prepare for 2.0 release

This commit is contained in:
Fish 2004-01-14 13:10:50 +00:00
parent 8e2ef5d755
commit 28f39dbc0e
8 changed files with 226 additions and 69 deletions

View file

@ -3,6 +3,7 @@ Open Proxy Scanning Bot Module for NeoStats Changelog.
* Version 2.0 * 29/12/2003 * Fish (F) and Mark (M) * Version 2.0 * 29/12/2003 * Fish (F) and Mark (M)
- Fixed incorrect parameters to printf style functions (M) - Fixed incorrect parameters to printf style functions (M)
- Use more appropriate defines for buffer sizes since MAXHOST differs between IRCds (M) - Use more appropriate defines for buffer sizes since MAXHOST differs between IRCds (M)
- Added Help information for PORTS command, which I forgot (F)
* Version 2.0 * 29/12/2003 * Fish (F) and Mark (M) * Version 2.0 * 29/12/2003 * Fish (F) and Mark (M)
- Some segv updates from M (mark@ctcp.net) (M/F) - Some segv updates from M (mark@ctcp.net) (M/F)

130
OPSB.xml
View file

@ -14,7 +14,7 @@
scanning library available at http://www.blitzed.org, but unlike the BOPM scanning library available at http://www.blitzed.org, but unlike the BOPM
software, it has native support to scan all clients network wide, rather software, it has native support to scan all clients network wide, rather
than via individual servers. This means that you only need one OPSB service than via individual servers. This means that you only need one OPSB service
running on your network to protect your entire IRC network. </para> running on your network to protect your entire IRC network.</para>
<para>Additionally, OPSB makes use of Open Proxy lists. These lists often <para>Additionally, OPSB makes use of Open Proxy lists. These lists often
contain IP addresses of verified Open Proxies, and OPSB can ban these users contain IP addresses of verified Open Proxies, and OPSB can ban these users
@ -28,13 +28,13 @@
the overhead of running multiple copies of proxy scanning software. In the overhead of running multiple copies of proxy scanning software. In
addition, it has the ability to Queue up scans, so during periods of peak addition, it has the ability to Queue up scans, so during periods of peak
usage, OPSB will not consume all bandwidth or file descriptors, but still usage, OPSB will not consume all bandwidth or file descriptors, but still
scan users in a timely manor. </para> scan users in a timely manor.</para>
<para>Proxy Scanning is only one defence against Trojans and Malicious <para>Proxy Scanning is only one defence against Trojans and Malicious
users, and can not detect all types of open Proxies. We therefore recomend users, and can not detect all types of open Proxies. We therefore recomend
that the IRC administrators run other software such as SecureServ, and that the IRC administrators run other software such as SecureServ, and
familiarize themselves with the OperServ functionality found in most familiarize themselves with the OperServ functionality found in most
traditional IRC services packages. </para> traditional IRC services packages.</para>
<para>By Default, OPSB scans the following protocols and ports (But this can <para>By Default, OPSB scans the following protocols and ports (But this can
be easily customized)</para> be easily customized)</para>
@ -68,7 +68,7 @@
<para>These ports are some of the more common ports, but administrators <para>These ports are some of the more common ports, but administrators
might find other ports that are often associated with open proxies. In these might find other ports that are often associated with open proxies. In these
cases, the administrator can simple add the new port to be scanning without cases, the administrator can simple add the new port to be scanning without
restarting OPSB. </para> restarting OPSB.</para>
<warning> <warning>
<para>When picking a host to run OPSB from, make sure you check with your <para>When picking a host to run OPSB from, make sure you check with your
@ -83,18 +83,6 @@
TRANSPARENT PROXY.</para> TRANSPARENT PROXY.</para>
</warning> </warning>
<warning>
<para>As of writting, this software is BETA quality. Not all functionality
has been implemented, and additionally, there might be some &#34;BAD&#34;
bugs in OPSB that cause it to AKILL your entire network. Our testing and
Development of OPSB was run on a large network, and so far, has proved
stable, and effective in protecting our network, BUT every users
enviroment is different. While we have taken all precautions and conducted
a extensive QA cycle before the release of OPSB, its a &#34;Use at your
Own Risk&#34; Module. Of Course, if you do have bad experiences with OPSB,
