Image of the glider from the Game of Life by John Conway
Skip to content

Securing Your Connection On Freenode

Freenode offers a couple wonderful services to any IRC user that I'm afraid many just know about. They outline it very well on their website, but I'm afraid that many an IRC user aren't taking advantage of them. As such, seeing as though my blog syndicates a couple planets, hopefully I will reach a broad readership who use IRC, and hopefully, I will be able to convince those readers to take advantage of these services.

First, a Freenode cloak and what a it is. When you connect to an IRC server, the server looks up your hostname, and if the servers are in round robin DNS, a server with the least load and shortest ping times is chosen. When connected, your nick, coupled with your hostname, provide a unique identifier for your connection. The only problem is, unless cloaked, anyone can see your hostname, and create a DoS attack on you personally. While rare, and isolated incidents, the exposure makes you vulnerable. Freenode cloaks solve this issue.

What is a cloak? A cloak hides your hostmak, which contains your IP address and/or domain name, keeping others from seeing where your IRC session is connected, and keeping you effectively secure from outside DoS attacks. For example, when you join a channel, your hostmask is displayed as follows:

21:25 -!- lamer [n=user@] has joined #ubuntu

Here we can plainly see the user "lamer" and his IP address. While that might not be the IP address that he is located at, but rather just his IRC session, he is potentially prone to a DoS attack. Now, image that he was cloaked by Freenode staff:

21:25 -!- lamer [n=user@unaffiliated/lamer] has joined #ubuntu

We know his nick, as is needed to communicate with him, but we know nothing of his domain or IP address. A DoS attack on this user would be ineffective.

Unaffiliated cloaks are handed out with no strings attached. The user is asked to follow a few basic rules before the cloak can be given, but if they are met, they are handed out freely and willingly. However, it would be much appreciated if the user would financially donate to Freenode. Such users are given a special cloak, part of "project cloaks". The following cloak would be applied if our user "lamer" above donated at the bronze level:

21:25 -!- lamer [n=user@pdpc/supporter/bronze/lamer] has joined #ubuntu

This cloak is a special cloak that can be worn with pride showing that you are helping Freenode keep up with necessary server maintenance and general overhead. There are many other cloaks that can be applied, if you are involved with a certain project. Ubuntu has such cloaks for approved members, which you have probably seen around the network:

21:25 -!- lamer [n=user@ubuntu/member/lamer] has joined #ubuntu

There are many, many other project cloaks that can be applied, such as Gentoo development, Wikipedia editing and even cooking. Regardless of the cloak, your domain/IP is hidden from the users on the network, effectively killing any chance for a personal DoS attack. If anything else, they look cool and show your involvement with a specific project.

Now, I'd like to move on to another topic, effectively securing your connection even further. The topic is avoiding a specific router exploit called the DCC exploit. Rather than go into the details of how it is executed, the DCC exploit is troublesome for large channels, as it causes massive quits from the channel, effectively flooding the channel. Large channels are getting better, and most routers have patched the bug through firmware updates, but there are still users that are being affected.

What happens in most channels, is if you are affected by this exploit, then usually you will be temporarily banned from the channel until you either patch your router's firmware, or connect to Freenode on a different port. While patching your router's firmware should be your first priority, it definitely isn't the easiest, and you could end up with a dead router if executed poorly. The easiest way to patch this bug is to connect to Freenode on port 8001 as the exploit only affects users on port 6667. Check your IRC client's documentation on how to connect to servers on different ports.Check your IRC client's documentation on how to connect to servers on different ports.

These two tools secure your connection on Freenode, making it pretty difficult to remove you from the network unless you're Freenode staff. While your connection is not secured via encryption, and still in plain text on the wire, unless connected to Freenode's hidden service via tor, you can rest assured that you'll stay connected, given the fact that you have a stable ISP.

I would HIGHLY recommend taking full advantages of these two services: acquiring a cloak, and connecting on port 8001, if you spend any amount of time on Freenode. Join #freenode for further information regarding these topics.

{ 5 } Comments

  1. Ori Avtalion | July 16, 2007 at 11:44 am | Permalink

    "Staying connected" is rarely an issue for me. I just reconnect, or view the specific channel's logs (only if I worry I have missed something important, which rarely happens).

    The only issue I have with freenode, is that I have to identify by plaintext-ing a password. Still, it's just IRC and an attacker can't gain much from my identity.

  2. Aaron | July 16, 2007 at 4:12 pm | Permalink

    @Ori- We chatted about this on IRC, but I think that any password authentication, whether to NickServ or ChanServ should be encrypted. I don't know how that fits in the protocol, and a 100% encrypted connection through SSL introduces a heavy overhead and longer ping times, but the benefits far out weigh the necessary trouble.

  3. Michaël | July 17, 2007 at 7:45 am | Permalink

    Ori, I didn't know I could read the logs for each channel. Where can I do that? Thanks.

  4. Stephen Seplowitz | July 17, 2007 at 8:21 am | Permalink

    Hey Aaron, thanks for this post; I follow the Ubuntu planet and followed your recommendations. I haven't been active on IRC for a bit, but I'm always online, so cloaking and re-porting were probably a good idea. Again, thanks.

  5. cgreality | May 24, 2009 at 5:21 pm | Permalink

    За последнее время популярность покупок недвижимости в Черногории возрастает. Во-первых, недвижимость в Черногории - прекрасное вложение инвестиций. Во-вторых, недвижимость в Черногории можно применить и для личного сезонного отдыха. Для россиян нет никаких препятствий для приобретения недвижимости в Черногории, на берегу Адриатического моря. Кроме того, квартиры в Черногории гораздо дешевле, чем скажем, у нас в Сочи. Соседняя страна - Словения также предоставляет возможность покупки недвижимость. Для приобретения недвижимости в Словении нужно образовать фирму на территории этой страны с капиталом не менее 10.000 евро. Для того чтобы попасть в Словению - достаточно сделать обычную визу в Европу. Словения - член Евросоюза. Приобретая недвижимость в Словении, вы становитесь жителем одной из самых живописных стран мира. Квартиры в Словении также вполне доступны по цене.

{ 3 } Trackbacks

  1. [...] Aaron Toponce » Blog Archive » Securing Your Connection On Freenode How to keep yourself more secure while chatting on freenode. IMHO, all irc networks should have this feature. (tags: freenode irc security tips) [...]

  2. [...] IRC and Freenode should take the time to read and implement these security features. Thanks Aaron! [ Freenode Security by Aaron [...]

  3. [...] «Sécurisez votre connexion sur Freenode» - L’un des membres d’Ubuntu, Aaron Toponce alias atoponce, nous fournit un autre HOWTO sur la sécurité de votre connexion Freenode. Aaron décrit d’abord comment masquer votre nom d’hôte pour empêcher une attaque DOS. Les membres Ubuntu ont droit à un masque gratuit avec leur adhésion, un des petits plus qui vient avec la carte de membre. Quoi qu’il en soit, en terme de pourcentage, il y a bien plus de non-membres que de membres. La seconde partie explique comment éviter un faille spécifique du routeur, nommée DCC en changeant le port sur lequel vous vous connectez. Tous ceux qui utilisent IRC et Freenode devraient prendre le temps de lire et d’implémenter ces mesures de sécurité. Merci Aaron! La sécurité sur Freenode par Aaron Toponce [...]

Post a Comment

Your email is never published nor shared.