Editing IRC
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 83: | Line 83: | ||
Some tips on creating hostmasks: | Some tips on creating hostmasks: | ||
* Around trollcon 2, trolls may start joining from multiple domain names. Make sure to reverse lookup the names to see if they're in the same network block. If they are, set a mask for the whole block. | * Around trollcon 2, trolls may start joining from multiple domain names. Make sure to reverse lookup the names to see if they're in the same network block. If they are, set a mask for the whole block. For example, morb (an actual troll) has control of several machines in 208.122.47.88/29. Two of the machines are named failure.mysqrl.com and variance.misentropic.com. Looking up these names shows that they're in the same network block: | ||
$ dig +short variance.misentropic.com | |||
208.122.47.88 | |||
$ dig +short failure.mysqrl.com | |||
208.122.47.95 | |||
Setting a mask of *!*@208.122.47.* will catch all computers in the surrounding /24 without having to enter masks for each one individually. For more precise information on what network block the addresses are in, try using a referral-following whois tools like whois.domaintools.com. | |||
* Don't bother with username masks (*!username@host.com) unless you know that a troll is on a shared vhost they don't have root on (such as chef.nerp.net). It is common for trolls to be able to spoof ident replies. | * Don't bother with username masks (*!username@host.com) unless you know that a troll is on a shared vhost they don't have root on (such as chef.nerp.net). It is common for trolls to be able to spoof ident replies. | ||
* Note that afraid.org provides a large pool of domains which can have reverse DNS entries added by arbitrary members of the public. Subdomains under a domain hosted by afraid.org may be entirely legitimate, although you should report offensive subdomains to dnsadmin at afraid dot org for TOS/AUP violations. | * Note that afraid.org provides a large pool of domains which can have reverse DNS entries added by arbitrary members of the public. Subdomains under a domain hosted by afraid.org may be entirely legitimate, although you should report offensive subdomains to dnsadmin at afraid dot org for TOS/AUP violations. |