Annyoing "security" policy

Ask your general or IRC related questions.
Torman
Posts: 14

Annyoing "security" policy

Post by Torman »

I would like to know about the reasons for Undernets security policy, if you can call it that.

I'm using IRC a lot (different networks actually) and it surprises me that Undernet decided to ban all Tor exits. I'm on Tor a lot for privacy reasons and the other networks I use have no problem with that. But on Undernet, I only get the (incorrect, using Linux) Moosoft Trojan alert or the forbidden message. However, Undernet hosts lots of C&C channels and floods and spambots are very common, so it can't be really about security. Also it seems staff doesn't care (saw a thread here about reported C&C channels, and nobody really did anything about them).

Tor+SSL are a great way to keep your things private when you use public wireless networks a lot like I do.

So what's the reason for the Tor ban? The botnets don't use it. And please no replies like "do not want" or "deal with it": I expect a serious reply to a serious question.

User avatar
Sabin
Posts: 15
Location: Romania

Post by Sabin »

The "Moosoft Trojan alert or the forbidden message" you are talking about it is a gline reason, a gline is a ban on all undernet servers. If you scanned your computer for malware/worms/viruses and nothing was found mail abuse@undernet.org with your ip address and reason of gline, ask for further clarification and removal of gline. As for abusive bots/botnets you can mail abuse-exploits@underent.org with precise info as: ips/hosts, channels mentioned in the message body text, not files attached.
[img]http://www.undernet.org/design/logo4.jpg[/img]

Torman
Posts: 14

Post by Torman »

I don't know if you bothered to read my posting in detail.

First: I'm running Linux, your Moosoft tool is Windows only. Given that over the past 15 years I never had a virus or trojan on
one of my Linux installs, I'm very positive that my system is clean.
AUTO [2] (xxxxx) Infected with a virus or trojan, please clean your system. Cleaner @ http://www.moosoft.com (P14).


Second: I said that I'm using Tor, so obviously it's not my IP that gets glined by Undernet, but the Tor exit node.

Third: Undernet definatively has a ban on Tor and I want to know why.
AUTO [1] DNSBL listed. TORs are forbidden on this network. Your IP is xxx.xxx.xxx.xxx.

I get this lots of times for many different IPs, namely the exit nodes.

Fourth: Just look around on this forum. Many users have mentioned about 40-50% botnet/drones on the network, and nothing ever seems to happen.

Fifth: All that said, I want to know the reason. Undernet has a major problem with tolerated abuse, so the crackdown on Tor makes no sense.
I would not complain if 90% of the problems came from Tor, but let's face it: drone herders have networks a few magnitudes larger and don't need it.

I just want ensure my privacy and security. Nothing more, but also nothing less.

Torman
Posts: 14

Post by Torman »

Can I get a reply, or will this just be some sort of "we don't care, let's ignore him thread"?

Eenie
Posts: 606
Location: Virginia, USA

Post by Eenie »

Torman wrote:Can I get a reply, or will this just be some sort of "we don't care, let's ignore him thread"?


No one is ignoring you on purpose.

You have not been answered, apparently because no one has an answer for you at this time.

JMO.

~Eenie
Just a small fish in a big sea Image
Image

jumpdriver
Posts: 3

Post by jumpdriver »

How could there be no answer? It's a pretty simple question.

Torman
Posts: 14

Post by Torman »

Eenie: Thanks for the reply.

No offense, but does that mean nobody here knows why a legitimate service like Tor has been blocked?

Since Undernet knows the IP's of the exit nodes, why not simply cloaking users? Like e.g. <nick>!<user>@<random>.tor.undernet.org? That way, every op can simply decide if he wants Tor users or not in his channel by setting a ban on the *!*@*.tor.undernet.org mask.

Tor is an major service for freedom. Reasons may be as simple as coming to IRC from an untrusted hotspot, but also as important as avoiding monitoring by an oppressive regime (China, North Korea, Iran, etc). For me, IRC was always about freedom of speech and it would hurt to see that freedom being taken away.

Yes, I'm annoyed by all that and pardon me if it shows. Perhaps somebody could bring this thread to the attention of those who decide to do such large bans.

xplo
Posts: 182
Location: Behind You!

