checking Ident
12:05 !stockholm.se.quakenet.org *** Found your hostname
12:05 !stockholm.se.quakenet.org *** Got ident response
12:05 -!- open proxy.
12:05 -!- ERROR Closing Link: matej_ by stockholm.se.quakenet.org (G-lined)
12:05 -!- Irssi: Connection lost to stockholm.se.quakenet.org


Open Proxy/SOCKS by Zip
Sunday 23. April 2000 at 10:02 EEST

We have now started a security check whenever you connect to QuakeNet looking for Open Proxy/SOCKS. This means that when you connect it will check port 23 (telnet port, checks for a wingate telnet bounce) and port 1080 (socks/wingate port) for an unsecured SOCKS4 and SOCKS5 proxy. If a wingate telnet bounce is found on port 23 or if it finds an unsecured SOCKS4 or SOCKS5 Proxy (anonymously accessible), you will be g-lined (banned from the network).


You probably came to this FAQ because you got something like this when you tried to connect to QuakeNet:


Connecting to some.server.quakenet.org:6667



You are banned from connecting to this server ("Open Proxy. See

http://www.quakenet.org/openproxies.html. - ID: 666")



Closing Link: nick[IP.or.hostname.com] by some.server.quakenet.org (K-Lined)


Explanation:

You are running some sort of Proxy, probably Wingate or similiar. This Proxy is misconfigured. It does not only allow clients on your LAN to use it, but everyone on the Internet, without any Authentication. Such Proxies are frequently abused by flooders. This is why every client connecting to QuakeNet is scanned for an open Proxy, and G-Lined (Banned) when one is found.

To fix this, reconfigure your Proxy so that it is secure.

The G-Line will expire after 30 minutes. If your Proxy is secure, you should be able to reconnect after 30 minutes. If it isn't, you'll be banned again.

We are currently scanning Ports 80, 1080, 3128, 6588, 8000, 8080 & 45554. So if you get G-Lined you have a proxy listening on one or more of these ports.

You can enter the ID number you got in the gline-message below to get more detailed information about which proxies were found on you host.



80, 1080, 3128
6588
Code: Select all
8000 tcp        0      0 *:8000                  *:*                     LISTEN      r_lela     14370

8080

45554


(11:25:37) * Connecting to gate.polarhome.com (8000)
(11:25:39) -Welcome- psyBNC2.2.2


Whic port is the bad guy?
Can someone do a port scan for open proxies?
User avatar
Matej
Forum Admin
Forum Admin
 
Posts: 365
Joined: Sun Sep 29, 2002 12:28 am
Location: Ljubljana, Slovenia

Postby DenisF » Sat Nov 20, 2004 2:49 pm

root@mandrake~# nmap -v -sS -sV -sR -p 80,1080,3128,6588,8000,8080,45554 www.polarhome.com

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-11-20 14:41 IST
Host 11.198.216.81.dre.siw.siwnet.net (81.216.198.11) appears to be up ... good.
Initiating SYN Stealth Scan against 11.198.216.81.dre.siw.siwnet.net (81.216.198.11) at 14:41
Adding open port 80/tcp
Adding open port 8000/tcp
The SYN Stealth Scan took 1 second to scan 7 ports.
Initiating service scan against 2 services on 1 host at 14:41
The service scan took 8 seconds to scan 2 services on 1 host.
Interesting ports on 11.198.216.81.dre.siw.siwnet.net (81.216.198.11):
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.0.46 ((Unix) DAV/2 mod_ssl/2.0.46 OpenSSL/0.9.6b)
1080/tcp closed socks
3128/tcp closed squid-http
6588/tcp closed analogx
8000/tcp open irc-proxy psyBNC 2.2.2
8080/tcp closed http-proxy
45554/tcp closed unknown

Nmap run completed -- 1 IP address (1 host up) scanned in 16.338 seconds
root@mandrake~#


So it's a psybnc, owned by r_lela.

denisf@redhat~$ finger r_lela
Login: r_lela Name: robert lela
Directory: /home/r/r_lela Shell: /bin/bash
Office: roma italy, r_lela@virgilio.it
Never logged in.
No mail.
No Plan.


soooooooo, anyone who has a problem with qnet's gline. mail the guy :)
Image
[ FAQ ] :: [ Policy ] :: [ Port Forwarding Guide ] :: [ Search ]
User avatar
DenisF
Forum Admin
Forum Admin
 
Posts: 679
Joined: Mon Dec 16, 2002 9:09 pm
Location: Israhell

Postby Matej » Sat Nov 20, 2004 3:13 pm

So I was rite. It was r_lela.
I've mailed him and asked to change his port.

