OPSB Manaual
This commit is contained in:
parent
346bb5fd41
commit
988b379746
5 changed files with 1457 additions and 122 deletions
3
.gitattributes
vendored
3
.gitattributes
vendored
|
@ -2,10 +2,13 @@
|
||||||
/ChangeLog -text
|
/ChangeLog -text
|
||||||
/LICENSE -text
|
/LICENSE -text
|
||||||
/Makefile.in -text
|
/Makefile.in -text
|
||||||
|
/OPSB.xml -text
|
||||||
/README.opsb -text
|
/README.opsb -text
|
||||||
|
/README.opsb.html -text
|
||||||
/aclocal.m4 -text
|
/aclocal.m4 -text
|
||||||
/configure -text
|
/configure -text
|
||||||
/configure.in -text
|
/configure.in -text
|
||||||
|
/html.css -text
|
||||||
/install-sh -text
|
/install-sh -text
|
||||||
libopm/.cvsignore -text
|
libopm/.cvsignore -text
|
||||||
libopm/LICENSE -text
|
libopm/LICENSE -text
|
||||||
|
|
735
OPSB.xml
Normal file
735
OPSB.xml
Normal file
|
@ -0,0 +1,735 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||||
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
||||||
|
<article>
|
||||||
|
<title>OPSB Manual</title>
|
||||||
|
|
||||||
|
<para>Welcome to the Open Proxy Scanning Bot (OPSB) Manual. This document
|
||||||
|
will aid you in setting up and running OPSB on your IRC network.</para>
|
||||||
|
|
||||||
|
<para>OPSB is a Proxy Scanning Service that scans connecting clients for
|
||||||
|
Open Proxies. These Open Proxies are often used by malicious users and
|
||||||
|
trojans to connect to your network and attack the network, users, or
|
||||||
|
channels that you host. It bases its scanning engine on the BOPM proxy
|
||||||
|
scanning library available at http://www.blitzed.org, but unlike the BOPM
|
||||||
|
software, it has native support to scan all clients network wide, rather
|
||||||
|
than via individual servers. This means that you only need one OPSB service
|
||||||
|
running on your network to protect your entire IRC network. </para>
|
||||||
|
|
||||||
|
<para>Additionally, OPSB makes use of Open Proxy lists. These lists often
|
||||||
|
contain IP addresses of verified Open Proxies, and OPSB can ban these users
|
||||||
|
without even scanning. By default, OPSB uses the blitzed open proxy list
|
||||||
|
(More details available at http://opm.blitzed.org)</para>
|
||||||
|
|
||||||
|
<para>OPSB is flexible in that it has many advanced configuration options
|
||||||
|
available to IRC administrators, including the ability to easily modify the
|
||||||
|
protocols and ports to scan of connecting users, as well as exclude certian
|
||||||
|
users or servers from scanning. This allows you maxium flexibility without
|
||||||
|
the overhead of running multiple copies of proxy scanning software. In
|
||||||
|
addition, it has the ability to Queue up scans, so during periods of peak
|
||||||
|
usage, OPSB will not consume all bandwidth or file descriptors, but still
|
||||||
|
scan users in a timely manor. </para>
|
||||||
|
|
||||||
|
<para>Proxy Scanning is only one defence against Trojans and Malicious
|
||||||
|
users, and can not detect all types of open Proxies. We therefore recomend
|
||||||
|
that the IRC administrators run other software such as SecureServ, and
|
||||||
|
familiarize themselves with the OperServ functionality found in most
|
||||||
|
traditional IRC services packages. </para>
|
||||||
|
|
||||||
|
<para>By Default, OPSB scans the following protocols and ports (But this can
|
||||||
|
be easily customized)</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>HTTP Proxies on Port 80, 3128, 8000, 8080</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>HTTP Post Proxies on Port 80, 3128, 8000, 8080</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Wingate Servers on Port 23</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Insecure Cisco Routers on port 23</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>SOCKS4 Servers on 1080</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>SOCKS5 Servers on 1080</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para>These ports are some of the more common ports, but administrators
|
||||||
|
might find other ports that are often associated with open proxies. In these
|
||||||
|
cases, the administrator can simple add the new port to be scanning without
|
||||||
|
restarting OPSB. </para>
|
||||||
|
|
||||||
|
<warning>
|
||||||
|
<para>When picking a host to run OPSB from, make sure you check with your
|
||||||
|
Shell or ISP provider to ensure that there are no Transparent HTTP proxies
|
||||||
|
enabled on that network. Transparent proxies are often used to speed up
|
||||||
|
HTTP downloads for users without requiring the user to update their
|
||||||
|
browser configuration. If you often get false positive scans on users on
|
||||||
|
port 80, then most likely your hosting provider has implemented a
|
||||||
|
Transparent Proxy. See if they can disable this transparent proxy for you,
|
||||||
|
or alternativly, find a new hosting provider that does not run a
|
||||||
|
transparent proxy. THERE IS NO WAY FOR OPSB TO DETECT IT IS BEHIND A
|
||||||
|
TRANSPARENT PROXY.</para>
|
||||||
|
</warning>
|
||||||
|
|
||||||
|
<warning>
|
||||||
|
<para>As of writting, this software is BETA quality. Not all functionality
|
||||||
|
has been implemented, and additionally, there might be some "BAD"
|
||||||
|
bugs in OPSB that cause it to AKILL your entire network. Our testing and
|
||||||
|
Development of OPSB was run on a large network, and so far, has proved
|
||||||
|
stable, and effective in protecting our network, BUT every users
|
||||||
|
enviroment is different. While we have taken all precautions and conducted
|
||||||
|
a extensive QA cycle before the release of OPSB, its a "Use at your
|
||||||
|
Own Risk" Module. Of Course, if you do have bad experiences with OPSB,
|
||||||
|
please let us know at <link linkend="???">http://www.neostats.net/boards/</link></para>
|
||||||
|
</warning>
|
||||||
|
|
||||||
|
<para>OPSB is written and maintained by Justin Hammond. It requires the
|
||||||
|
NeoStats software. More information about OPSB, or NeoStats, can be found at
|
||||||
|
<link linkend="???">http://www.neostats.net/</link></para>
|
||||||
|
|
||||||
|
<para>OPSB is Copyright, 2003 by Justin Hammond.</para>
|
||||||
|
|
||||||
|
<sect1>
|
||||||
|
<title>Prerequisites and Installation.</title>
|
||||||
|
|
||||||
|
<para>OPSB is designed to run on Top of NeoStats. The Following
|
||||||
|
requirements at the time of writting are required for NeoStats:<itemizedlist><listitem><para>A
|
||||||
|
Linux or BSD based Server or Shell.</para></listitem><listitem><para>A
|
||||||
|
supported IRCd. Currently, Hybrid7, Unreal, Ultimate2.x, Ultimate3.x,
|
||||||
|
NeoIRCd, Bahumat</para></listitem><listitem><para>Some basic Unix
|
||||||
|
administration Skill</para></listitem><listitem><para>Of Course, a IRC
|
||||||
|
network to connect it all together.</para></listitem></itemizedlist></para>
|
||||||
|
|
||||||
|
<para>Please refer to the NeoStats website for more information on the
|
||||||
|
requirements</para>
|
||||||
|
|
||||||
|
<para>OPSB itself requires the following:<itemizedlist><listitem><para>NeoStats
|
||||||
|
2.5.8 or Higher correctly installed and Running</para></listitem><listitem><para>The
|
||||||
|
time to read this entire document. <warning><para>OPSB has the potential
|
||||||
|
to Akill/Gline your entire network. Its strongly suggested that you read
|
||||||
|
this entire document before even attempting to compile OPSB, as I'm
|
||||||
|
just going to laugh, if you didn't read, and it AKILL's your
|
||||||
|
entire network. This is Beta Software, there are BUGS. beware.</para></warning></para></listitem></itemizedlist></para>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>Compiling and Installation</title>
|
||||||
|
|
||||||
|
<para>As long as you have successfully setup NeoStats, and installed it
|
||||||
|
correctly, Compiling OPSB is very simple and straight forward. First you
|
||||||
|
must extract the files from the download package. This is as simple as:</para>
|
||||||
|
|
||||||
|
<screen>bash$<command> tar -xzf OPSB-<ver>.tar.gz</command></screen>
|
||||||
|
|
||||||
|
<para>This should then create a directory called OPSB-<version>
|
||||||
|
where <version> is the Version of OPSB. Then Proceed to Change
|
||||||
|
into the OPSB directory, and run Configure as follows:<screen>bash$<command>./configure [--enable-debug | --with-neostats=<dir>]</command></screen></para>
|
||||||
|
|
||||||
|
<para>--enable-debug is only usefull for diagnostics purposes when used
|
||||||
|
in conjuction with debugging tools. There should be no need to use this
|
||||||
|
option on a day to day basis</para>
|
||||||
|
|
||||||
|
<para>--with-neostats=<dir> should be used if your neostats
|
||||||
|
directory is not in a standard location (~/NeoStats/). Replace
|
||||||
|
<dir> with the full path to your NeoStats installation directory
|
||||||
|
(NOT SOURCE DIRECTORY)</para>
|
||||||
|
|
||||||
|
<para>Configuring OPSB will look something like the following screen:</para>
|
||||||
|
|
||||||
|
<screen>[Fish@fish-dt]$ ./configure
|
||||||
|
checking for gcc... gcc
|
||||||
|
checking for C compiler default output... a.out
|
||||||
|
checking whether the C compiler works... yes
|
||||||
|
checking whether we are cross compiling... no
|
||||||
|
checking for suffix of executables...
