/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
"Gino LV. Ledesma" wrote:
> Greetings!
>
> I've been browsing the IP-Masq and IPChains How-tos but I've not come
> across experiences with people attempting to prevent DCC connections. I've
> only seen posts where people have troubled DCC connections.
Keep in mind DCC is not irc. Rather it is an irc client function.
Hence
its name Direct Client to Client
> I currently help administer a small network of about 40 clients, mostly
> running Windows. Currently, the masq server has blocked all known IRC ports
> because of bandwidth issues we have to resolve -- the clients in the network
> use IRC DCC'ing for relatively speedy transfers of MP3 files and other
> pirated software.
irc itself takes very little bandwidth. Remember it was used during the
time a 9600 baud modem was considered fast. As a rule, most people do
not
use over 1200bps with normal chat.
> However, our blocking of IRC ports means there is no IRC chatting all
> throughout -- which affects those who do not initiate DCC sessions. As such,
> how is it possible to set up IPMasq/IPChains to allow IRC connections BUT
> prevent any DCC connections? What does the ip_masq_irc module do exactly? If
> this module is not loaded, will I be able to achieve IRC without DCCs?
ClientA<---->IpMasq<--->ircd<--->ClientB
Initiated by ClientA (DCC SEND or DCC CHAT)
ClientA sends through the firewall, though the server, to ClientB:
PRIVMSG ClientB :^aDCC CHAT chat 167837953 2641^a
The ^a means it is a CTCP request.
167837953 = 10.1.1.1 (the private address of ClientA)
2641 = the port Client A has set up to receive on
What the ip_masq_irc module does is look for this message and change
the 167837953 to the address of the firewall and start listening on
port 2641. When it finds it, the module redirects the packets as it
would its own Masq. With the sole exception of the first CTCP,
none of the rest goes by way of the ircd.
If the situation were reversed ClientB would send a similar request
to ClientA. The firewall being able to mask all ports for ClientA
above 1024 would then initiate a connection to that client. Where
you could stop your users from sending DCC would could not stop
them from receiving them. You would need to change the src code
to watch and filter all DCC, which should not be too hard.
A question though, why allow irc at all? It is generally considered
a great waster of time.
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