Post by xplo »

Torman wrote:Can I get a reply, or will this just be some sort of "we don't care, let's ignore him thread"?


its pretty simple, TOR are mostly used to abuse, evade glines/bans and we do not support that..
undernet in the last 5yrs has not moved a lot, and now its making progress to erradicate floods/abuse/evading with improvements like this one. Sorry for the innocents who are caught in the fishnet, but.. there are alternatives..

i hope next step would be regex patterns usage in bans/gline :)

the answer is simple: Don't use TOR, its banned. use your own ip and hide it with user mode +x, for this you will need a username, get one at http://cservice.undernet.org/live

and again.. TOR are banned due to abuse.. Its a Good step that i completely support. you should too, i understand your "for privacy" but put yourself in our shoes..
Go to hell with your questions, my time is done here. It was fun, but this network is sooooo corrupted by morons, its not worth it.

Eenie
Posts: 606
Location: Virginia, USA

Post by Eenie »

xplo wrote:
Torman wrote:Can I get a reply, or will this just be some sort of "we don't care, let's ignore him thread"?


its pretty simple, TOR are mostly used to abuse, evade glines/bans and we do not support that..
undernet in the last 5yrs has not moved a lot, and now its making progress to erradicate floods/abuse/evading with improvements like this one. Sorry for the innocents who are caught in the fishnet, but.. there are alternatives..

i hope next step would be regex patterns usage in bans/gline :)

the answer is simple: Don't use TOR, its banned. use your own ip and hide it with user mode +x, for this you will need a username, get one at http://cservice.undernet.org/live

and again.. TOR are banned due to abuse.. Its a Good step that i completely support. you should too, i understand your "for privacy" but put yourself in our shoes..


Coloured in red above by me.

Whose shoes are those? Are you now an official representative of our network, xplo?

~Eenie

Just a small fish in a big sea Image
Image

Torman
Posts: 14

Post by Torman »

evade glines/bans

What about those users without static IP addresses? Resetting a router is all they need to do to evade a ban. Want to gline all ISP's who use DHCP?

its making progress to erradicate floods/abuse/evading with improvements like this one

I would not call that an improvement; it's exactly the opposite.

there are alternatives

Like?

next step would be regex patterns

No offense, but I seriously hope you won't make those regexp.

the answer is simple: Don't use TOR

My conclusion can be equally simple: don't use Undernet. I don't really want to use that option though; but it's a last resort measure.

use your own ip and hide it with user mode +x

Which helps not a single bit if you come from an untrusted and/or snooping network.

TOR are banned due to abuse.. Its a Good step that i completely support

I've seen lots of abuse coming from e.g. Comcast too. Or Russia and China if you want to be more general. May I make another suggestion for some large bans?

"for privacy"

Putting that in quotes makes it sound like you consider it an excuse from me to continue with abuse, which has the nasty taste of calling me a liar.


So xplo, why not cloaking Tor users like I suggested? Or do you think Undernet shouldn't let ops decide who to let into their channels? Cloaking is such a simple fix with benefits for both sides.

See, I don't like drones either. I would not mind to solve a captcha to connect. Somewhat like the "/quote pass" line for broken idents: post an URL to an image. The user looks at it and replies to connect. Voilà, no more drones until they do OCR (and then it's only a matter of minutes to change the captcha layout).

MartYanu2
Posts: 39
Location: The land of nowhere

Post by MartYanu2 »

Erm, that must hurt!

xplo
Posts: 182
Location: Behind You!

Post by xplo »

Eenie wrote:
xplo wrote:
Torman wrote:Can I get a reply, or will this just be some sort of "we don't care, let's ignore him thread"?


its pretty simple, TOR are mostly used to abuse, evade glines/bans and we do not support that..
undernet in the last 5yrs has not moved a lot, and now its making progress to erradicate floods/abuse/evading with improvements like this one. Sorry for the innocents who are caught in the fishnet, but.. there are alternatives..

i hope next step would be regex patterns usage in bans/gline :)

the answer is simple: Don't use TOR, its banned. use your own ip and hide it with user mode +x, for this you will need a username, get one at http://cservice.undernet.org/live

and again.. TOR are banned due to abuse.. Its a Good step that i completely support. you should too, i understand your "for privacy" but put yourself in our shoes..


Coloured in red above by me.

Whose shoes are those? Are you now an official representative of our network, xplo?