|
||||||
|
checking for suffix of object files... o
|
||||||
|
checking whether we are using the GNU C compiler... yes
|
||||||
|
checking whether gcc accepts -g... yes
|
||||||
|
checking for gcc option to accept ANSI C... none needed
|
||||||
|
checking for a BSD-compatible install... /usr/bin/install -c
|
||||||
|
checking for pcre_compile in -lpcre... yes
|
||||||
|
checking Location of NeoStats...... /home/fish/NeoStats/
|
||||||
|
checking for /home/fish/NeoStats//include/dl.h... yes
|
||||||
|
checking Version of NeoStats...... Compatible Version
|
||||||
|
checking Whether to Enable Debuging...... no
|
||||||
|
configure: creating ./config.status
|
||||||
|
config.status: creating Makefile
|
||||||
|
|
||||||
|
(*----------------------------------------------------------*)
|
||||||
|
(| To compile your module, please type 'make' |)
|
||||||
|
(| If make completes without errors, then you |)
|
||||||
|
(| Must 'make install', but please be sure that NeoStats |)
|
||||||
|
(| Is not currently running with a module of the same name |)
|
||||||
|
(| Running, otherwise Make install will not work |)
|
||||||
|
(| !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! |)
|
||||||
|
(| If you are running a BSD, make install may produce a |)
|
||||||
|
(| Error, if that is the case, then please manually copy |)
|
||||||
|
(| opsb.so to the NeoStats/dl directory |)
|
||||||
|
(| !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! |)
|
||||||
|
(*----------------------------------------------------------*)
|
||||||
|
(| For Support please visit: |)
|
||||||
|
(| IRC: /server irc.irc-chat.org |)
|
||||||
|
(| #neostats channel |)
|
||||||
|
(| WWW: http://www.neostats.net/boards/ |)
|
||||||
|
(*----------------------------------------------------------*)
|
||||||
|
(|This Module was written by: |)
|
||||||
|
(| fish (fish@dynam.ac) |)
|
||||||
|
(*----------------------------------------------------------*)
|
||||||
|
</screen>
|
||||||
|
|
||||||
|
<para>If the configuration did not produce a error, you may then move
|
||||||
|
onto Compiling OPSB. Compiling is simply just issuing the "make"
|
||||||
|
command (or "gmake" if you are running BSD):</para>
|
||||||
|
|
||||||
|
<screen>[Fish@fish-dt]$ make
|
||||||
|
(cd libopm; make libopm.a)
|
||||||
|
make[1]: Entering directory `/home/fish/opsb/libopm'
|
||||||
|
gcc -c -O2 -Wall -I. -I.. compat.c
|
||||||
|
gcc -c -O2 -Wall -I. -I.. config.c
|
||||||
|
gcc -c -O2 -Wall -I. -I.. inet.c
|
||||||
|
gcc -c -O2 -Wall -I. -I.. libopm.c
|
||||||
|
gcc -c -O2 -Wall -I. -I.. list.c
|
||||||
|
gcc -c -O2 -Wall -I. -I.. malloc.c
|
||||||
|
gcc -c -O2 -Wall -I. -I.. proxy.c
|
||||||
|
ar cru libopm.a compat.o config.o inet.o libopm.o list.o malloc.o proxy.o
|
||||||
|
ranlib libopm.a
|
||||||
|
make[1]: Leaving directory `/home/fish/opsb/libopm'
|
||||||
|
gcc -c -O2 -Wall -I/home/fish/NeoStats//include/ -I. -Ilibopm opsb.c
|
||||||
|
gcc -c -O2 -Wall -I/home/fish/NeoStats//include/ -I. -Ilibopm proxy.c
|
||||||
|
gcc -c -O2 -Wall -I/home/fish/NeoStats//include/ -I. -Ilibopm opsb_help.c
|
||||||
|
ld -shared -o opsb.so opsb.o proxy.o opsb_help.o libopm/libopm.a
|
||||||
|
[1005|/home/fish/opsb]
|
||||||
|
[Fish@fish-dt]$</screen>
|
||||||
|
|
||||||
|
<para>Again, check for Error messages. As long as there are not error
|
||||||
|
messages, "make install" will install OPSB, this README file,
|
||||||
|
and any auxiluary files needed into your NeoStats directory:</para>
|
||||||
|
|
||||||
|
<screen>[Fish@fish-dt]$ make install
|
||||||
|
(cd libopm; make libopm.a)
|
||||||
|
make[1]: Entering directory `/home/fish/opsb/libopm'
|
||||||
|
make[1]: `libopm.a' is up to date.
|
||||||
|
make[1]: Leaving directory `/home/fish/opsb/libopm'
|
||||||
|
ld -shared -o opsb.so opsb.o proxy.o opsb_help.o libopm/libopm.a
|
||||||
|
/usr/bin/install -c -m 644 opsb.so /home/fish/NeoStats//dl/
|
||||||
|
/usr/bin/install -c -m 644 README.opsb opsb.Settings /home/fish/NeoStats//dl/../doc/
|
||||||
|
[1006|/home/fish/opsb]</screen>
|
||||||
|
|
||||||
|
<para>If you recieve *ANY* errors at all during the this process, please
|
||||||
|
post them on our Support boards, at http//www.neostats.net/boards/</para>
|
||||||
|
|
||||||
|
<para>Once Installation is complete, you can either configure NeoStats
|
||||||
|
to load OPSB when it starts, or load OPSB via IRC.</para>
|
||||||
|
|
||||||
|
<para>To Configure NeoStats to automatically load OPSB when it boots,
|
||||||
|
add the following line to your "neostats.cfg" file in the
|
||||||
|
NeoStats directory:</para>
|
||||||
|
|
||||||
|
<para><command>LOAD_MODULE OPSB</command></para>
|
||||||
|
|
||||||
|
<para>To load OPSB via IRC, you must make sure you have the appropriate
|
||||||
|
permissions and issue the following command:</para>
|
||||||
|
|
||||||
|
<para><command>/msg neostats load OPSB</command></para>
|
||||||
|
|
||||||
|
<para>Thats it. OPSB is now loaded and ready for use (in fact, it will
|
||||||
|
already be running now, but read on for futher information.</para>
|
||||||
|
</sect2>
|
||||||
|
</sect1>
|
||||||
|
|
||||||
|
<sect1>
|
||||||
|
<title>Basic Configuration</title>
|
||||||
|
|
||||||
|
<para>OPSB is completly configured online via IRC. When you first start up
|
||||||
|
OPSB, it attempts some "Sane" defaults for you to get started
|
||||||
|
with, but you should always review these settings as soon as you install.
|
||||||
|
Additionally, while its in this "Default" state, it will warn you
|
||||||
|
every so often via a global message as well as messages to the services
|
||||||
|
channel that it is still "unconfigured". Some of the settings that
|
||||||
|
you may want to review right away are:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>Exclusion Lists - You should setup a Exclude list for your IRC
|
||||||
|
Services server (NickServ etc)</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Target IP address and Ports that OPSB tries to get the proxies
|
||||||
|
to connect to.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Default Ban Time when OPSB finds a open Proxy.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para>These are outlined below:</para>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>Exclusion Lists</title>
|
||||||
|
|
||||||
|
<para>Exclusion lists allow you to specify certian Hostmasks or Servers
|
||||||
|
that should be excluded from monitoring by OPSB. This exclusion list
|
||||||
|
would allow a administrator to say, allow users on that are matched
|
||||||
|
against a open proxy, when the administrator has verified that the
|
||||||
|
trojan does not in fact exist on the users host. </para>
|
||||||
|
|
||||||
|
<caution>
|
||||||
|
<para>Exclusions should be setup for your Services Server, so that
|
||||||
|
OPSB does not try to scan ChanServ, or NickServ, or any of the bots
|
||||||
|
relating to Nickname protection.</para>
|
||||||
|
</caution>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Adding a Entry</emphasis></para>
|
||||||
|
|
||||||
|
<para>To add a entry to the Exclusion list, use the following format:</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB exclude add <1/0> <type> <reason></screen>
|
||||||
|
|
||||||
|
<para>Where:</para>
|
||||||
|
|
||||||
|
<para><host> = The HostName/Server or Channel name. WildCards ?
