On Mon, May 21, 2001 at 10:15:24PM -0300, Leonardo P wrote:
> My point is IP Maskerading. I have changed .13 version for using on my
> network (irc.unirc.org), and we are not using it yet. I and my friends had
> done an encryption algoritm that use RC5 for hiding user's IP or Host.
We have done a similar thing to ircu, but using SHA-1 instead of RC5. In
order to make reverse engineering the host/IP from the protected host
impossible, we hash the host/IP together with a shared secret, which is
broadcasted among all ircds on the network (it is stored in a file on hub
ircds, leafs receive it upon connecting). We also use SSL connections, so
the secret key can't be sniffed. ;)
> The new IP or Host is based on the real IP. If the IP resolves, visible host
> turns ENCRIPTED_STUFF.host.com. If not, it turns
> ENCRIPTED_STUFF.200.250.19.O , for instance.
Our hosts follow the popular text-12345.host.com scheme, for IPs we have
123.123.12345.12345 (the numbers are kept above 256 to avoid ambiguity). We
also try to compensate as much as possible for ISPs which put the IP into
the hostname. The algorithm isn't 100% foolproof, but seems to work OK so
far. Banning works as expected, and for people who want to show their real
host/IP, we have usermode +x to turn off protection (bans on the protected
version of the host/IP still have effect of course).
[shameless plug] Our project is at <http://sourceforge.net/projects/irco>,
for anyone's that interested.
Richard