please let us know at <link linkend="???">http://www.neostats.net/boards/</link></para>
</warning>
<para>OPSB is written and maintained by Justin Hammond. It requires the <para>OPSB is written and maintained by Justin Hammond. It requires the
NeoStats software. More information about OPSB, or NeoStats, can be found at NeoStats software. More information about OPSB, or NeoStats, can be found at
<link linkend="???">http://www.neostats.net/</link></para> <link linkend="???">http://www.neostats.net/</link></para>
@ -284,7 +272,7 @@ ld -shared -o opsb.so opsb.o proxy.o opsb_help.o libopm/libopm
that should be excluded from monitoring by OPSB. This exclusion list that should be excluded from monitoring by OPSB. This exclusion list
would allow a administrator to say, allow users on that are matched would allow a administrator to say, allow users on that are matched
against a open proxy, when the administrator has verified that the against a open proxy, when the administrator has verified that the
trojan does not in fact exist on the users host. </para> trojan does not in fact exist on the users host.</para>
<caution> <caution>
<para>Exclusions should be setup for your Services Server, so that <para>Exclusions should be setup for your Services Server, so that
@ -356,7 +344,7 @@ ld -shared -o opsb.so opsb.o proxy.o opsb_help.o libopm/libopm
This may not always be what you wish, as it can help a attacker map our This may not always be what you wish, as it can help a attacker map our
how your network is structured. Ideally, you should pick the IP address how your network is structured. Ideally, you should pick the IP address
of a IRC server you host that is stable and on a fast connection, and of a IRC server you host that is stable and on a fast connection, and
enter its IP address and port numbers into OPSB. </para> enter its IP address and port numbers into OPSB.</para>
<para><emphasis role="bold">Changing the TargetIP</emphasis></para> <para><emphasis role="bold">Changing the TargetIP</emphasis></para>
@ -424,7 +412,7 @@ ld -shared -o opsb.so opsb.o proxy.o opsb_help.o libopm/libopm
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>CACHETIME </para> <para>CACHETIME</para>
</listitem> </listitem>
<listitem> <listitem>
@ -440,15 +428,15 @@ ld -shared -o opsb.so opsb.o proxy.o opsb_help.o libopm/libopm
</listitem> </listitem>
<listitem> <listitem>
<para>MAXBYTES </para> <para>MAXBYTES</para>
</listitem> </listitem>
<listitem> <listitem>
<para>TIMEOUT </para> <para>TIMEOUT</para>
</listitem> </listitem>
<listitem> <listitem>
<para>OPENSTRING </para> <para>OPENSTRING</para>
</listitem> </listitem>
<listitem> <listitem>
@ -458,6 +446,10 @@ ld -shared -o opsb.so opsb.o proxy.o opsb_help.o libopm/libopm
<listitem> <listitem>
<para>SCANMSG</para> <para>SCANMSG</para>
</listitem> </listitem>
<listitem>
<para>PORTS</para>
</listitem>
</itemizedlist> </itemizedlist>
<para>To change any of these settings, you use the Set Interface in OPSB. <para>To change any of these settings, you use the Set Interface in OPSB.
@ -483,7 +475,7 @@ ld -shared -o opsb.so opsb.o proxy.o opsb_help.o libopm/libopm
networks that are concerned about performance or memory usage of OPSB networks that are concerned about performance or memory usage of OPSB
may with to leave this setting as it is. Setting the cache time to 0 may with to leave this setting as it is. Setting the cache time to 0
disables the use of caching, and forces OPSB to scan every user disables the use of caching, and forces OPSB to scan every user
connecting every time. </para> connecting every time.</para>
<para>To Change the setting, issue the following Command:</para> <para>To Change the setting, issue the following Command:</para>
@ -496,7 +488,7 @@ ld -shared -o opsb.so opsb.o proxy.o opsb_help.o libopm/libopm
<para>Sometimes a IRC administrator may wish to only make use of the <para>Sometimes a IRC administrator may wish to only make use of the
Open Proxy list lookup, and not actually perform a scan on users. Open Proxy list lookup, and not actually perform a scan on users.
DISABLESCAN forces OPSB to only perform a lookup of the IP address in DISABLESCAN forces OPSB to only perform a lookup of the IP address in
the configured OPMDOMAIN. </para> the configured OPMDOMAIN.</para>
<para>If you wish to turn off Proxy checks, issue the following command</para> <para>If you wish to turn off Proxy checks, issue the following command</para>
@ -509,7 +501,7 @@ ld -shared -o opsb.so opsb.o proxy.o opsb_help.o libopm/libopm
<para>Often, when setting up OPSB for the first time, or making changes <para>Often, when setting up OPSB for the first time, or making changes
to the ports that are to be scanning, you may wish to test OPSB without to the ports that are to be scanning, you may wish to test OPSB without
it actually performing a AKILL. Turning DOBAN off disables the placement it actually performing a AKILL. Turning DOBAN off disables the placement
of a AKILL on open Proxy hosts. </para> of a AKILL on open Proxy hosts.</para>
<para>To Change the setting, issue the following Command:</para> <para>To Change the setting, issue the following Command:</para>
@ -539,7 +531,7 @@ ld -shared -o opsb.so opsb.o proxy.o opsb_help.o libopm/libopm
Proxy. As we check ports that are common with legitimate applications Proxy. As we check ports that are common with legitimate applications
such as webservers, we don&#39;t need to download the entire webpage to such as webservers, we don&#39;t need to download the entire webpage to
determine that it is not a open proxy. By default, we only read 500 determine that it is not a open proxy. By default, we only read 500
bytes which should be sufficient for most networks. </para> bytes which should be sufficient for most networks.</para>
<para>To Change this Setting, issue the following Command:</para> <para>To Change this Setting, issue the following Command:</para>
@ -597,12 +589,94 @@ ld -shared -o opsb.so opsb.o proxy.o opsb_help.o libopm/libopm
<para>This setting changes the default message that is sent to users <para>This setting changes the default message that is sent to users
when they sign on the IRC network. You can customise this message to when they sign on the IRC network. You can customise this message to
point to a webpage giving more details, or customize to your local point to a webpage giving more details, or customize to your local
language. </para> language.</para>
<para>To Change the setting, issue the following Command:</para> <para>To Change the setting, issue the following Command:</para>
<screen>/msg OPSB set SCANMSG &#60;msg&#62; </screen> <screen>/msg OPSB set SCANMSG &#60;msg&#62; </screen>
</sect2> </sect2>
<sect2>
<title>PORTS Setting</title>
<para>The ports setting allows you to customize what ports and protocols
are scanned when users connect to your IRC network. This can be used to
detect proxies that are running on additional ports that OPSB does not
scan by default. </para>
<sect3>
<title>Listing Ports/Protocols</title>
<para>To list the current protocols and the assocated ports, issue the
following command:</para>
<screen>/msg OPSB ports list</screen>
<para>And the following is displayed:</para>
<screen>&#62;opsb&#60; ports list
-opsb- Port List:
-opsb- 1) HTTP Port: 80
-opsb- 2) HTTP Port: 8080
-opsb- 3) HTTP Port: 8000
-opsb- 4) HTTP Port: 3128
-opsb- 5) SOCKS4 Port: 1080
-opsb- 6) SOCKS5 Port: 1080
-opsb- 7) WINGATE Port: 23
-opsb- 8) ROUTER Port: 23
-opsb- 9) HTTPPOST Port: 80
-opsb- 10) HTTPPOST Port: 8080
-opsb- 11) HTTPPOST Port: 8000
-opsb- 12) HTTPPOST Port: 3128
-opsb- End of List.</screen>
</sect3>
<sect3>
<title>Adding Ports</title>
<para>To add a additional port to scan with a particular protocol, use
the following command:</para>
<screen>/msg opsb ports add &#60;type&#62; &#60;port&#62;</screen>
<para>Where:</para>
<para>&#60;type&#62; is the type of Protocol to use. Either:</para>
<para>HTTP</para>
<para>HTTPPOST</para>
<para>SOCKS4</para>
<para>SOCKS5</para>
<para>WINGATE</para>
<para>ROUTER</para>
<para>&#60;port&#62; is any valid port number between 1 and 65535</para>
<para>The change is imediate, and new users will have these ports
scanned when they connect. </para>
</sect3>
<sect3>
<title>Deleting Ports</title>
<para>If you wish to delete a port to be scanned, issue the following
command:</para>
<screen>/msg opsb ports del &#60;id&#62;</screen>
<para>Where &#60;id&#62; is the ID number of the port/Protocol you
wish to delete. ID can be obtained from a port listing command
described above. </para>
<para>OPSB requires a restart when deleting a port, so you should
either restart NeoStats, or Reload the OPSB module. </para>
</sect3>
</sect2>
</sect1> </sect1>
<sect1> <sect1>
@ -688,7 +762,7 @@ ld -shared -o opsb.so opsb.o proxy.o opsb_help.o libopm/libopm
<title>CHECK Command</title> <title>CHECK Command</title>
<para>This command forces OPSB to perform a full scan on the specified <para>This command forces OPSB to perform a full scan on the specified
nickname, ip adress or hostname. </para> nickname, ip adress or hostname.</para>
<para>The format of the command is as follows:</para> <para>The format of the command is as follows:</para>