|
||||||
|
and * are permitted.</para>
|
||||||
|
|
||||||
|
<para><type> = The type of exclusion. 0 is for HostNames, 1 is
|
||||||
|
for Servers</para>
|
||||||
|
|
||||||
|
<para><reason> = a short description of the exclusion, for
|
||||||
|
operator reference only.</para>
|
||||||
|
|
||||||
|
<para>The output is as follows:</para>
|
||||||
|
|
||||||
|
<screen>>OPSB< exclude add services.irc-chat.net 1 Blah is my reason
|
||||||
|
-OPSB- Added services.irc-chat.net (Server) exception to list</screen>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Listing an Entry</emphasis></para>
|
||||||
|
|
||||||
|
<para>To list the Exclusions simple type:</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB exclude list</screen>
|
||||||
|
|
||||||
|
<para>And all the current exclusions are listed. Additionaly, a Position
|
||||||
|
number is provided for use with the delete command. The output is as
|
||||||
|
follows:</para>
|
||||||
|
|
||||||
|
<screen>>OPSB< exclude list
|
||||||
|
-OPSB- Exception List:
|
||||||
|
-OPSB- 1) *.blah.com (Server) Added by Fish for Blah is my reason
|
||||||
|
-OPSB- 2) is.blah.com (HostName) Added by Fish for can by high
|
||||||
|
-OPSB- End of List.</screen>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Deleting an Entry</emphasis></para>
|
||||||
|
|
||||||
|
<para>To delete a entry, you should first lookup the Position of the
|
||||||
|
entry that you wish to delete. The format of the command is as follows:</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB exclude del <num></screen>
|
||||||
|
|
||||||
|
<para>Where:</para>
|
||||||
|
|
||||||
|
<para><num> is the position of the entry you wish to delete in
|
||||||
|
the list</para>
|
||||||
|
|
||||||
|
<para>The output of the command is as follows:</para>
|
||||||
|
|
||||||
|
<screen>>OPSB< exclude del 1
|
||||||
|
-OPSB- Deleted services.irc-chat.net server out of exception list</screen>
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>TARGET IP and TARGET PORT</title>
|
||||||
|
|
||||||
|
<para>By default, OPSB sets up each proxy scan to attempt to connect
|
||||||
|
back to the IP address and port of the server that NeoStats connects to.
|
||||||
|
This may not always be what you wish, as it can help a attacker map our
|
||||||
|
how your network is structured. Ideally, you should pick the IP address
|
||||||
|
of a IRC server you host that is stable and on a fast connection, and
|
||||||
|
enter its IP address and port numbers into OPSB. </para>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Changing the TargetIP</emphasis></para>
|
||||||
|
|
||||||
|
<para>To add a entry to the Helper list, use the following format:</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB set targetip <newipaddress></screen>
|
||||||
|
|
||||||
|
<para>Where:</para>
|
||||||
|
|
||||||
|
<para><newipaddress> = The ip address to attempt to get proxies
|
||||||
|
to connect to</para>
|
||||||
|
|
||||||
|
<para>The output is as follows:</para>
|
||||||
|
|
||||||
|
<screen> -> *opsb* set targetip 203.208.228.144
|
||||||
|
=opsb= Target IP set to 203.208.228.144</screen>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Changing the Target Port</emphasis></para>
|
||||||
|
|
||||||
|
<para>To list the helpers simple type:</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB set targetport <newport></screen>
|
||||||
|
|
||||||
|
<para>Where:</para>
|
||||||
|
|
||||||
|
<para><newport> = the new port to attempt to get proxies to
|
||||||
|
connect to</para>
|
||||||
|
|
||||||
|
<para>The output is as follows:</para>
|
||||||
|
|
||||||
|
<screen> -> *opsb* set targetport 6667
|
||||||
|
=opsb= Target PORT set to 6667</screen>
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>BanTime</title>
|
||||||
|
|
||||||
|
<para>OPSB by default bans the IP/Hostname of a Open Proxy for 1 day
|
||||||
|
(86400 seconds). Some networks may wish to increase or decrease this
|
||||||
|
time value.</para>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Changing the Ban Time</emphasis></para>
|
||||||
|
|
||||||
|
<para>To change the bantime, type:</para>
|
||||||
|
|
||||||
|
<screen> -> *opsb* set bantime 86400
|
||||||
|
=opsb= Ban time changed to 86400</screen>
|
||||||
|
</sect2>
|
||||||
|
</sect1>
|
||||||
|
|
||||||
|
<sect1>
|
||||||
|
<title>Detailed Configuration</title>
|
||||||
|
|
||||||
|
<para>OPSB attempts to be as configurable as possible in order to cater
|
||||||
|
for each individual networks requirements. This in turn though makes the
|
||||||
|
configuration very complex. There are many many settings with OPSB that
|
||||||
|
affect how it operates, how it responds and even, how affects the
|
||||||
|
performance of NeoStats Overall. Out of the box, OPSB provides sensible
|
||||||
|
defaults for these settings, but you may wish to read this section for
|
||||||
|
details on exactly what each option does, and its affect on how OPSB
|
||||||
|
operates.</para>
|
||||||
|
|
||||||
|
<para>The following list summaries the available Options you can set in
|
||||||
|
OPSB</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>CACHETIME </para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>DISABLESCAN</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>DOBAN</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>OPMDOMAIN</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>MAXBYTES </para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>TIMEOUT </para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>OPENSTRING </para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>SPLITTIME</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>SCANMSG</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para>To change any of these settings, you use the Set Interface in OPSB.
|
||||||
|
Eg:</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB set <option> <params></screen>
|
||||||
|
|
||||||
|
<para>To view the current settings, issue the following command:</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB set list</screen>
|
||||||
|
|
||||||
|
<para>The following Sections describes the different options, their
|
||||||
|
params, and the effect on OPSB in detail.</para>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>CACHETIME Setting</title>
|
||||||
|
|
||||||
|
<para>In order to improve performance, OPSB caches the results of scans
|
||||||
|
it has performed so if a user disconnects and reconnects, they are not
|
||||||
|
scanned again, and thus this saves bandwidth and improves the
|
||||||
|
performance of OPSB. By default, OPSB saves previous scans for 1 hour.
|
||||||
|
Smaller IRC networks may wish to increase this value, while larger IRC
|
||||||
|
networks that are concerned about performance or memory usage of OPSB
|
||||||
|
may with to leave this setting as it is. Setting the cache time to 0
|
||||||
|
disables the use of caching, and forces OPSB to scan every user
|
||||||
|
connecting every time. </para>
|
||||||
|
|
||||||
|
<para>To Change the setting, issue the following Command:</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB set CACHETIME <seconds> </screen>
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>DISABLESCAN Setting</title>
|
||||||
|
|
||||||
|
<para>Sometimes a IRC administrator may wish to only make use of the
|
||||||
|
Open Proxy list lookup, and not actually perform a scan on users.
|
||||||
|
DISABLESCAN forces OPSB to only perform a lookup of the IP address in
|
||||||
|
the configured OPMDOMAIN. </para>
|
||||||
|
|
||||||
|
<para>If you wish to turn off Proxy checks, issue the following command</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB set DISABLESCAN <ON/OFF></screen>
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>DOBAN Setting</title>
|
||||||
|
|
||||||
|
<para>Often, when setting up OPSB for the first time, or making changes
|
||||||
|
to the ports that are to be scanning, you may wish to test OPSB without
|
||||||
|
it actually performing a AKILL. Turning DOBAN off disables the placement
|
||||||
|
of a AKILL on open Proxy hosts. </para>
|
||||||
|
|
||||||
|
<para>To Change the setting, issue the following Command:</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB set DOBAN <ON/OFF> </screen>
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>OPMDOMAIN Setting</title>
|
||||||
|
|
||||||
|
<para>This setting changes with domain OPSB should consult for a
|
||||||
|
positive match on a particular IP address. By Default, OPSB checks
|
||||||
|
opm.blizted.org. Another list may be substituted instead of the default
|
||||||
|
on. At this time, we have not tested any other open proxy list, although
|
||||||
|
most lists should work with no problems. Please report success/failure
|
||||||
|
to our boards</para>
|
||||||
|
|
||||||
|
<para>To Change this Setting, issue the following Command:</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB set OPMDOMAIN <newdomain></screen>
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>MAXBYTES Setting</title>
|
||||||
|
|
||||||
|
<para>Maxbytes controls how much data to read from a open connection
|
||||||
|
before determining that the host in question does not contain a Open
|
||||||
|
Proxy. As we check ports that are common with legitimate applications
|
||||||
|
such as webservers, we don't need to download the entire webpage to
|
||||||
|
determine that it is not a open proxy. By default, we only read 500
|
||||||
|
bytes which should be sufficient for most networks. </para>
|
||||||
|
|
||||||
|
<para>To Change this Setting, issue the following Command:</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB set MAXBYTES <bytelimit></screen>
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>TIMEOUT</title>
|
||||||
|
|
||||||
|
<para>It is very common for users to now use personal firewall software
|
||||||
|
on their PC. This often leads to probes the the users ip address that
|
||||||
|
never actually get rejected or are successfull, but just hang trying to
|
||||||
|
connect. the Timeout value controls how long to wait before assuming
|
||||||
|
that the host is not operating a proxy. By default, we wait 30 seconds</para>
|
||||||
|
|
||||||
|
<para>To Change this setting, issue the following command:</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB set TIMEOUT <seconds></screen>
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>OPENSTRING</title>
|
||||||
|
|
||||||
|
<para>This setting controls what strings to look for that indicate a
|
||||||
|
Open Proxy. By default, we look for the standard string "*** Looking
|
||||||
|
up your hostname..." which is one of the first messages sent to
|
||||||
|
connecting IRC clients. There should be no need to change this setting.