~Eenie



i am a well known user/volunteer since a freaking long time ago, no need to act like you own the place!
by OUR i ment Undernet's users who are freaking annoyed of proxy/TOR usage with floodbots/spammers/evaders
i NEVER pretended to be an official, you can see this via /msg x verify xplo from irc..


you should take a nap or something....

Focus on the RED part
Last edited by xplo on Fri Jul 23, 2010 12:07 am, edited 1 time in total.
Go to hell with your questions, my time is done here. It was fun, but this network is sooooo corrupted by morons, its not worth it.

xplo
Posts: 182
Location: Behind You!

Post by xplo »

Torman wrote:So xplo, why not cloaking Tor users like I suggested? Or do you think Undernet shouldn't let ops decide who to let into their channels? Cloaking is such a simple fix with benefits for both sides.

See, I don't like drones either. I would not mind to solve a captcha to connect. Somewhat like the "/quote pass" line for broken idents: post an URL to an image. The user looks at it and replies to connect. Voilà, no more drones until they do OCR (and then it's only a matter of minutes to change the captcha layout).


this will never happen here, it took ages to get something moving here...

and as alternative, get a Bouncer, (psyBNC, ZNC, Sbnc) those are alternative. get a secured shell, your own bouncer, and we will never need to discuss about it ever.

like i said above, TOR are used to evade glines/bans. and you don't need to try and be rude, this forum is for support from the undernet's community, and from the people who actually care about helping those in need, i answered your question the best i can, i am NOT an oper/admin, and if my post was incorrect, i am SURE one would have replied something different. ( except flaming like the one above, excuse her.. it happens..)
Go to hell with your questions, my time is done here. It was fun, but this network is sooooo corrupted by morons, its not worth it.

MrEen
Posts: 111
Location: Virginia, USA

Post by MrEen »

xplo wrote:( except flaming like the one above, excuse her.. it happens..)


Sensitive much?

By the way, the simple act of asking you a question does not automatically make it a flame.

JMO, and sorry to go off-topic.

MrEen
The bigger fish.

Torman
Posts: 14

Post by Torman »

this will never happen here

I agree that a captcha solution takes quite a lot of work to set up correctly; but it would solve the drone problem very efficiently.

and as alternative, get a Bouncer

I'm not sure if you understand the situation correctly. You're telling me to buy a shell for a bouncer to keep on using the free service Undernet provides (don't get me wrong, I honestly appreciate that service), but there would be no additional value. Other networks are also free and allow Tor which I want to use. You're making me choose between free (as in beer) and a monthly fee for the same services. And frankly, moving channels is easy.

you don't need to try and be rude

If I would have a reason to be rude to you, it would show very clearly. I don't need to beat around the bush.


Blatantly spoken, I'm not really buying the evade argument. We can talk about it when IPv6 has taken over and everything online has a static IP, but until then ISP's will keep on using DHCP with their IPv4 address pools. As long as that's the case, evading a ban is a piece of cake, even for the most retarded troll.

Tor has, at best times, maybe 1,500 exits online. If I stay with my Comcast example from earlier, then you will notice that they currently have 21,124,218 useable DHCP IP's (http://postmaster.comcast.net/dynamic-IP-ranges.aspx). If an op bans a Comcast troll, he just needs to reset his modem and comes back. If that goes on long enough to annoy the op to a certain level, the op will set a ban on *.comcast.net or if he is nice enough to e.g. *.fl.comcast.net "only", blocking millions of hosts. A troll evading through Tor (with a cloaked host) would only cause a colateral damage of 1,500 hosts.

Furthermore, you don't know how many users simply leave without talking about it. When I had my channels on Dalnet and attacks brought it down, all I had to do was to notify the regulars to pass on the message that we will switch networks. One could even just add a CNAME/A irc.* record to his domain and move without having users to change settings. You think I told Dalnet about it back then? I brought this up here because I actually like coming to Undernet, despite the problems with drones/floods/spam. By the way, that's more or less how Undernet itself was born too: users got annoyed with EFnet because nothing was done (or the wrong things were done).

My hostmask/cloak suggestion still stands and I see nothing bad with it. Not only will it hand ban control over to the channel ops, but it is trivial and would also send out a message: Undernet values freedom of speech.