Results 1 to 6 of 6

Thread: Bantype 4

  1. #1
    Junior Member
    Join Date
    Jun 2009
    Posts
    12

    Default Bantype 4

    Hi all,

    #help directed me here to suggest a bantype 4. The current types are as follows:
    0: ban in the form *!user@host
    1: ban in the form *!*user@host
    2: ban in the form *!*@host
    3: ban in the form *!*user@*.domain
    Type 3 solves the issue of dynamic IP hosts which expose a hostmask of IP.City.Area.ISP.TLD or similar, but is easily evaded simply by changing the username. Type 2 solves the problem of client-changeable fields like user and nick, but does not address dynamic IP as type 3 does.

    Type 2 and 3 are both great security tools, however they address different issues and I feel a merged type 4 would be very helpful. I propose a mode which bans *!*@*.domain. This will maintain a ban irrespective of both dynamic IP hosts and also client changes such as username.

    Here is a hypothetical example of the result of these bantypes:
    Type 2: ChanServ set a ban on *!*@pool-70-110-176-46.phil.east.verizon.net.
    Type 3: ChanServ set a ban on *!*Tab@*.phil.east.verizon.net.
    Type 4: ChanServ set a ban on *!*@*.phil.east.verizon.net.
    All but type 4 are easily evaded in this case.

    While many will point out that this type bans large swaths of users, I suggest this mode only for the truly paranoid channels. Type 3 has this downside already for users on a default username.

    Thoughts?

  2. #2
    Rizon Staff
    Join Date
    Apr 2006
    Posts
    1,215

    Default

    Such bans can and should be set manually in certain cases when ban types 2 and 3 (and others) aren't enough.

    Honestly, such a *!*@*.domain mask shouldn't be a ChanServ ban type, ban type 3 can hit a bunch if innocent users with default idents and usernames (web clients (cgiirc, qwebirc, PJIRC, ...) and others (nnscript, chatzilla, ...)) already.

  3. #3
    Rizon Staff Jason's Avatar
    Join Date
    Oct 2002
    Location
    Guadalajara
    Posts
    538

    Default

    I agree with Holz on this (which is a bad thing you have me agreeing with holz), services should not be setting these types of bans. An op every once in a while yes but not services. Many of these bans knock out hundreds of people at once. Some even over a thousand. For example:

    1052/15836 users matching "*!*@*comcast.net

    We have over 1000 people on comcast at the time i ran this check. That is not really something you want being banned because one user was an idiot.
    Rizon CEO
    Jason
    Jason@Rizon.net

  4. #4
    Junior Member
    Join Date
    Jun 2009
    Posts
    12

    Default

    Quote Originally Posted by Jason View Post
    1052/15836 users matching "*!*@*comcast.net
    As demonstrated above, this is not the function of *.domain. *.domain only bans the first component of the host URL, so it would only ban one Comcast IP. At least that's how type 3 seems to work.

  5. #5
    Rizon Staff
    Join Date
    Apr 2006
    Posts
    1,215

    Default

    Quote Originally Posted by Tab View Post
    *.domain only bans the first component of the host URL, so it would only ban one Comcast IP. At least that's how type 3 seems to work.
    That would be ban type 2, ban type 3 would be *.hsd1.wa.comcast.net for all Comcast users from Washington etc.

  6. #6
    Junior Member
    Join Date
    Jun 2009
    Posts
    12

    Default

    Quote Originally Posted by Holz View Post
    That would be ban type 2, ban type 3 would be *.hsd1.wa.comcast.net for all Comcast users from Washington etc.
    Oh, right.

    Well ok. I'll handle things manually then. I don't foresee it really being a problem anyhow. Just thought it was an interesting suggestion.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •