Welcome to the Open Proxy Scanning Bot (OPSB) Manual. This document will aid you in setting up and running OPSB on your IRC network.
OPSB is a Proxy Scanning Service that scans connecting clients for Open Proxies. These Open Proxies are often used by malicious users and trojans to connect to your network and attack the network, users, or channels that you host. It bases its scanning engine on the BOPM proxy scanning library available at http://www.blitzed.org, but unlike the BOPM software, it has native support to scan all clients network wide, rather than via individual servers. This means that you only need one OPSB service running on your network to protect your entire IRC network.
Additionally, OPSB makes use of Open Proxy lists. These lists often contain IP addresses of verified Open Proxies, and OPSB can ban these users without even scanning. By default, OPSB uses the blitzed open proxy list (More details available at http://opm.blitzed.org)
OPSB is flexible in that it has many advanced configuration options available to IRC administrators, including the ability to easily modify the protocols and ports to scan of connecting users, as well as exclude certian users or servers from scanning. This allows you maxium flexibility without the overhead of running multiple copies of proxy scanning software. In addition, it has the ability to Queue up scans, so during periods of peak usage, OPSB will not consume all bandwidth or file descriptors, but still scan users in a timely manor.
Proxy Scanning is only one defence against Trojans and Malicious users, and can not detect all types of open Proxies. We therefore recomend that the IRC administrators run other software such as SecureServ, and familiarize themselves with the OperServ functionality found in most traditional IRC services packages.
By Default, OPSB scans the following protocols and ports (But this can be easily customized)
HTTP Proxies on Port 80, 3128, 8000, 8080
HTTP Post Proxies on Port 80, 3128, 8000, 8080
Wingate Servers on Port 23
Insecure Cisco Routers on port 23
SOCKS4 Servers on 1080
SOCKS5 Servers on 1080
These ports are some of the more common ports, but administrators might find other ports that are often associated with open proxies. In these cases, the administrator can simple add the new port to be scanning without restarting OPSB.
When picking a host to run OPSB from, make sure you check with your Shell or ISP provider to ensure that there are no Transparent HTTP proxies enabled on that network. Transparent proxies are often used to speed up HTTP downloads for users without requiring the user to update their browser configuration. If you often get false positive scans on users on port 80, then most likely your hosting provider has implemented a Transparent Proxy. See if they can disable this transparent proxy for you, or alternativly, find a new hosting provider that does not run a transparent proxy. THERE IS NO WAY FOR OPSB TO DETECT IT IS BEHIND A TRANSPARENT PROXY.
As of writting, this software is BETA quality. Not all functionality has been implemented, and additionally, there might be some "BAD" bugs in OPSB that cause it to AKILL your entire network. Our testing and Development of OPSB was run on a large network, and so far, has proved stable, and effective in protecting our network, BUT every users enviroment is different. While we have taken all precautions and conducted a extensive QA cycle before the release of OPSB, its a "Use at your Own Risk" Module. Of Course, if you do have bad experiences with OPSB, please let us know at http://www.neostats.net/boards/
OPSB is written and maintained by Justin Hammond. It requires the NeoStats software. More information about OPSB, or NeoStats, can be found at http://www.neostats.net/
OPSB is Copyright, 2003 by Justin Hammond.
OPSB is designed to run on Top of NeoStats. The Following requirements at the time of writting are required for NeoStats:
A Linux or BSD based Server or Shell.
A supported IRCd. Currently, Hybrid7, Unreal, Ultimate2.x, Ultimate3.x, NeoIRCd, Bahumat
Some basic Unix administration Skill
Of Course, a IRC network to connect it all together.
Please refer to the NeoStats website for more information on the requirements
OPSB itself requires the following:
NeoStats 2.5.8 or Higher correctly installed and Running
The time to read this entire document.
OPSB has the potential to Akill/Gline your entire network. Its strongly suggested that you read this entire document before even attempting to compile OPSB, as I'm just going to laugh, if you didn't read, and it AKILL's your entire network. This is Beta Software, there are BUGS. beware.
As long as you have successfully setup NeoStats, and installed it correctly, Compiling OPSB is very simple and straight forward. First you must extract the files from the download package. This is as simple as:
bash$ tar -xzf OPSB-<ver>.tar.gzThis should then create a directory called OPSB-<version> where <version> is the Version of OPSB. Then Proceed to Change into the OPSB directory, and run Configure as follows:
bash$./configure [--enable-debug | --with-neostats=<dir>]--enable-debug is only usefull for diagnostics purposes when used in conjuction with debugging tools. There should be no need to use this option on a day to day basis
--with-neostats=<dir> should be used if your neostats directory is not in a standard location (~/NeoStats/). Replace <dir> with the full path to your NeoStats installation directory (NOT SOURCE DIRECTORY)
Configuring OPSB will look something like the following screen:
[Fish@fish-dt]$ ./configure +OPSB Manual Welcome to the Open Proxy Scanning Bot (OPSB) Manual. This document will aid you in setting up and running OPSB on your IRC network.
