Site Tools


ircuser

# $EPIC: ircuser.txt,v 1.3 2006/09/19 10:52:37 sthalik Exp $

Synopsis:

ircuser <username>

About usernames, registration, and identd:

Whenever you connect to an irc server, the client sends some information about you to the server (``registration''). One of the pieces of infor- mation it sends is your “username”. This is supposed to be the name of the account you are logged into. The server treats this username as nothing more than a fallback value; a hint. The server does not trust the client to send trustworthy data (and why should it? The user has control over the client. ;-)

By default, the server always queries your username by asking the ident (auth) service that is running on your machine (using RFC 1413). If your host is running identd, then the value returned by identd will be used as your username and the “hint” provided at registration time is ignored. If your host is not running identd, then the value provided at registration time is used, but is prepended with a ~ (tilde) to warn other irc users that the username was not authenticated.

It is a good idea to be running an identd, and many servers on large public networks absolutely require that you be running identd before they will accept your registration. This is for your protection, rather than being an annoyance…

In the modern irc world, most of the irc users are running windows, where this is no concept of a username, and hence the username you see for them is ultimately provided by the client. Most reputable windows clients provide their own identd server which just returns the same username that the client provided at registration time. Therefore, the username that you get for a user is not really of much value at all, even if it is “authenticated”.

One of the features of the identd service is that if you ask it for the username of a connection that does not exist, it will return an error code. A popular irc attack is to forge many irc connections (and registration attempts) from a victim's ip address so many times as to annoy an operator enough into falsely K-lining the victim for running clonebots.

Every time a connection is made to an irc server, the server asks the identd service on the connecting host what the username is for the new connection. If the connection is fraudulent (forged), identd will return an error, and the server will consider the connection non-authenticated.

Thus, if a server forbids all non-authenticated users, then by rule all connections on the server have been positively confirmed by an identd service running on the connecting host to be valid and truthful. It is therefore possible to hold responsible people who do rude things to others since it is not possible to forge connections with others' addresses.

There are three lessons here:

 1) DO run an identd service, even if it is one that lets you control
    what it returns as your username.  The server isn't interested in 
    what your username is, only that the connection actually came from
    you.  Running an identd service is your first line of defense from 
    others who would try to get you in trouble.
 2) DON'T run an identd service that returns a dummy username for all
    requests valid or invalid.  That will make it look like you really 
    *are* running clonebots and will get you in trouble.
 3) DON'T run an identd service that returns an error for all requests
    valid or invalid.  That makes it look like your (valid) connections
    are actually forgeries and many large public servers don't want any
    forged connections.

Do your part. Run identd for the good of IRC.

Description:

You can use this command to change the default “hint” that is sent by EPIC to the server every time you establish a new server connection. This “hint” is overridden by whatever your identd server returns, and you are running an identd server, right? ;-) Because the “hint” is generally discarded, being able to set the “hint” is a moot point.

You must, of course, reconnect after you use ircuser before your new username will be seen to other users (if at all).

ircuser.txt · Last modified: 2006/09/28 23:18 by 127.0.0.1