ircuser
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
| — | ircuser [2006/09/28 23:18] (current) – created - external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | # $EPIC: ircuser.txt, | ||
| + | ======Synopsis: | ||
| + | __ircuser__ < | ||
| + | |||
| + | ======About usernames, registration, | ||
| + | Whenever you connect to an irc server, the client sends some information | ||
| + | about you to the server (``registration'' | ||
| + | mation it sends is your " | ||
| + | the account you are logged into. The server treats this username as | ||
| + | nothing more than a fallback value; a hint. The server does not trust | ||
| + | the client to send trustworthy data (and why should it? The user has | ||
| + | control over the client. ;-) | ||
| + | |||
| + | By default, the server always queries your username by asking the ident | ||
| + | (auth) service that is running on your machine (using RFC 1413). | ||
| + | host is running identd, then the value returned by identd will be used as | ||
| + | your username and the " | ||
| + | If your host is not running identd, then the value provided at registration | ||
| + | time is used, but is prepended with a ~ (tilde) to warn other irc users | ||
| + | that the username was not authenticated. | ||
| + | |||
| + | It is a good idea to be running an identd, and many servers on large public | ||
| + | networks absolutely require that you be running identd before they will | ||
| + | accept your registration. | ||
| + | an annoyance... | ||
| + | |||
| + | In the modern irc world, most of the irc users are running windows, where | ||
| + | this is no concept of a username, and hence the username you see for them | ||
| + | is ultimately provided by the client. | ||
| + | provide their own identd server which just returns the same username that | ||
| + | the client provided at registration time. Therefore, the username that | ||
| + | you get for a user is not really of much value at all, even if it is | ||
| + | " | ||
| + | |||
| + | One of the features of the identd service is that if you ask it for the | ||
| + | username of a connection that does not exist, it will return an error | ||
| + | code. A popular irc attack is to forge many irc connections (and | ||
| + | registration attempts) from a victim' | ||
| + | annoy an operator enough into falsely K-lining the victim for running | ||
| + | clonebots. | ||
| + | |||
| + | Every time a connection is made to an irc server, the server asks the | ||
| + | identd service on the connecting host what the username is for the new | ||
| + | connection. | ||
| + | an error, and the server will consider the connection non-authenticated. | ||
| + | |||
| + | Thus, if a server forbids all non-authenticated users, then by rule all | ||
| + | connections on the server have been positively confirmed by an identd | ||
| + | service running on the connecting host to be valid and truthful. | ||
| + | therefore possible to hold responsible people who do rude things to others | ||
| + | since it is not possible to forge connections with others' | ||
| + | |||
| + | There are three lessons here: | ||
| + | 1) DO run an identd service, even if it is one that lets you control | ||
| + | what it returns as your username. | ||
| + | what your username is, only that the connection actually came from | ||
| + | you. Running an identd service is your first line of defense from | ||
| + | others who would try to get you in trouble. | ||
| + | 2) DON'T run an identd service that returns a dummy username for all | ||
| + | requests valid or invalid. | ||
| + | *are* running clonebots and will get you in trouble. | ||
| + | 3) DON'T run an identd service that returns an error for all requests | ||
| + | valid or invalid. | ||
| + | are actually forgeries and many large public servers don't want any | ||
| + | forged connections. | ||
| + | |||
| + | Do your part. Run identd for the good of IRC. | ||
| + | |||
| + | ======Description: | ||
| + | You can use this command to change the default " | ||
| + | EPIC to the server every time you establish a new server connection. | ||
| + | This " | ||
| + | you **are** running an identd server, right? ;-) Because the " | ||
| + | generally discarded, being able to set the " | ||
| + | |||
| + | You must, of course, [[reconnect command|reconnect]] after you use | ||
| + | __ircuser__ before your new username will be seen to other users (if at | ||
| + | all). | ||
ircuser.txt · Last modified: 2006/09/28 23:18 by 127.0.0.1