Proxy blocking

General talk about EFnet

Moderators: Website/Forum Admins, EFnet/General Moderators

evil
Posts: 59
Joined: Mon Sep 15, 2003 6:18 pm

Proxy blocking

Postby evil » Wed Mar 01, 2006 1:24 am

Just curious, is there some reason why most of the servers are proactive about keeping proxies out but irc.nac.net could care less? The only reason why I ask is because it seems that spammers have chosen irc.nac.net as the server of choice for that reason.
Hardy
Site Admin
Posts: 394
Joined: Wed Jul 02, 2003 4:54 pm
Location: Oslo, Norway
Contact:

Re: Proxy blocking

Postby Hardy » Wed Mar 01, 2006 9:49 am

evil wrote:Just curious, is there some reason why most of the servers are proactive about keeping proxies out but irc.nac.net could care less? The only reason why I ask is because it seems that spammers have chosen irc.nac.net as the server of choice for that reason.
EFnet has a voted in requirement that all client servers should run a proxyscanner. Unfortunately isn’t every sever administrator as careful on keeping their proxyscanner up-to-date...
-- Hardy
Administrator: irc.underworld.no
Services Administrator
http://www.efnet.org admin/staff
evil
Posts: 59
Joined: Mon Sep 15, 2003 6:18 pm

Postby evil » Wed Mar 01, 2006 11:41 am

I see, but I don't think irc.nac.net is doing any scanning because ports 8080 and 3128 have been popular proxy ports for a long time and the spammers are constantly using those. To make matters worse, doing a "stats p spammer_nick" just gets you banned from irc.nac.net. It's a bit irritating but it's not exactly my favorite server. I do however appreciate the excellent effort the other servers make in keeping out spammers.
sealie
Posts: 29
Joined: Wed Aug 13, 2003 2:22 pm
Location: Troms�, Norway
Contact:

Postby sealie » Wed Apr 05, 2006 6:34 am

There is no way for the EFnet way servers to "firewall" the ports used on the client end. Remember that the proxy ports has nothing to do with the IRC server, its what port the client machine is listening on for remote connections.

The most common way to prevent proxy/socks[4|5]/tor attacks on EFnet is implementing a BOPM (http://sourceforge.net/projects/bopm) client that basically got two features. It can do live scanning of connecting host, or query RBL lists (network blacklists) for every connecting IP to see if anyone else have blacklisted either the IP or the network its connecting from, and k/d-line any positives.
Unfortuately these lists requires alot of maintenance and attention, and the BOPMs needs to be updated with the most updated and recent RBL lists to be effective. Infact, many countries are forced to only use the RBL query method as live portscanning/querying is against the law in many counties (atleast in EU)
However, there are being implemented more effective list distributions as we speak to not only depend on RBL lists.

Hope this cleared things up a bit.
oper, efnet.demon.co.uk, efnet.port80.se & irc.efnet.nl
nababan
Posts: 1
Joined: Thu Jul 26, 2007 7:51 pm
Contact:

Postby nababan » Mon Jul 30, 2007 2:42 pm

any public proxy that allowed in efnet network?
PLEASE SHARE TO ME PLEASE
N43434N
Kanaka
Posts: 2
Joined: Fri Aug 03, 2007 2:18 am

Postby Kanaka » Fri Aug 03, 2007 2:22 am

From what I've seen, the more lenient servers are

irc.daxnet.no [also allows most tor in]
irc.he.net [proxyscanner is a joke]
irc.nac.net
irc.vel.net
User avatar
munky
Site Admin
Posts: 826
Joined: Wed Jul 02, 2003 4:54 pm
Location: Phoenix AZ
Contact:

Postby munky » Fri Aug 03, 2007 2:24 pm

all open I servers are required to have a proxy scanner by global policy.

daxnet uses 2 TOR dnsbls, and what makes you say he.net proxy scanning is a joke?
In God we trust,
Everyone else must have an X.509 certificate.

Who is online

Users browsing this forum: Google [Bot] and 17 guests