[TriLUG] IRC question

Jon Carnes jonc at nc.rr.com
Sun Sep 14 23:25:52 EDT 2003 

On Sun, 2003-09-14 at 20:25, Steve Kuekes wrote:
> I'm new to IRC chatting the am attempting to connect to the trilug irc 
> system with a /server irc.trilug.org
> 
> I get the following messages
> Connecting to irc.trilug.org via irc.trilug.org:6667, attempt 1 of 5...
> ===	*** Looking up your hostname...
> ===	*** Found your hostname, welcome back
> ===	*** Checking ident
> ===	*** No identd (auth) response
> ===	*** Banned: proxyscan; Open proxy found on your host. Please check 
> with staff at freenode.net for more information.
> 
> I am using a mozilla chat on a windoze system behind my linux firewall. 
>   Do I need to change something on the firewall?
> 
Sounds like the firewall has some open ports that the IRC server doesn't
like.  A quick google turned this up: 

http://216.239.41.104/linux?q=cache:IooQgJ2SsC0J:benkenobi.linux-charleroi.be/archives/faq/firewall-seen-faq.html+proxyscan%3B+Open+proxy+found+on+your+host&hl=en&ie=UTF-8

1.11 IRC servers are probing me.
        One of the most popular applications is "chat", like IRC. One
        feature of chat programs is that they reveal the IP address of
        the people you are chatting with. One problem with chatrooms is
        that people enter the rooms "anonymously" and play around,
        either by disrupting conversations with offtopic comments and
        flamebait, or by "flooding" the servers or other clients in an
        attempt to kicked them off. 
        
        Therefore, both servers and clients are implementing measures to
        stop "anonymous" use of chatrooms. In particular, they check
        people entering chatrooms in order to see if they are "proxying"
        through some other connection. The most popular of such probes
        is SOCKS. The assumption is that if the IP address of where you
        are coming from supports SOCKS, then it is possible that you
        have a completely separate machine and are only going through
        the indicated machine in order to hide your true identity.
        Undernet's policy on this can be found at
        http://help.undernet.org/proxyscan. 
        
        At the same time, crackers/hackers will scan people's machines
        in order to determine if they are running some sort of server
        that can be bounced through. Again, by checking for SOCKS, the
        attacker hopes to find somebody that has left SOCKS open, such
        as a home user implementing connection sharing using SOCKS, but
        accidentally configured it so that anybody on the Internet has
        access to it.

More information about the TriLUG mailing list