Modules/cloaking
From the makers of InspIRCd.
cloaking module (InspIRCd-cloaking version)
| 1.0 Documentation | 1.1 Documentation | 1.2 Documentation |
| Description
|
| Masks user hostnames in the style of CLOAKEDHOST.Network.cloak, for example, 0284D4C2C220AFC6.TEST.cloak. |
| Configuration Tags
|
If you specify the m_cloaking.so module, you must define a set of cloak keys, and optionally a cloak prefix as shown below. When using cloaking, the cloak keys are MANDATORY and must be included. However, if prefix is not included, it will default to your networks name from the <server> tag.
<cloak key1="0x2AF39F40" key2="0x78E10B32" key3="0x4F2D2E82" key4="0x043A4C81" prefix="mynet" ipalways="false" lowercase="false"> Please note that the key values will accept any positive number between 0 and 2147483648 (=0x80000000), and should be large numbers. The 2147483648 limit is for hexadecimal keys as well as decimal keys. Using small numbers such as "7" or "1924" will seriously weaken the security of your cloak. Cloak settings should be identical on all servers! ipalways is used to only ever cloak the user's IP address, and not their hostname: therefore not disclosing any part of where the user is physically located to non-opers. lowercase is an asthetic setting, used to lowercase the cloaked host of all users. |
| Modes
|
| User mode: +x - Cloaks hostname. This mode will not be set automatically on users upon connect, to do this you must use m_conn_umodes.so. |
| Extended Bans (Extbans)
|
| This module implements no extended bans. |
| Commands
|
| This module adds no extra commands. |
| Special Notes
|
| The hostname will be cloaked by taking the first portion of the hostname (before the .) and replacing it with a hash of the entirety of the hostname (hashed as a string), prefixed by the network name, for example "ChatSpike-0DF3269C". Because the hash is built from the entire hostname and not the ip address, the hash generated when the user does not resolve is different from the hash generated when the user does resolve. Also because the length of the hashed result is considerably shorter than the actual hash, a lot of data is purposefully lost in the process, meaning that there is no way to reverse the cloaking process on a hostname and retrieve the users IP address. This means that the cloak key's only use is to make cloaked hosts unique to your network, as it is simply not a reversible algorithm in any way, shape or form. Please note that a potential risk may exist if an attacker knows all possible hostnames on your network, and it is a very small network, as the attacker may guess at which hostname you are using. This risk exists on all host-cloaking IRCd software. |
| Dependencies
|
| The MD5 Service Provider Module |
