Friday 26 July 2019

dns - How does hostname spoofing/customization work on IRC networks?


I've used IRC for a long time and I've seen people with really unique hostnames. I'm wondering how they are able to have those?


My theory is that one sets up a server as part of the efnet/freenode network and somehow masks his real identity behind that custom server.


Could someone explain layman's terms how this is done?


And on a related note, how easy is it to customize your hostname if you're say, running an irc client on your domain and would like to use your domain name instead of the internal vps address?


Example: if I'm using linode, it'll say I'm member_whatever@members.linode.com as my hostname. I host several sites so I'm pointing a few A records to my server, I want my hostname to be something like 'meder@medero.org' for example, instead of the default linode one.



Answer



There are two types of "vhosts": real and fake.



Real vhosts are usually called "reverse DNS" (also called rDNS)—it's basically a DNS record for your IP address, pointing to some domain name with a PTR record, which is looked up by the server upon connection (be it ircd, httpd, or anything else). This is the "Looking up your hostname..." notice you see immediately after connecting to IRC.


If a user connects from 2001:db8::42, for example, a DNS lookup is performed for 2.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.. If the user connected from 192.0.2.123, the equivalent DNS name will be 123.2.0.192.in-addr.arpa.. The reverse DNS can be changed by whoever controls the IP address block. If you have a single IPv4 address for your home network, you usually have to annoy your ISP to get the rDNS changed.


To avoid spoofing, an ircd (the IRC server program) will compare reverse and forward DNS—that is, it will make sure your rDNS hostname points back to your IP address—before displaying it to other users.



For those who are unable to change their real rDNS, most IRC networks offer "virtual hosts" or "cloaks".


Almost every IRC daemon has the ability to change user's displayed hostname at any time; usually this is restricted to operators, or even to services. For example, with the IRC command /chghost joeuser joes-fake-hostname.net (assuming sufficient privileges).


On most networks this process is automated by services—once an operator assigns you a vhost (cloak), you get it set every time you identify to your services account.


(I'm saying "services", not "NickServ" or "HostServ", because most of the time it is a single program presenting itself as all of the *Servs.)


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

How can I VLOOKUP in multiple Excel documents?

I am trying to VLOOKUP reference data with around 400 seperate Excel files. Is it possible to do this in a quick way rather than doing it m...