I'll propose to Zoli to shutdown ports 6588, 8000
on redhat and 45554 on HP-UX.
User avatar
Matej
Forum Admin
Forum Admin
 
Posts: 365
Joined: Sun Sep 29, 2002 12:28 am
Location: Ljubljana, Slovenia

Postby sjaz » Sat Nov 20, 2004 4:09 pm

Or userdel r_lela
User avatar
sjaz
Forum Admin
Forum Admin
 
Posts: 694
Joined: Fri Feb 14, 2003 11:08 pm
Location: London, UK

Postby Matej » Sat Nov 20, 2004 4:37 pm

Nah, he din't do anything bad.
User avatar
Matej
Forum Admin
Forum Admin
 
Posts: 365
Joined: Sun Sep 29, 2002 12:28 am
Location: Ljubljana, Slovenia

Postby DenisF » Sat Nov 20, 2004 4:58 pm

That's a matter of perspective ;)

I did, however, ask zoli like years ago to close down every known proxy port [gave him a list off a few irc network sites].

meh, why is it that no one ever reads my email :cry:
Image
[ FAQ ] :: [ Policy ] :: [ Port Forwarding Guide ] :: [ Search ]
User avatar
DenisF
Forum Admin
Forum Admin
 
Posts: 679
Joined: Mon Dec 16, 2002 9:09 pm
Location: Israhell

Postby sjaz » Sat Nov 20, 2004 8:45 pm

SPAMMER :P
User avatar
sjaz
Forum Admin
Forum Admin
 
Posts: 694
Joined: Fri Feb 14, 2003 11:08 pm
Location: London, UK

Postby zoli » Sun Nov 21, 2004 11:17 am

hi,

I have a better idea.
I close these ports on gate directly.
1080, 3128, 6588, 8000, 8080, 45554 (all extept 80)
Hope this is acceptable.
Regards,
Z
---
Zoltan Arpadffy
zoli
Forum Admin
Forum Admin
 
Posts: 785
Joined: Mon Sep 30, 2002 1:27 am
Location: Stockholm, Sweden

Postby sjaz » Sun Nov 21, 2004 12:13 pm

That would be excellent Z.
User avatar
sjaz
Forum Admin
Forum Admin
 
Posts: 694
Joined: Fri Feb 14, 2003 11:08 pm
Location: London, UK

Postby Matej » Sun Nov 21, 2004 1:06 pm

That's even better. Thanks.
User avatar
Matej
Forum Admin
Forum Admin
 
Posts: 365
Joined: Sun Sep 29, 2002 12:28 am
Location: Ljubljana, Slovenia

Postby DenisF » Sun Nov 21, 2004 3:14 pm

Not to sound rude or anything, but that's exactly what i suggested quite the few months ago.
Image
[ FAQ ] :: [ Policy ] :: [ Port Forwarding Guide ] :: [ Search ]
User avatar
DenisF
Forum Admin
Forum Admin
 
Posts: 679
Joined: Mon Dec 16, 2002 9:09 pm
Location: Israhell

Postby sjaz » Sun Nov 21, 2004 3:40 pm

<3 Denis. You should do the same on mdk.
User avatar
sjaz
Forum Admin
Forum Admin
 
Posts: 694
Joined: Fri Feb 14, 2003 11:08 pm
Location: London, UK

same problem

Postby sputnik7_redhat » Wed Jan 05, 2005 1:11 pm

I was having same problem so I thought I would use same thread instead of starting a new one. Everytime I try to connect bitchX to quakenet i get this.
[quakenet] *** Looking up your hostname
[quakenet] *** Checking Ident
[quakenet] *** Found your hostname
[quakenet] *** Got ident response
·f· open proxy. (from port80b.se.quakenet.org)
·f· Deleting server [94]

Is there anything that can be done about this? Is it something I messed up on my end or just a proxy running from somebody else? Thanks for any help :)
sputnik7_redhat
Newbie
 
Posts: 2
Joined: Wed Jan 05, 2005 6:38 am
Location: United States

Postby DenisF » Wed Jan 05, 2005 1:36 pm

It's the same problem that existed for god knows how long.
there is a user who's running a psyBNC on a port that quakenet considers as proxy, thus the proxy glines.

having that said, we do have a trust on quakenet for a 100 concurrent users that i got like a year ago, but looks like until zoli bans those ports - no quakenet for polarhome :(
Image
[ FAQ ] :: [ Policy ] :: [ Port Forwarding Guide ] :: [ Search ]
User avatar
DenisF
Forum Admin
Forum Admin
 
Posts: 679
Joined: Mon Dec 16, 2002 9:09 pm
Location: Israhell

Next

Return to Polarhome IRC

Who is online

Users browsing this forum: No registered users and 3 guests