[ sallle @ 22.10.2002. 22:39 ] @

Na mnogim irc serverima nije vidljiv IP, vec se to na neki nacin kriptuje. npr ASY-DBO.verat.net (ili nesto slicno).

Ne znam kakva je funkcija u pitanju, pa me interesuje ako neko zna, kakav se algoritam ovde primenjuje (cini mi se da ne daje random vrednosti s obzirom da jednom ip-u odgovara jedna maska)?

U principu i ako mozda nije reverzibilna f-ja (ili se ne zna inverzna), nije tesko napraviti tabelu ( IP - masked IP), s obzirom na ogranicen adresni prostor koji koriste nasi provajderi...

poz,
sale

[ StratOS @ 27.10.2002. 13:04 ] @
jednog primjera :

<01:56pm> * Parts: dupenner ([email protected])
<01:56pm> * Quits: Nofearble ([email protected]) (Quit: MULEz SCRIPT: Beat me up, Scotty!)
<01:56pm> * Joins: Chudy ([email protected])
<01:56pm> * Joins: xxxOOxxx ([email protected])
<01:56pm> * Quits: Bazza12434 ([email protected]) (Quit: )
<01:56pm> * Quits: goaguy23 ([email protected]) (Quit: )
<01:56pm> * Joins: grumpa1 ([email protected])
<01:56pm> * Joins: ELII ([email protected])
<01:56pm> * Quits: grumpa ([email protected]) (Write Error: Broken pipe)
<01:56pm> * Parts: becko ([email protected])

mislim, da je to random crypt zasada, jer sam prvi put to sada video ili bar neki dobar (ultra) crypt sa strane servera (dužine su skoro iste).

bas tako mislim

[Ovu poruku je menjao StratOS dana 27.10.2002. u 15:45 GMT]
[ StratOS @ 27.10.2002. 13:14 ] @
evo malo vise podataka :

zanimljivo, ima vise mogucnosti takvog maskiranja :
primjer 3 (mislim, da ih ima vise)

1.
89E2FA6AD98D427298EDE275F813AAx
9A9DBD32AB58C586DC43CE3BCFBC19x
DF3FB952EFA387896F2EB65EBAD13Ex
DC9123A8880B18DD02836413A8F61x
968DDA332AE3C177B197C94018E584x
334AA6E894A828EE4FB598836F380x
9FE6EF593469D992EF454B6EC8AF7x
EF169A49417E3965E07985D4E8CF9x
7B789467FDF210A46F4D1797323222x
F3493181D38B25D705CD6792D4D36x
3A939BC96E57AE76FDF78278075FFx
A9DB3AE5684D5F6B4BBF12B3554EBx
A41C56D43F3D8939A7AB5ECDFFFACx
EA60AF849614EE8D5C39E866CCCDDx
BB67E4D4B5BB9A7A488B47AC23132Dx
C4DC65D7DA9EFB97A6CA738FF8692x
DEA1F35962CE2C951186B75D905F11x
334AA6E894A828EE4FB598836F380x
795D88B6CAA6B72B676FFA7FA812EDx
CFD2718C510897B7A6C1241E22DC3x
616AD40F287EF483BFBCCC4FD467Bx
DD87AC3FA6466FEFA547E4E5E1849Bx
131452512C694ED876E19D3AF7B98x
8644B72C7AF149663D73AF37BB421Bx
9F8EA244A7A083EA61EFF3CE2F5Bx


2.
0x354f3b3c.0xdf46914.dip.t-dialin.net
0x231e202b.0x13e0fa6.cable.ntl.com



3.
0x1da97c9.0x1e706c24.0x355d5b65.0x31478372X
x1da97c9.0x1e706c24.0x355d5b65.0x31478372X



Kao da prvo napravi maksimalan string, koji je moguc za neki DNS (no i ta vrijednost me zanima), onda zafila cijeli moguci string recimo npr, da DNS nesmije da bude dugacak vise od 255 i to se prikljuci na kraj stringa kao i primjer na 2., no, da dođe do dobre enkripcije treba da cijeli preostali dio stringa da se zapuni ( gledaj 2., zanimljivo, tu se upotrijebe cak i ".", sveskupa se po moje enkriptira u 3. ( taj ima jos ".", a poslje u 1.


Not complete secure to hide IP/Hostnames from users, if you are not a channel operator you can request the mask for other users.
Example: If you want to known the IP for the user [email protected] use the /who command and replace the dots and the (X) for (?)

/who [email protected]?15?200?1

/who [email protected]?15?200?2

Here the server response with the user selected and you go to unmask the next number

/who [email protected]?15?200?21

/who [email protected]?15?200?22

/who [email protected]?15?200?23


This is not a security vulnerability but with a command send to the victim return Private Information
For example, you are connected to one IRCX server or IRCD server whit spoofed or masked IP.
If you want to known the B-USER's ip send a text in the channel like
/say #channel !find B-USER
and the IRCap user will tell you the IP without the mask if have OP status

za vise pogledaj http://mdefense.f2g.net/security.htm
bas sam se namucio oko toga ...