|
||||||
|
Internally, OPSB also scans for common Trottle or akill messages.</para>
|
||||||
|
|
||||||
|
<para>To Change this setting, issue the following command:</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB set OPENSTRING <newstring></screen>
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>SPLITTIME</title>
|
||||||
|
|
||||||
|
<para>OPSB is very sensitive to timedrifts on the IRC network. In order
|
||||||
|
to not scan users that might be part of a Netjoin (When two IRC servers
|
||||||
|
reconnect after a Netsplit) we only scan users who's signon time is
|
||||||
|
less than this setting. If your IRC network times are not in sync, you
|
||||||
|
might experience issues where users connecting to one "lagged"
|
||||||
|
out server are not scanning. In this case, you should fix the time on
|
||||||
|
the affected server. A last resort is to increase this time value. By
|
||||||
|
default, we only scan users that connected in the last 300 seconds</para>
|
||||||
|
|
||||||
|
<para>To Change this setting, issue the following command:</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB set SPLITTIME <seconds></screen>
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>SCANMSG Setting</title>
|
||||||
|
|
||||||
|
<para>This setting changes the default message that is sent to users
|
||||||
|
when they sign on the IRC network. You can customise this message to
|
||||||
|
point to a webpage giving more details, or customize to your local
|
||||||
|
language. </para>
|
||||||
|
|
||||||
|
<para>To Change the setting, issue the following Command:</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB set SCANMSG <msg> </screen>
|
||||||
|
</sect2>
|
||||||
|
</sect1>
|
||||||
|
|
||||||
|
<sect1>
|
||||||
|
<title>Operational Commands</title>
|
||||||
|
|
||||||
|
<para>OPSB has a number of commands that you can issue it in order to
|
||||||
|
perform checks or operations on your IRC network. These commands aid
|
||||||
|
Administrators in keeping their network secure, and keeping OPSB upto
|
||||||
|
date.</para>
|
||||||
|
|
||||||
|
<para>The following list summerizes these commands:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>LOOKUP</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>INFO</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>CHECK</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>STATUS</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>REMOVE</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para>The following Sections Describe these commands in detail</para>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>LOOKUP Command</title>
|
||||||
|
|
||||||
|
<para>The lookup comand can perform DNS lookups for you. You can specify
|
||||||
|
what information you wish to retrive. This command is open to all users
|
||||||
|
by default.</para>
|
||||||
|
|
||||||
|
<para>The format of the command is as follows:</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB lookup <ip|hostname> <flag></screen>
|
||||||
|
|
||||||
|
<para>Where:</para>
|
||||||
|
|
||||||
|
<para><ip|hostname> is the item you wish to lookup.</para>
|
||||||
|
|
||||||
|
<para><flag> is optional, and specified what type of data you
|
||||||
|
wish to lookup. Available options include:</para>
|
||||||
|
|
||||||
|
<para>txt - Lookup Text Records rp - Lookup the Responsible Person for
|
||||||
|
this record ns - Lookup the Name Servers for this record soa - Lookup
|
||||||
|
the SOA for this Record</para>
|
||||||
|
|
||||||
|
<para>If no flag is given, we attempt to lookup the A record.</para>
|
||||||
|
|
||||||
|
<para>The output of the command is as follows:</para>
|
||||||
|
|
||||||
|
<screen> -> *opsb* lookup irc.irc-chat.net
|
||||||
|
=opsb= irc.irc-chat.net resolves to 202.181.4.129
|
||||||
|
=opsb= irc.irc-chat.net resolves to 203.208.228.144
|
||||||
|
=opsb= irc.irc-chat.net resolves to 216.218.235.254
|
||||||
|
=opsb= irc.irc-chat.net resolves to 66.227.101.55</screen>
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>INFO Command</title>
|
||||||
|
|
||||||
|
<para>This command provides users with information about what functions
|
||||||
|
OPSB performs. Its intended to just provide directions to users for more
|
||||||
|
information</para>
|
||||||
|
|
||||||
|
<para>The format of the command is as follows:</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB info</screen>
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>CHECK Command</title>
|
||||||
|
|
||||||
|
<para>This command forces OPSB to perform a full scan on the specified
|
||||||
|
nickname, ip adress or hostname. </para>
|
||||||
|
|
||||||
|
<para>The format of the command is as follows:</para>
|
||||||
|
|
||||||
|
<screen>/msg OPSB check <nick|host></screen>
|
||||||
|
|
||||||
|
<para>The output is as follows:</para>
|
||||||
|
|
||||||
|
<screen>=opsb= Checking fish for open Proxies
|
||||||
|
<opsb> Starting proxy scan on Fish (XXXX.singnet.com.sg) by Request of Fish
|
||||||
|
=opsb= Negitiation failed for protocol HTTP(80)
|
||||||
|
=opsb= Negitiation failed for protocol HTTP(8000)
|
||||||
|
=opsb= Negitiation failed for protocol HTTP(3128)
|
||||||
|
=opsb= Negitiation failed for protocol SOCKS4(1080)
|
||||||
|
=opsb= Negitiation failed for protocol SOCKS5(1080)
|
||||||
|
=opsb= Negitiation failed for protocol WINGATE(23)
|
||||||
|
=opsb= Negitiation failed for protocol ROUTER(23)
|
||||||
|
=opsb= Negitiation failed for protocol HTTPPOST(80)
|
||||||
|
=opsb= Negitiation failed for protocol HTTPPOST(8000)
|
||||||
|
=opsb= Negitiation failed for protocol HTTPPOST(3128)
|
||||||
|
=opsb= Closed Proxy on Protocol HTTP (8080)
|
||||||
|
=opsb= Closed Proxy on Protocol HTTPPOST (8080)
|
||||||
|
=opsb= scan finished on Fish
|
||||||
|
=opsb= XXXX.singnet.com.sg does not appear in DNS black list</screen>
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>STATUS Command</title>
|
||||||
|
|
||||||
|
<para>This command gives the Administrator statistics on the how OPSB is
|
||||||
|
performing, how many checks it has conducted, and other information
|
||||||
|
relating to the performance of OPSB.</para>
|
||||||
|
|
||||||
|
<para>The format of the command is as follows:</para>
|
||||||
|
|
||||||
|
<screen> -> *opsb* status
|
||||||
|
=opsb= Proxy Results:
|
||||||
|
=opsb= Hosts Scanned: 5831 Hosts found Open: 1 Exceptions 0
|
||||||
|
=opsb= Cache Entries: 128
|
||||||
|
=opsb= Cache Hits: 5523
|
||||||
|
=opsb= Blacklist Hits: 4
|
||||||
|
=opsb= Currently Scanning 0 Proxies (0 in queue):</screen>
|
||||||
|
</sect2>
|
||||||
|
</sect1>
|
||||||
|
</article>
|
712
README.opsb
712
README.opsb
|
@ -1,149 +1,617 @@
|
||||||
Open Proxy Scanning Bot Version 1.0 Release Canidate 1 - fish@dynam.ac
|
|
||||||
+++++++++++++++++++++++++++++++++++++++++
|
|
||||||
|
|
||||||
Thanks for Downloading opsb. opsb is a bot for the NeoStats IRC services
|
OPSB Manual
|
||||||
package (www.neostats.net) that allows you to check and ban users
|
_________________________________________________________________
|
||||||
connecting to your network using In-Secure proxy servers.
|
|
||||||
|
|
||||||
Insecure proxy servers are often used to
|
1. Prerequisites and Installation.
|
||||||
launch attacks against IRC networks, or users, and are difficult to detect
|
|
||||||
by regular irc means.
|
|
||||||
|
|
||||||
Opsb actually scans each user as they connect to the network, and attempts
|
1.1. Compiling and Installation
|
||||||
to determine if the user is coming from a open proxy.
|
|
||||||
|
|
||||||
Currently the open proxies that we scan for are:
|
2. Basic Configuration
|
||||||
HTTP proxies on ports 80, 8080, 3128
|
|
||||||
Socks4 and Socks5 proxies on ports 1080
|
|
||||||
wingate or cisco routers on ports 23
|
|
||||||
|
|
||||||
opsb also checks the Blitzed DNS blacklist for proxies that have already
|
2.1. Exclusion Lists
|
||||||
been reported as open. More information on the blitzed DNS blacklist can
|
2.2. TARGET IP and TARGET PORT
|
||||||
be found at http://www.blitzed.org/opm/. This means that you can ban users
|
2.3. BanTime
|
||||||
that come from known proxies.
|
|
||||||
|
|
||||||
opsb is ideal for larger networks where you want one server to
|
3. Detailed Configuration
|
||||||
do all the scanning instead of
|
|
||||||
individual servers running their own proxy scanner.