View file

@ -23,6 +23,11 @@ OPSB Manual
3.7. OPENSTRING 3.7. OPENSTRING
3.8. SPLITTIME 3.8. SPLITTIME
3.9. SCANMSG Setting 3.9. SCANMSG Setting
3.10. PORTS Setting
3.10.1. Listing Ports/Protocols
3.10.2. Adding Ports
3.10.3. Deleting Ports
4. Operational Commands 4. Operational Commands
@ -91,18 +96,6 @@ Warning
provider that does not run a transparent proxy. THERE IS NO WAY FOR provider that does not run a transparent proxy. THERE IS NO WAY FOR
OPSB TO DETECT IT IS BEHIND A TRANSPARENT PROXY. OPSB TO DETECT IT IS BEHIND A TRANSPARENT PROXY.
Warning
As of writting, this software is BETA quality. Not all functionality
has been implemented, and additionally, there might be some "BAD" bugs
in OPSB that cause it to AKILL your entire network. Our testing and
Development of OPSB was run on a large network, and so far, has proved
stable, and effective in protecting our network, BUT every users
enviroment is different. While we have taken all precautions and
conducted a extensive QA cycle before the release of OPSB, its a "Use
at your Own Risk" Module. Of Course, if you do have bad experiences
with OPSB, please let us know at http://www.neostats.net/boards/
OPSB is written and maintained by Justin Hammond. It requires the OPSB is written and maintained by Justin Hammond. It requires the
NeoStats software. More information about OPSB, or NeoStats, can be NeoStats software. More information about OPSB, or NeoStats, can be
found at http://www.neostats.net/ found at http://www.neostats.net/
@ -404,6 +397,7 @@ Caution
* OPENSTRING * OPENSTRING
* SPLITTIME * SPLITTIME
* SCANMSG * SCANMSG
* PORTS
To change any of these settings, you use the Set Interface in OPSB. To change any of these settings, you use the Set Interface in OPSB.
Eg: Eg:
@ -521,6 +515,75 @@ Caution
To Change the setting, issue the following Command: To Change the setting, issue the following Command:
/msg OPSB set SCANMSG <msg> /msg OPSB set SCANMSG <msg>
3.10. PORTS Setting
The ports setting allows you to customize what ports and protocols are
scanned when users connect to your IRC network. This can be used to
detect proxies that are running on additional ports that OPSB does not
scan by default.
3.10.1. Listing Ports/Protocols
To list the current protocols and the assocated ports, issue the
following command:
/msg OPSB ports list
And the following is displayed:
>opsb< ports list
-opsb- Port List:
-opsb- 1) HTTP Port: 80
-opsb- 2) HTTP Port: 8080
-opsb- 3) HTTP Port: 8000
-opsb- 4) HTTP Port: 3128
-opsb- 5) SOCKS4 Port: 1080
-opsb- 6) SOCKS5 Port: 1080
-opsb- 7) WINGATE Port: 23
-opsb- 8) ROUTER Port: 23
-opsb- 9) HTTPPOST Port: 80
-opsb- 10) HTTPPOST Port: 8080
-opsb- 11) HTTPPOST Port: 8000
-opsb- 12) HTTPPOST Port: 3128
-opsb- End of List.
3.10.2. Adding Ports
To add a additional port to scan with a particular protocol, use the
following command:
/msg opsb ports add <type> <port>
Where:
<type> is the type of Protocol to use. Either:
HTTP
HTTPPOST
SOCKS4
SOCKS5
WINGATE
ROUTER
<port> is any valid port number between 1 and 65535
The change is imediate, and new users will have these ports scanned
when they connect.
3.10.3. Deleting Ports
If you wish to delete a port to be scanned, issue the following
command:
/msg opsb ports del <id>
Where <id> is the ID number of the port/Protocol you wish to delete.
ID can be obtained from a port listing command described above.
OPSB requires a restart when deleting a port, so you should either
restart NeoStats, or Reload the OPSB module.
4. Operational Commands 4. Operational Commands
OPSB has a number of commands that you can issue it in order to OPSB has a number of commands that you can issue it in order to

File diff suppressed because one or more lines are too long

2
configure vendored
View file

@ -1265,7 +1265,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
ac_config_headers="$ac_config_headers modconfig.h" ac_config_headers="$ac_config_headers modconfig.h"
PACKAGE=OPSB PACKAGE=OPSB
VERSION=2.0Beta1 VERSION=2.0
DIRINST=~/NeoStats/ DIRINST=~/NeoStats/
CFLAGS="$CFLAGS -O2 -Wall" CFLAGS="$CFLAGS -O2 -Wall"