OPSB is a Proxy Scanning Service that scans connecting clients for Open Proxies. These Open Proxies are often used by malicious users and trojans to connect to your network and attack the network, users, or channels that you host. It bases its scanning engine on the BOPM proxy scanning library available at http://www.blitzed.org, but unlike the BOPM software, it has native support to scan all clients network wide, rather than via individual servers. This means that you only need one OPSB service running on your network to protect your entire IRC network.
Additionally, OPSB makes use of Open Proxy lists. These lists often contain IP addresses of verified Open Proxies, and OPSB can ban these users without even scanning. By default, OPSB uses the blitzed open proxy list (More details available at http://opm.blitzed.org)
OPSB is flexible in that it has many advanced configuration options available to IRC administrators, including the ability to easily modify the protocols and ports to scan of connecting users, as well as exclude certian users or servers from scanning. This allows you maxium flexibility without the overhead of running multiple copies of proxy scanning software. In addition, it has the ability to Queue up scans, so during periods of peak usage, OPSB will not consume all bandwidth or file descriptors, but still scan users in a timely manor.
Proxy Scanning is only one defence against Trojans and Malicious users, and can not detect all types of open Proxies. We therefore recomend that the IRC administrators run other software such as SecureServ, and familiarize themselves with the OperServ functionality found in most traditional IRC services packages.
By Default, OPSB scans the following protocols and ports (But this can be easily customized)
HTTP Proxies on Port 80, 3128, 8000, 8080
HTTP Post Proxies on Port 80, 3128, 8000, 8080
Wingate Servers on Port 23
Insecure Cisco Routers on port 23
SOCKS4 Servers on 1080
SOCKS5 Servers on 1080
These ports are some of the more common ports, but administrators might find other ports that are often associated with open proxies. In these cases, the administrator can simple add the new port to be scanning without restarting OPSB.
Warning
When picking a host to run OPSB from, make sure you check with your Shell or ISP provider to ensure that there are no Transparent HTTP proxies enabled on that network. Transparent proxies are often used to speed up HTTP downloads for users without requiring the user to update their browser configuration. If you often get false positive scans on users on port 80, then most likely your hosting provider has implemented a Transparent Proxy. See if they can disable this transparent proxy for you, or alternativly, find a new hosting provider that does not run a transparent proxy. THERE IS NO WAY FOR OPSB TO DETECT IT IS BEHIND A TRANSPARENT PROXY.
Warning
As of writting, this software is BETA quality. Not all functionality has been implemented, and additionally, there might be some "BAD" bugs in OPSB that cause it to AKILL your entire network. Our testing and Development of OPSB was run on a large network, and so far, has proved stable, and effective in protecting our network, BUT every users enviroment is different. While we have taken all precautions and conducted a extensive QA cycle before the release of OPSB, its a "Use at your Own Risk" Module. Of Course, if you do have bad experiences with OPSB, please let us know at http://www.neostats.net/boards/
OPSB is written and maintained by Justin Hammond. It requires the NeoStats software. More information about OPSB, or NeoStats, can be found at http://www.neostats.net/
OPSB is Copyright, 2004 by Justin Hammond.
OPSB is designed to run on Top of NeoStats. The Following requirements at the time of writting are required for NeoStats:
A Linux or BSD based Server or Shell.
A supported IRCd. Currently, Hybrid7, Unreal, Ultimate2.x, Ultimate3.x, NeoIRCd, Bahumat
Some basic Unix administration Skill
Of Course, a IRC network to connect it all together.
Please refer to the NeoStats website for more information on the requirements
OPSB itself requires the following:
NeoStats 2.5.8 or Higher correctly installed and Running
The time to read this entire document.
Warning
OPSB has the potential to Akill/Gline your entire network. Its strongly suggested that you read this entire document before even attempting to compile OPSB, as I'm just going to laugh, if you didn't read, and it AKILL's your entire network. This is Beta Software, there are BUGS. beware.
As long as you have successfully setup NeoStats, and installed it correctly, Compiling OPSB is very simple and straight forward. First you must extract the files from the download package. This is as simple as:
bash$ tar -xzf OPSB-<ver>.tar.gzThis should then create a directory called OPSB-<version> where <version> is the Version of OPSB. Then Proceed to Change into the OPSB directory, and run Configure as follows:
bash$./configure [--enable-debug | --with-neostats=<dir>]--enable-debug is only usefull for diagnostics purposes when used in conjuction with debugging tools. There should be no need to use this option on a day to day basis
--with-neostats=<dir> should be used if your neostats directory is not in a standard location (~/NeoStats/). Replace <dir> with the full path to your NeoStats installation directory (NOT SOURCE DIRECTORY)
Configuring OPSB will look something like the following screen:
[Fish@fish-dt]$ ./configure checking for gcc... gcc checking for C compiler default output... a.out checking whether the C compiler works... yes