|
|
||||||
|
|
||||||
==============================================================================
|
3.1. CACHETIME Setting
|
||||||
Requirements
|
3.2. DISABLESCAN Setting
|
||||||
==============================================================================
|
3.3. DOBAN Setting
|
||||||
1) NeoStats 2.5.0 RC1 or Higher installed
|
3.4. OPMDOMAIN Setting
|
||||||
2) A shell to run from
|
3.5. MAXBYTES Setting
|
||||||
3) CN lines to a server on your network
|
3.6. TIMEOUT
|
||||||
4) Knowledge of unices
|
3.7. OPENSTRING
|
||||||
|
3.8. SPLITTIME
|
||||||
|
3.9. SCANMSG Setting
|
||||||
|
|
||||||
==============================================================================
|
4. Operational Commands
|
||||||
Installation
|
|
||||||
==============================================================================
|
|
||||||
Installation is faily straight forward.
|
|
||||||
|
|
||||||
1) Make sure you have a working copy of NeoStats installed.
|
4.1. LOOKUP Command
|
||||||
You can obtain Neostats from www.neostats.net
|
4.2. INFO Command
|
||||||
Please make sure that you have it configured correctly and installed
|
4.3. CHECK Command
|
||||||
and it links to your network correctly.
|
4.4. STATUS Command
|
||||||
|
|
||||||
*NOTE*
|
Welcome to the Open Proxy Scanning Bot (OPSB) Manual. This document
|
||||||
You must have done "make install" in the neostats directory. This
|
will aid you in setting up and running OPSB on your IRC network.
|
||||||
will install NeoStats, by default to ~/NeoStats/
|
|
||||||
*BSD USERS*
|
|
||||||
neostats has a bug with make install. Please refer to the forums
|
|
||||||
on the neostats site for more information
|
|
||||||
|
|
||||||
2) Configure opsb.
|
OPSB is a Proxy Scanning Service that scans connecting clients for
|
||||||
to configure opsb, run ./configure <--with-neostats=<DIR>>
|
Open Proxies. These Open Proxies are often used by malicious users and
|
||||||
from the directory where you untared opsb (typically ~/opsb-1.0-beta1/)
|
trojans to connect to your network and attack the network, users, or
|
||||||
You must specify the --with-neostats option if the configure
|
channels that you host. It bases its scanning engine on the BOPM proxy
|
||||||
script can not find the NeoStats directory
|
scanning library available at http://www.blitzed.org, but unlike the
|
||||||
|
BOPM software, it has native support to scan all clients network wide,
|
||||||
|
rather than via individual servers. This means that you only need one
|
||||||
|
OPSB service running on your network to protect your entire IRC
|
||||||
|
network.
|
||||||
|
|
||||||
3) Make
|
Additionally, OPSB makes use of Open Proxy lists. These lists often
|
||||||
Run "make" (or gmake if you use bsd) in the opsb directory. This
|
contain IP addresses of verified Open Proxies, and OPSB can ban these
|
||||||
should compile opsb for you.
|
users without even scanning. By default, OPSB uses the blitzed open
|
||||||
|
proxy list (More details available at http://opm.blitzed.org)
|
||||||
|
|
||||||
4) Make install
|
OPSB is flexible in that it has many advanced configuration options
|
||||||
run "make install" or "gmake install" if you use bsd to install
|
available to IRC administrators, including the ability to easily
|
||||||
opsb into the NeoStats Directory.
|
modify the protocols and ports to scan of connecting users, as well as
|
||||||
|
exclude certian users or servers from scanning. This allows you maxium
|
||||||
|
flexibility without the overhead of running multiple copies of proxy
|
||||||
|
scanning software. In addition, it has the ability to Queue up scans,
|
||||||
|
so during periods of peak usage, OPSB will not consume all bandwidth
|
||||||
|
or file descriptors, but still scan users in a timely manor.
|
||||||
|
|
||||||
5) (optionally) Configure Neostats to load opsb on startup
|
Proxy Scanning is only one defence against Trojans and Malicious
|
||||||
This is done by adding the line "LOAD_MODULE opsb"
|
users, and can not detect all types of open Proxies. We therefore
|
||||||
to the neostats.cfg file
|
recomend that the IRC administrators run other software such as
|
||||||
******************************************************************************
|
SecureServ, and familiarize themselves with the OperServ functionality
|
||||||
NOTE:
|
found in most traditional IRC services packages.
|
||||||
if you had used OPSB previously, then the previous database is incompatible
|
|
||||||
with this version. You *MUST* delete data/opsb.db out of the NeoStats
|
|
||||||
directory
|
|
||||||
******************************************************************************
|
|
||||||
|
|
||||||
6) Load and Configure opsb.
|
By Default, OPSB scans the following protocols and ports (But this can
|
||||||
Start up NeoStats, or load the module via IRC.
|
be easily customized)
|
||||||
All configuration of opsb is done via IRC, there is no config file
|
* HTTP Proxies on Port 80, 3128, 8000, 8080
|
||||||
as such.
|
* HTTP Post Proxies on Port 80, 3128, 8000, 8080
|
||||||
Read Below for more Information.
|
* Wingate Servers on Port 23
|
||||||
7) You done!
|
* Insecure Cisco Routers on port 23
|
||||||
|
* SOCKS4 Servers on 1080
|
||||||
|
* SOCKS5 Servers on 1080
|
||||||
|
|
||||||
==============================================================================
|
These ports are some of the more common ports, but administrators
|
||||||
Configuration
|
might find other ports that are often associated with open proxies. In
|
||||||
==============================================================================
|
these cases, the administrator can simple add the new port to be
|
||||||
All of opsb configurable options are set via IRC. The defaults will
|
scanning without restarting OPSB.
|
||||||
probably not be correct for your network, hence, opsb will broadcast a
|
|
||||||
message warning you of this till you configure it.
|
|
||||||
|
|
||||||
What you should change from defaults:
|
Warning
|
||||||
|
|
||||||
/msg opsb set targetip <ip address>
|
When picking a host to run OPSB from, make sure you check with your
|
||||||
this sets the IP address that opsb tries to
|
Shell or ISP provider to ensure that there are no Transparent HTTP
|
||||||
make proxies connect to. By default it is set to the server that NeoStats
|
proxies enabled on that network. Transparent proxies are often used to
|
||||||
is linked to. This might not always be a good idea, so you should set the
|
speed up HTTP downloads for users without requiring the user to update
|
||||||
IP address to a server on your network.
|
their browser configuration. If you often get false positive scans on
|
||||||
|
users on port 80, then most likely your hosting provider has
|
||||||
|
implemented a Transparent Proxy. See if they can disable this
|
||||||
|
transparent proxy for you, or alternativly, find a new hosting
|
||||||
|
provider that does not run a transparent proxy. THERE IS NO WAY FOR
|
||||||
|
OPSB TO DETECT IT IS BEHIND A TRANSPARENT PROXY.
|
||||||
|
|
||||||
/msg opsb set targetport <port>
|
Warning
|
||||||
This is the port number that opsb tries to
|
|
||||||
make proxies connect to. You should set this to a Common IRC port such
|
|
||||||
as 6667. Defaults to the port that NeoStats connects to.
|
|
||||||
|
|
||||||
/msg opsb set bantime <seconds>
|
As of writting, this software is BETA quality. Not all functionality
|
||||||
By Default, opsb will akill a host that is a open proxy for 1 day.
|
has been implemented, and additionally, there might be some "BAD" bugs
|
||||||
You may wish to change this option
|
in OPSB that cause it to AKILL your entire network. Our testing and
|
||||||
|
Development of OPSB was run on a large network, and so far, has proved
|
||||||
|
stable, and effective in protecting our network, BUT every users
|
||||||
|
enviroment is different. While we have taken all precautions and
|
||||||
|
conducted a extensive QA cycle before the release of OPSB, its a "Use
|
||||||
|
at your Own Risk" Module. Of Course, if you do have bad experiences
|
||||||
|
with OPSB, please let us know at http://www.neostats.net/boards/
|
||||||
|
|
||||||
/msg opsb set cachetime <seconds>
|
OPSB is written and maintained by Justin Hammond. It requires the
|
||||||
opsb will cache the results of the scans that were not successfull
|
NeoStats software. More information about OPSB, or NeoStats, can be
|
||||||
(ie, IP addresses that are *NOT* open proxies) so that if a
|
found at http://www.neostats.net/
|
||||||
user re-connects within the cache time, they will not be scanned again. it
|
|
||||||
is default to 1 hour.
|
|
||||||
|
|
||||||
/msg opsb exclude add <serviceshostname> 1 <reason>
|
OPSB is Copyright, 2003 by Justin Hammond.
|
||||||
opsb scans every user that joins the network, including users that
|
|
||||||
come from your services host. (such as ChanServ or
|
|
||||||
Reserved Nicks). You *SHOULD* add a exclusion, so that users from your
|
|
||||||
services server are not scanned. servershostname is the name of your
|
|
||||||
services as seen on IRC. (eg, in /map or /links)
|
|
||||||
The "1" specifies a IRC server, a 0 specifies a true internet hostname.
|
|
||||||
The reason field allows you to add a comment to the exclusion for reference.
|
|
||||||
|
|
||||||
There are many other options that you configure, though you should consult
|
1. Prerequisites and Installation.
|
||||||
the help interface to what they do (/msg opsb help set and /msg opsb
|
|
||||||
help exclude). In 99% of the cases, it is not necessary to
|
|
||||||
change these settings, unless you are absolutly sure of what you are
|
|
||||||
doing, or one of the NeoStats helpers advises you to.