View file

@ -2,7 +2,7 @@ dnl Process this file with autoconf to produce a configure script.
AC_INIT(opsb.c) AC_INIT(opsb.c)
AC_CONFIG_HEADER(modconfig.h) AC_CONFIG_HEADER(modconfig.h)
PACKAGE=OPSB PACKAGE=OPSB
VERSION=2.0Beta1 VERSION=2.0
DIRINST=~/NeoStats/ DIRINST=~/NeoStats/
AC_PREFIX_DEFAULT(~/NeoStats/) AC_PREFIX_DEFAULT(~/NeoStats/)
CFLAGS="$CFLAGS -O2 -Wall" CFLAGS="$CFLAGS -O2 -Wall"

2
opsb.c
View file

@ -64,7 +64,7 @@ int online;
ModuleInfo __module_info = { ModuleInfo __module_info = {
"OPSB", "OPSB",
"An Open Proxy Scanning Bot", "An Open Proxy Scanning Bot",
"2.0Beta1", "2.0",
__DATE__, __DATE__,
__TIME__ __TIME__
}; };

View file

@ -42,6 +42,7 @@ const char *opsb_help_oper[] = {
" STATUS View opsb state information", " STATUS View opsb state information",
" SET Change opsb configuration options", " SET Change opsb configuration options",
" EXCLUDE Exclude a host from scanning", " EXCLUDE Exclude a host from scanning",
" PORTS Allows you to customize the ports scanned",
" REMOVE Remove an akill set by opsb", " REMOVE Remove an akill set by opsb",
NULL NULL
}; };
@ -81,8 +82,6 @@ const char *opsb_help_info[] = {
"This bot is intended to scan clients connecting to this", "This bot is intended to scan clients connecting to this",
"network for insecure proxies. Insecure proxies are often", "network for insecure proxies. Insecure proxies are often",
"used to attack networks or channel with \2clone\2 bots", "used to attack networks or channel with \2clone\2 bots",
"This check scans the following ports:",
" 3128, 8080, 80 23 and 1080",
"If you have Firewall, or IDS software, please ignore any", "If you have Firewall, or IDS software, please ignore any",
"errors that this scan may generate", "errors that this scan may generate",
"", "",
@ -178,28 +177,34 @@ const char *opsb_help_exclude[] = {
}; };
const char *opsb_help_ports[] = { const char *opsb_help_ports[] = {
"Syntax: \2EXCLUDE <LIST>\2", "Syntax: \2PORTS <LIST>\2",
" \2EXCLUDE <ADD> <hostname> <type> <reason>\2", " \2PORTS <ADD> <type> <port>\2",
" \2EXCLUDE <DEL> <index>\2", " \2PORTS <DEL> <index>\2",
"", "",
"This command lets you view or manipulate the exception", "This command lets you view or manipulate the ports",
"list. Exception lists are used to exclude users, or", "and proxy types scanned when users connect to your",
"servers from scanning. You should at least add a server", "IRC network. By Default, OPSB scans some default Ports",
"entry for your services IRC name, to stop OPSB from", "but you may wish to update this list with some additional",
"scanning Nickserv, Chanserv etc", "protocols and ports custom to your network"
"", "",
"\2LIST\2 will list the current exceptions together with an", "\2LIST\2 will list the current ports and protocols scanned",
"ID number for use in removing entries.", "and a ID number for use in removing entries.",
"", "",
"\2ADD\2 will add an entry of <hostname> to the exception" "\2ADD\2 will add an entry of <type> running on port <port>",
"list. Flag should be 1 to indicate a server name", "to the port list.",
"(eg, services.irc-chat.net) or 0 to indicate a hostname", "<type> can be either:",
"(eg, *.adsl.home.com). Reason allows you to set a" " HTTP",
"reason for the exclusion for future reference", " HTTPPOST",
"Wildcards such as * and ? may be used in the hostname.", " SOCKS4",
" SOCKS5",
" WINGATE",
" ROUTER",
"and port can be any valid port number. The new port is scanned",
"straight away",
"", "",
"\2DEL\2 will delete entry <index> from the list of", "\2DEL\2 will delete entry <index> from the list of",
"exclusions. Use the LIST command to find the index.", "ports. Requires a Restart of OPSB to become effective. Alternatively",
"Reloading the OPSB module will make this effective",
NULL NULL
}; };