Modules/2.0/cloaking

From the makers of InspIRCd.
Jump to: navigation, search
Read carefully!
Important:  This module has changed since InspIRCd 2.0.
There is a new method of settings and it is wise to read this page carefully!

cloaking module (2.0 version)

Current Future
2.0 Documentation 3.0 Documentation
Return to the 2.0 Module List
Description
Masks the hostnames of users so their real hostname doesn't show to other users. This shows in a form like: [email protected] or [email protected].
Configuration Tags
When the m_cloaking module is loaded, it will need to be configured before it can be used. The cloak:key setting is essential, and is the whole basis of a cloak key.
<cloak mode="half|full"
     key="secret"
     prefix="Network-">
<cloak mode="compat-host|compat-ip"
     key1="0x2AF39F40"
     key2="0x78E10B32"
     key3="0x4F2D2E82"
     key4="0x043A4C81"
     prefix="Network-">
mode This is the type of cloaking you wish to use on the network. There are currently 4 different types available; half, full, compat-host and compat-ip.

half: Cloak only the "unique" portion of a host; show the last 2 parts of the domain, /16 subnet of IPv4 or /48 subnet of the IPv6 address.
full: Cloak the users completely, using three slices for common CIDR bans (IPv4: /16, /24; IPv6: /48, /64).

NOTE: The following two modes are for compatibility, you should consider using one of the modes mentioned above. They are slightly less secure and always hide unresolved IPs. compat-host: InspIRCd 1.2-compatible host-based cloaking.
compat-ip: InspIRCd 1.2-compatible ip-always cloaking.

key This is a string, a series of numbers, or complete jargon. It helps the module generate a hash to cloak a hostname. It must be unique for your network and hard to guess, but must be the same on every server on the network.

NOTE: If you are using the modes compat-host or compat-ip, you must specify key1, key2, key3, key4. It is recommended that you use hexdecimal numbers prefixed by "0x" with each key eight hex digits long. The values must be less than 0x80000000 and should be picked at random.

prefix This is what you want to appear before the cloaked hostnames on your network. This will add its own little unique touch, and is purely vanity. If you leave it empty, it defaults to your network name with an '-' appended (i.e. 'ChatSpike-').
Modes
User mode: +x - Cloaks hostname. This mode will not be set automatically on users upon connect, to do this you must use m_conn_umodes.so.
Extended Bans (Extbans)
This module implements no extended bans.
Commands
This module adds no extra commands.
Special Notes
The hostname will be cloaked by taking the first portion of the hostname (before the .) and replacing it with a hash of the entirety of the hostname (hashed as a string), prefixed by the network name, for example "ChatSpike-0DF3269C". Because the hash is built from the entire hostname and not the ip address, the hash generated when the user does not resolve is different from the hash generated when the user does resolve. Also because the length of the hashed result is considerably shorter than the actual hash, a lot of data is purposefully lost in the process, meaning that there is no way to reverse the cloaking process on a hostname and retrieve the users IP address. This means that the cloak key's only use is to make cloaked hosts unique to your network, as it is simply not a reversible algorithm in any way, shape or form. Please note that a potential risk may exist if an attacker knows all possible hostnames on your network, and it is a very small network, as the attacker may guess at which hostname you are using. This risk exists on all host-cloaking IRCd software.


Dependencies
MD5