|
|
||||||
|
|
||||||
==============================================================================
|
OPSB is designed to run on Top of NeoStats. The Following requirements
|
||||||
More Information and Support
|
at the time of writting are required for NeoStats:
|
||||||
==============================================================================
|
* A Linux or BSD based Server or Shell.
|
||||||
You can get more help with opsb by visiting
|
* A supported IRCd. Currently, Hybrid7, Unreal, Ultimate2.x,
|
||||||
http://www.neostats.net/forums/
|
Ultimate3.x, NeoIRCd, Bahumat
|
||||||
If your question is *NOT* answered there, then you can visit us at
|
* Some basic Unix administration Skill
|
||||||
irc://irc.irc-chat.org/#neostats. We will *NOT* answer questions that have
|
* Of Course, a IRC network to connect it all together.
|
||||||
already been answered in this file, or on the forums, so make sure you
|
|
||||||
read both carefully.
|
|
||||||
opsb is written and maintained by fish <fish@dynam.ac>
|
|
||||||
|
|
||||||
==============================================================================
|
Please refer to the NeoStats website for more information on the
|
||||||
Credits
|
requirements
|
||||||
==============================================================================
|
|
||||||
Credit for some of this code must go to the BOPM team, and in particular
|
|
||||||
Erik Fears.
|
|
||||||
Also, thanks to all our Beta Testers and People that hasle us to release
|
|
||||||
code quicker :)
|
|
||||||
|
|
||||||
|
OPSB itself requires the following:
|
||||||
|
* NeoStats 2.5.8 or Higher correctly installed and Running
|
||||||
|
* The time to read this entire document.
|
||||||
|
|
||||||
|
Warning
|
||||||
|
OPSB has the potential to Akill/Gline your entire network. Its
|
||||||
|
strongly suggested that you read this entire document before even
|
||||||
|
attempting to compile OPSB, as I'm just going to laugh, if you
|
||||||
|
didn't read, and it AKILL's your entire network. This is Beta
|
||||||
|
Software, there are BUGS. beware.
|
||||||
|
|
||||||
|
1.1. Compiling and Installation
|
||||||
|
|
||||||
|
As long as you have successfully setup NeoStats, and installed it
|
||||||
|
correctly, Compiling OPSB is very simple and straight forward. First
|
||||||
|
you must extract the files from the download package. This is as
|
||||||
|
simple as:
|
||||||
|
bash$ tar -xzf OPSB-<ver>.tar.gz
|
||||||
|
|
||||||
|
This should then create a directory called OPSB-<version> where
|
||||||
|
<version> is the Version of OPSB. Then Proceed to Change into the OPSB
|
||||||
|
directory, and run Configure as follows:
|
||||||
|
bash$./configure [--enable-debug | --with-neostats=<dir>]
|
||||||
|
|
||||||
|
--enable-debug is only usefull for diagnostics purposes when used in
|
||||||
|
conjuction with debugging tools. There should be no need to use this
|
||||||
|
option on a day to day basis
|
||||||
|
|
||||||
|
--with-neostats=<dir> should be used if your neostats directory is not
|
||||||
|
in a standard location (~/NeoStats/). Replace <dir> with the full path
|
||||||
|
to your NeoStats installation directory (NOT SOURCE DIRECTORY)
|
||||||
|
|
||||||
|
Configuring OPSB will look something like the following screen:
|
||||||
|
[Fish@fish-dt]$ ./configure
|
||||||
|
checking for gcc... gcc
|
||||||
|
checking for C compiler default output... a.out
|
||||||
|
checking whether the C compiler works... yes
|
||||||
|
checking whether we are cross compiling... no
|
||||||
|
checking for suffix of executables...
|
||||||
|
checking for suffix of object files... o
|
||||||
|
checking whether we are using the GNU C compiler... yes
|
||||||
|
checking whether gcc accepts -g... yes
|
||||||
|
checking for gcc option to accept ANSI C... none needed
|
||||||
|
checking for a BSD-compatible install... /usr/bin/install -c
|
||||||
|
checking for pcre_compile in -lpcre... yes
|
||||||
|
checking Location of NeoStats...... /home/fish/NeoStats/
|
||||||
|
checking for /home/fish/NeoStats//include/dl.h... yes
|
||||||
|
checking Version of NeoStats...... Compatible Version
|
||||||
|
checking Whether to Enable Debuging...... no
|
||||||
|
configure: creating ./config.status
|
||||||
|
config.status: creating Makefile
|
||||||
|
|
||||||
|
(*----------------------------------------------------------*)
|
||||||
|
(| To compile your module, please type 'make' |)
|
||||||
|
(| If make completes without errors, then you |)
|
||||||
|
(| Must 'make install', but please be sure that NeoStats |)
|
||||||
|
(| Is not currently running with a module of the same name |)
|
||||||
|
(| Running, otherwise Make install will not work |)
|
||||||
|
(| !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! |)
|
||||||
|
(| If you are running a BSD, make install may produce a |)
|
||||||
|
(| Error, if that is the case, then please manually copy |)
|
||||||
|
(| opsb.so to the NeoStats/dl directory |)
|
||||||
|
(| !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! |)
|
||||||
|
(*----------------------------------------------------------*)
|
||||||
|
(| For Support please visit: |)
|
||||||
|
(| IRC: /server irc.irc-chat.org |)
|
||||||
|
(| #neostats channel |)
|
||||||
|
(| WWW: http://www.neostats.net/boards/ |)
|
||||||
|
(*----------------------------------------------------------*)
|
||||||
|
(|This Module was written by: |)
|
||||||
|
(| fish (fish@dynam.ac) |)
|
||||||
|
(*----------------------------------------------------------*)
|
||||||
|
|
||||||
|
If the configuration did not produce a error, you may then move onto
|
||||||
|
Compiling OPSB. Compiling is simply just issuing the "make" command
|
||||||
|
(or "gmake" if you are running BSD):
|
||||||
|
[Fish@fish-dt]$ make
|
||||||
|
(cd libopm; make libopm.a)
|
||||||
|
make[1]: Entering directory `/home/fish/opsb/libopm'
|
||||||
|
gcc -c -O2 -Wall -I. -I.. compat.c
|
||||||
|
gcc -c -O2 -Wall -I. -I.. config.c
|
||||||
|
gcc -c -O2 -Wall -I. -I.. inet.c
|
||||||
|
gcc -c -O2 -Wall -I. -I.. libopm.c
|
||||||
|
gcc -c -O2 -Wall -I. -I.. list.c
|
||||||
|
gcc -c -O2 -Wall -I. -I.. malloc.c
|
||||||
|
gcc -c -O2 -Wall -I. -I.. proxy.c
|
||||||
|
ar cru libopm.a compat.o config.o inet.o libopm.o list.o malloc.o proxy.o
|
||||||
|
ranlib libopm.a
|
||||||
|
make[1]: Leaving directory `/home/fish/opsb/libopm'
|
||||||
|
gcc -c -O2 -Wall -I/home/fish/NeoStats//include/ -I. -Ilibopm opsb.c
|
||||||
|
gcc -c -O2 -Wall -I/home/fish/NeoStats//include/ -I. -Ilibopm proxy.c
|
||||||
|
gcc -c -O2 -Wall -I/home/fish/NeoStats//include/ -I. -Ilibopm opsb_help.c
|
||||||
|
ld -shared -o opsb.so opsb.o proxy.o opsb_help.o libopm/libop
|
||||||
|
m.a
|
||||||
|
[1005|/home/fish/opsb]
|
||||||
|
[Fish@fish-dt]$
|
||||||
|
|
||||||
|
Again, check for Error messages. As long as there are not error
|
||||||
|
messages, "make install" will install OPSB, this README file, and any
|
||||||
|
auxiluary files needed into your NeoStats directory:
|
||||||
|
[Fish@fish-dt]$ make install
|
||||||
|
(cd libopm; make libopm.a)
|
||||||
|
make[1]: Entering directory `/home/fish/opsb/libopm'
|
||||||
|
make[1]: `libopm.a' is up to date.
|
||||||
|
make[1]: Leaving directory `/home/fish/opsb/libopm'
|
||||||
|
ld -shared -o opsb.so opsb.o proxy.o opsb_help.o libopm/libop
|
||||||
|
m.a
|
||||||
|
/usr/bin/install -c
|
||||||
|
-m 644 opsb.so
|
||||||
|
/home/fish/NeoStats//dl/
|
||||||
|
/usr/bin/install -c
|
||||||
|
-m 644 README.opsb opsb.S
|
||||||
|
ettings /home/fish/NeoStats//dl/../doc/
|
||||||
|
[1006|/home/fish/opsb]
|
||||||
|
|
||||||
|
If you recieve *ANY* errors at all during the this process, please
|
||||||
|
post them on our Support boards, at http//www.neostats.net/boards/
|
||||||
|
|
||||||
|
Once Installation is complete, you can either configure NeoStats to
|
||||||
|
load OPSB when it starts, or load OPSB via IRC.
