From owner-freebsd-questions Thu Sep 5 8:26:50 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7030A37B400 for ; Thu, 5 Sep 2002 08:26:45 -0700 (PDT) Received: from anchor-post-30.mail.demon.net (anchor-post-30.mail.demon.net [194.217.242.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EA9743E3B for ; Thu, 5 Sep 2002 08:26:44 -0700 (PDT) (envelope-from rob@aphnet.co.uk) Received: from mailgate.aphnet.co.uk ([62.49.140.130] helo=aph2k.aphinternal.aphnet.co.uk) by anchor-post-30.mail.demon.net with esmtp (Exim 3.35 #1) id 17myWl-0006bl-0U; Thu, 05 Sep 2002 16:26:40 +0100 Received: from aph2k.aphnet.co.uk ([192.168.5.1]) by aph2k.aphinternal.aphnet.co.uk with Microsoft SMTPSVC(5.0.2195.3779); Thu, 5 Sep 2002 16:30:07 +0100 Message-Id: <5.1.1.6.0.20020905161556.03233788@pop3.norton.antivirus> X-Sender: rob@aph2k X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Thu, 05 Sep 2002 16:29:31 +0100 To: Redmond Militante , freebsd-questions@freebsd.org From: Rob O'Donnell Subject: Re: Forging identd while chatting in IRC channel In-Reply-To: <20020905144856.GA354@darkpossum> References: <20020905022753.GC76893@vectors.cx> <20020905020403.GA23029@houston.rr.com> <20020905022753.GC76893@vectors.cx> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-OriginalArrivalTime: 05 Sep 2002 15:30:07.0953 (UTC) FILETIME=[1D8E9410:01C254F1] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 09:48 05/09/2002 -0500, Redmond Militante wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >hi > >this looks cool > >is there any way to get it forge a hostname, versus a username >i tried the -s option, didn't seem to work. -m option works fine > > >thanks > >redmond > >On Wed, Sep 04, 2002 at 07:27:53PM -0700, Adam Weinberger expatiated with >great perspicuity: > > security/liedentd > > > > -Adam > > Since the IRC server needs to know a real IP address in order to talk to you, you'll never be able to hide completely. AFAIK most servers echo the RDNS for address you connected from. If you have access to the reverse-DNS for your IP, then you could manipulate this; put something more to your taste in there, but unless you have your own IP range, and are not merely a user of some random ISP, you are unlikely to be able to do this. In any case, a lot of servers (irc & ftp particularly) will also check your forward-DNS matches the reverse-DNS and block if it doesn't, so you can end up shooting yourself in the foot anyway, if you try and hide by putting the name of someone else in your RDNS. Basically, if you don't want someone to know where you're connecting from, don't connect to them. You could try using one of the publicly accessible (some accidentally so) proxy servers, but then you get into all sorts of issues with DCC. (If anybody knows how to set mIRC on a xp box up to work through a FreeBSD router running ppp's NAT + socks5 proxy server such that DCC works perfectly in both directions, I'd love to know!) HTH Rob. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message