Moderator: Moderators
12:05 -!- Irssi: Connection to stockholm.se.quakenet.org established
12:05 !stockholm.se.quakenet.org *** Looking up your hostname
12:05 !stockholm.se.quakenet.org *** Checking Ident
12:05 !stockholm.se.quakenet.org *** Found your hostname
12:05 !stockholm.se.quakenet.org *** Got ident response
12:05 -!- open proxy.
12:05 -!- ERROR Closing Link: matej_ by stockholm.se.quakenet.org (G-lined)
12:05 -!- Irssi: Connection lost to stockholm.se.quakenet.org
Open Proxy/SOCKS by Zip
Sunday 23. April 2000 at 10:02 EEST
We have now started a security check whenever you connect to QuakeNet looking for Open Proxy/SOCKS. This means that when you connect it will check port 23 (telnet port, checks for a wingate telnet bounce) and port 1080 (socks/wingate port) for an unsecured SOCKS4 and SOCKS5 proxy. If a wingate telnet bounce is found on port 23 or if it finds an unsecured SOCKS4 or SOCKS5 Proxy (anonymously accessible), you will be g-lined (banned from the network).
You probably came to this FAQ because you got something like this when you tried to connect to QuakeNet:
Connecting to some.server.quakenet.org:6667
You are banned from connecting to this server ("Open Proxy. See
http://www.quakenet.org/openproxies.html. - ID: 666")
Closing Link: nick[IP.or.hostname.com] by some.server.quakenet.org (K-Lined)
Explanation:
You are running some sort of Proxy, probably Wingate or similiar. This Proxy is misconfigured. It does not only allow clients on your LAN to use it, but everyone on the Internet, without any Authentication. Such Proxies are frequently abused by flooders. This is why every client connecting to QuakeNet is scanned for an open Proxy, and G-Lined (Banned) when one is found.
To fix this, reconfigure your Proxy so that it is secure.
The G-Line will expire after 30 minutes. If your Proxy is secure, you should be able to reconnect after 30 minutes. If it isn't, you'll be banned again.
We are currently scanning Ports 80, 1080, 3128, 6588, 8000, 8080 & 45554. So if you get G-Lined you have a proxy listening on one or more of these ports.
You can enter the ID number you got in the gline-message below to get more detailed information about which proxies were found on you host.
8000 tcp 0 0 *:8000 *:* LISTEN r_lela 14370
(11:25:37) * Connecting to gate.polarhome.com (8000)
(11:25:39) -Welcome- psyBNC2.2.2
root@mandrake~# nmap -v -sS -sV -sR -p 80,1080,3128,6588,8000,8080,45554 www.polarhome.com
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-11-20 14:41 IST
Host 11.198.216.81.dre.siw.siwnet.net (81.216.198.11) appears to be up ... good.
Initiating SYN Stealth Scan against 11.198.216.81.dre.siw.siwnet.net (81.216.198.11) at 14:41
Adding open port 80/tcp
Adding open port 8000/tcp
The SYN Stealth Scan took 1 second to scan 7 ports.
Initiating service scan against 2 services on 1 host at 14:41
The service scan took 8 seconds to scan 2 services on 1 host.
Interesting ports on 11.198.216.81.dre.siw.siwnet.net (81.216.198.11):
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.0.46 ((Unix) DAV/2 mod_ssl/2.0.46 OpenSSL/0.9.6b)
1080/tcp closed socks
3128/tcp closed squid-http
6588/tcp closed analogx
8000/tcp open irc-proxy psyBNC 2.2.2
8080/tcp closed http-proxy
45554/tcp closed unknown
Nmap run completed -- 1 IP address (1 host up) scanned in 16.338 seconds
root@mandrake~#
denisf@redhat~$ finger r_lela
Login: r_lela Name: robert lela
Directory: /home/r/r_lela Shell: /bin/bash
Office: roma italy, r_lela@virgilio.it
Never logged in.
No mail.
No Plan.
Users browsing this forum: No registered users and 10 guests