|
||||||
|
|
||||||
|
To Configure NeoStats to automatically load OPSB when it boots, add
|
||||||
|
the following line to your "neostats.cfg" file in the NeoStats
|
||||||
|
directory:
|
||||||
|
|
||||||
|
LOAD_MODULE OPSB
|
||||||
|
|
||||||
|
To load OPSB via IRC, you must make sure you have the appropriate
|
||||||
|
permissions and issue the following command:
|
||||||
|
|
||||||
|
/msg neostats load OPSB
|
||||||
|
|
||||||
|
Thats it. OPSB is now loaded and ready for use (in fact, it will
|
||||||
|
already be running now, but read on for futher information.
|
||||||
|
|
||||||
|
2. Basic Configuration
|
||||||
|
|
||||||
|
OPSB is completly configured online via IRC. When you first start up
|
||||||
|
OPSB, it attempts some "Sane" defaults for you to get started with,
|
||||||
|
but you should always review these settings as soon as you install.
|
||||||
|
Additionally, while its in this "Default" state, it will warn you
|
||||||
|
every so often via a global message as well as messages to the
|
||||||
|
services channel that it is still "unconfigured". Some of the settings
|
||||||
|
that you may want to review right away are:
|
||||||
|
* Exclusion Lists - You should setup a Exclude list for your IRC
|
||||||
|
Services server (NickServ etc)
|
||||||
|
* Target IP address and Ports that OPSB tries to get the proxies to
|
||||||
|
connect to.
|
||||||
|
* Default Ban Time when OPSB finds a open Proxy.
|
||||||
|
|
||||||
|
These are outlined below:
|
||||||
|
|
||||||
|
2.1. Exclusion Lists
|
||||||
|
|
||||||
|
Exclusion lists allow you to specify certian Hostmasks or Servers that
|
||||||
|
should be excluded from monitoring by OPSB. This exclusion list would
|
||||||
|
allow a administrator to say, allow users on that are matched against
|
||||||
|
a open proxy, when the administrator has verified that the trojan does
|
||||||
|
not in fact exist on the users host.
|
||||||
|
|
||||||
|
Caution
|
||||||
|
|
||||||
|
Exclusions should be setup for your Services Server, so that OPSB does
|
||||||
|
not try to scan ChanServ, or NickServ, or any of the bots relating to
|
||||||
|
Nickname protection.
|
||||||
|
|
||||||
|
Adding a Entry
|
||||||
|
|
||||||
|
To add a entry to the Exclusion list, use the following format:
|
||||||
|
/msg OPSB exclude add <1/0> <type> <reason>
|
||||||
|
|
||||||
|
Where:
|
||||||
|
|
||||||
|
<host> = The HostName/Server or Channel name. WildCards ? and * are
|
||||||
|
permitted.
|
||||||
|
|
||||||
|
<type> = The type of exclusion. 0 is for HostNames, 1 is for Servers
|
||||||
|
|
||||||
|
<reason> = a short description of the exclusion, for operator
|
||||||
|
reference only.
|
||||||
|
|
||||||
|
The output is as follows:
|
||||||
|
>OPSB< exclude add services.irc-chat.net 1 Blah is my reason
|
||||||
|
-OPSB- Added services.irc-chat.net (Server) exception to list
|
||||||
|
|
||||||
|
Listing an Entry
|
||||||
|
|
||||||
|
To list the Exclusions simple type:
|
||||||
|
/msg OPSB exclude list
|
||||||
|
|
||||||
|
And all the current exclusions are listed. Additionaly, a Position
|
||||||
|
number is provided for use with the delete command. The output is as
|
||||||
|
follows:
|
||||||
|
>OPSB< exclude list
|
||||||
|
-OPSB- Exception List:
|
||||||
|
-OPSB- 1) *.blah.com (Server) Added by Fish for Blah is my reason
|
||||||
|
-OPSB- 2) is.blah.com (HostName) Added by Fish for can by high
|
||||||
|
-OPSB- End of List.
|
||||||
|
|
||||||
|
Deleting an Entry
|
||||||
|
|
||||||
|
To delete a entry, you should first lookup the Position of the entry
|
||||||
|
that you wish to delete. The format of the command is as follows:
|
||||||
|
/msg OPSB exclude del <num>
|
||||||
|
|
||||||
|
Where:
|
||||||
|
|
||||||
|
<num> is the position of the entry you wish to delete in the list
|
||||||
|
|
||||||
|
The output of the command is as follows:
|
||||||
|
>OPSB< exclude del 1
|
||||||
|
-OPSB- Deleted services.irc-chat.net server out of exception list
|
||||||
|
|
||||||
|
2.2. TARGET IP and TARGET PORT
|
||||||
|
|
||||||
|
By default, OPSB sets up each proxy scan to attempt to connect back to
|
||||||
|
the IP address and port of the server that NeoStats connects to. This
|
||||||
|
may not always be what you wish, as it can help a attacker map our how
|
||||||
|
your network is structured. Ideally, you should pick the IP address of
|
||||||
|
a IRC server you host that is stable and on a fast connection, and
|
||||||
|
enter its IP address and port numbers into OPSB.
|
||||||
|
|
||||||
|
Changing the TargetIP
|
||||||
|
|
||||||
|
To add a entry to the Helper list, use the following format:
|
||||||
|
/msg OPSB set targetip <newipaddress>
|
||||||
|
|
||||||
|
Where:
|
||||||
|
|
||||||
|
<newipaddress> = The ip address to attempt to get proxies to connect
|
||||||
|
to
|
||||||
|
|
||||||
|
The output is as follows:
|
||||||
|
-> *opsb* set targetip 203.208.228.144
|
||||||
|
=opsb= Target IP set to 203.208.228.144
|
||||||
|
|
||||||
|
Changing the Target Port
|
||||||
|
|
||||||
|
To list the helpers simple type:
|
||||||
|
/msg OPSB set targetport <newport>
|
||||||
|
|
||||||
|
Where:
|
||||||
|
|
||||||
|
<newport> = the new port to attempt to get proxies to connect to
|
||||||
|
|
||||||
|
The output is as follows:
|
||||||
|
-> *opsb* set targetport 6667
|
||||||
|
=opsb= Target PORT set to 6667
|
||||||
|
|
||||||
|
2.3. BanTime
|
||||||
|
|
||||||
|
OPSB by default bans the IP/Hostname of a Open Proxy for 1 day (86400
|
||||||
|
seconds). Some networks may wish to increase or decrease this time
|
||||||
|
value.
|
||||||
|
|
||||||
|
Changing the Ban Time
|
||||||
|
|
||||||
|
To change the bantime, type:
|
||||||
|
-> *opsb* set bantime 86400
|
||||||
|
=opsb= Ban time changed to 86400
|
||||||
|
|
||||||
|
3. Detailed Configuration
|
||||||
|
|
||||||
|
OPSB attempts to be as configurable as possible in order to cater for
|
||||||
|
each individual networks requirements. This in turn though makes the
|
||||||
|
configuration very complex. There are many many settings with OPSB
|
||||||
|
that affect how it operates, how it responds and even, how affects the
|
||||||
|
performance of NeoStats Overall. Out of the box, OPSB provides
|
||||||
|
sensible defaults for these settings, but you may wish to read this
|
||||||
|
section for details on exactly what each option does, and its affect
|
||||||
|
on how OPSB operates.
|
||||||
|
|
||||||
|
The following list summaries the available Options you can set in OPSB
|
||||||
|
* CACHETIME
|
||||||
|
* DISABLESCAN
|
||||||
|
* DOBAN
|
||||||
|
* OPMDOMAIN
|
||||||
|
* MAXBYTES
|
||||||
|
* TIMEOUT
|
||||||
|
* OPENSTRING
|
||||||
|
* SPLITTIME
|
||||||
|
* SCANMSG
|
||||||
|
|
||||||
|
To change any of these settings, you use the Set Interface in OPSB.
|
||||||
|
Eg:
|
||||||
|
/msg OPSB set <option> <params>
|
||||||
|
|
||||||
|
To view the current settings, issue the following command:
|
||||||
|
/msg OPSB set list
|
||||||
|
|
||||||
|
The following Sections describes the different options, their params,
|
||||||
|
and the effect on OPSB in detail.
|
||||||
|
|
||||||
|
3.1. CACHETIME Setting
|
||||||
|
|
||||||
|
In order to improve performance, OPSB caches the results of scans it
|
||||||
|
has performed so if a user disconnects and reconnects, they are not
|
||||||
|
scanned again, and thus this saves bandwidth and improves the
|
||||||
|
performance of OPSB. By default, OPSB saves previous scans for 1 hour.
|
||||||
|
Smaller IRC networks may wish to increase this value, while larger IRC
|
||||||
|
networks that are concerned about performance or memory usage of OPSB
|
||||||
|
may with to leave this setting as it is. Setting the cache time to 0
|
||||||
|
disables the use of caching, and forces OPSB to scan every user
|
||||||
|
connecting every time.
|
||||||
|
|
||||||
|
To Change the setting, issue the following Command:
|
||||||
|
/msg OPSB set CACHETIME <seconds>
|
||||||
|
|
||||||
|
3.2. DISABLESCAN Setting
|
||||||
|
|
||||||
|
Sometimes a IRC administrator may wish to only make use of the Open
|
||||||
|
Proxy list lookup, and not actually perform a scan on users.
|
||||||
|
DISABLESCAN forces OPSB to only perform a lookup of the IP address in
|
||||||
|
the configured OPMDOMAIN.
|
||||||
|
|
||||||
|
If you wish to turn off Proxy checks, issue the following command
|
||||||
|
/msg OPSB set DISABLESCAN <ON/OFF>
|
||||||
|
|
||||||
|
3.3. DOBAN Setting
|
||||||
|
|
||||||
|
Often, when setting up OPSB for the first time, or making changes to
|
||||||
|
the ports that are to be scanning, you may wish to test OPSB without
|
||||||
|
it actually performing a AKILL. Turning DOBAN off disables the
|
||||||
|
placement of a AKILL on open Proxy hosts.
|
||||||
|
|
||||||
|
To Change the setting, issue the following Command:
|
||||||
|
/msg OPSB set DOBAN <ON/OFF>
|
||||||
|
|
||||||
|
3.4. OPMDOMAIN Setting
|
||||||
|
|
||||||
|
This setting changes with domain OPSB should consult for a positive
|
||||||
|
match on a particular IP address. By Default, OPSB checks
|
||||||
|
opm.blizted.org. Another list may be substituted instead of the
|
||||||
|
default on. At this time, we have not tested any other open proxy
|
||||||
|
list, although most lists should work with no problems. Please report
|
||||||
|
success/failure to our boards
|
||||||
|
|
||||||
|
To Change this Setting, issue the following Command:
|
||||||
|
/msg OPSB set OPMDOMAIN <newdomain>
|
||||||
|
|
||||||
|
3.5. MAXBYTES Setting
|
||||||
|
|
||||||
|
Maxbytes controls how much data to read from a open connection before
|
||||||
|
determining that the host in question does not contain a Open Proxy.
|
||||||
|
As we check ports that are common with legitimate applications such as
|
||||||
|
webservers, we don't need to download the entire webpage to determine
|
||||||
|
that it is not a open proxy. By default, we only read 500 bytes which
|
||||||
|
should be sufficient for most networks.
|
||||||
|
|
||||||
|
To Change this Setting, issue the following Command:
|
||||||
|
/msg OPSB set MAXBYTES <bytelimit>
|
||||||
|
|
||||||
|
3.6. TIMEOUT
|
||||||
|
|
||||||
|
It is very common for users to now use personal firewall software on
|
||||||
|
their PC. This often leads to probes the the users ip address that
|
||||||
|
never actually get rejected or are successfull, but just hang trying
|
||||||
|
to connect. the Timeout value controls how long to wait before
|
||||||
|
assuming that the host is not operating a proxy. By default, we wait
|
||||||
|
30 seconds
|
||||||
|
|
||||||
|
To Change this setting, issue the following command:
|
||||||
|
/msg OPSB set TIMEOUT <seconds>
|
||||||
|
|
||||||
|
3.7. OPENSTRING
|
||||||
|
|
||||||
|
This setting controls what strings to look for that indicate a Open
|
||||||
|
Proxy. By default, we look for the standard string "*** Looking up
|
||||||
|
your hostname..." which is one of the first messages sent to
|
||||||
|
connecting IRC clients. There should be no need to change this
|
||||||
|
setting. Internally, OPSB also scans for common Trottle or akill
|
||||||
|
messages.
|
||||||
|
|
||||||
|
To Change this setting, issue the following command:
|
||||||
|
/msg OPSB set OPENSTRING <newstring>
|
||||||
|
|
||||||
|
3.8. SPLITTIME
|
||||||
|
|
||||||
|
OPSB is very sensitive to timedrifts on the IRC network. In order to
|
||||||
|
not scan users that might be part of a Netjoin (When two IRC servers
|
||||||
|
reconnect after a Netsplit) we only scan users who's signon time is
|
||||||
|
less than this setting. If your IRC network times are not in sync, you
|
||||||
|
might experience issues where users connecting to one "lagged" out
|
||||||
|
server are not scanning. In this case, you should fix the time on the
|
||||||
|
affected server. A last resort is to increase this time value. By
|
||||||
|
default, we only scan users that connected in the last 300 seconds
|
||||||
|
|
||||||
|
To Change this setting, issue the following command:
|
||||||
|
/msg OPSB set SPLITTIME <seconds>
|
||||||
|
|
||||||
|
3.9. SCANMSG Setting
|
||||||
|
|
||||||
|
This setting changes the default message that is sent to users when
|
||||||
|
they sign on the IRC network. You can customise this message to point
|
||||||
|
to a webpage giving more details, or customize to your local language.
|
||||||
|
|
||||||
|
To Change the setting, issue the following Command:
|
||||||
|
/msg OPSB set SCANMSG <msg>
|
||||||
|
|
||||||
|
4. Operational Commands
|
||||||
|
|
||||||
|
OPSB has a number of commands that you can issue it in order to
|
||||||
|
perform checks or operations on your IRC network. These commands aid
|
||||||
|
Administrators in keeping their network secure, and keeping OPSB upto
|
||||||
|
date.
|
||||||
|
|
||||||
|
The following list summerizes these commands:
|
||||||
|
* LOOKUP
|
||||||
|
* INFO
|
||||||
|
* CHECK
|
||||||
|
* STATUS
|
||||||
|
* REMOVE
|
||||||
|
|
||||||
|
The following Sections Describe these commands in detail
|
||||||
|
|
||||||
|
4.1. LOOKUP Command
|
||||||
|
|
||||||
|
The lookup comand can perform DNS lookups for you. You can specify
|
||||||
|
what information you wish to retrive. This command is open to all
|
||||||
|
users by default.
|
||||||
|
|
||||||
|
The format of the command is as follows:
|
||||||
|
/msg OPSB lookup <ip|hostname> <flag>
|
||||||
|
|
||||||
|
Where:
|
||||||
|
|
||||||
|
<ip|hostname> is the item you wish to lookup.
|
||||||
|
|
||||||
|
<flag> is optional, and specified what type of data you wish to
|
||||||
|
lookup. Available options include:
|
||||||
|
|
||||||
|
txt - Lookup Text Records rp - Lookup the Responsible Person for this
|
||||||
|
record ns - Lookup the Name Servers for this record soa - Lookup the
|
||||||
|
SOA for this Record
|
||||||
|
|
||||||
|
If no flag is given, we attempt to lookup the A record.
|
||||||
|
|
||||||
|
The output of the command is as follows:
|
||||||
|
-> *opsb* lookup irc.irc-chat.net
|
||||||
|
=opsb= irc.irc-chat.net resolves to 202.181.4.129
|
||||||
|
=opsb= irc.irc-chat.net resolves to 203.208.228.144
|
||||||
|
=opsb= irc.irc-chat.net resolves to 216.218.235.254
|
||||||
|
=opsb= irc.irc-chat.net resolves to 66.227.101.55
|
||||||
|
|
||||||
|
4.2. INFO Command
|
||||||
|
|
||||||
|
This command provides users with information about what functions OPSB
|
||||||
|
performs. Its intended to just provide directions to users for more
|
||||||
|
information
|
||||||
|
|
||||||
|
The format of the command is as follows:
|
||||||
|
/msg OPSB info
|
||||||
|
|
||||||
|
4.3. CHECK Command
|
||||||
|
|
||||||
|
This command forces OPSB to perform a full scan on the specified
|
||||||
|
nickname, ip adress or hostname.
|
||||||
|
|
||||||
|
The format of the command is as follows:
|
||||||
|
/msg OPSB check <nick|host>
|
||||||
|
|
||||||
|
The output is as follows:
|
||||||
|
=opsb= Checking fish for open Proxies
|
||||||
|
<opsb> Starting proxy scan on Fish (XXXX.singnet.com.sg) by Request of Fish
|
||||||
|
=opsb= Negitiation failed for protocol HTTP(80)
|
||||||
|
=opsb= Negitiation failed for protocol HTTP(8000)
|
||||||
|
=opsb= Negitiation failed for protocol HTTP(3128)
|
||||||
|
=opsb= Negitiation failed for protocol SOCKS4(1080)
|
||||||
|
=opsb= Negitiation failed for protocol SOCKS5(1080)
|
||||||
|
=opsb= Negitiation failed for protocol WINGATE(23)
|
||||||
|
=opsb= Negitiation failed for protocol ROUTER(23)
|
||||||
|
=opsb= Negitiation failed for protocol HTTPPOST(80)
|
||||||
|
=opsb= Negitiation failed for protocol HTTPPOST(8000)
|
||||||
|
=opsb= Negitiation failed for protocol HTTPPOST(3128)
|
||||||
|
=opsb= Closed Proxy on Protocol HTTP (8080)
|
||||||
|
=opsb= Closed Proxy on Protocol HTTPPOST (8080)
|
||||||
|
=opsb= scan finished on Fish
|
||||||
|
=opsb= XXXX.singnet.com.sg does not appear in DNS black list
|
||||||
|
|
||||||
|
4.4. STATUS Command
|
||||||
|
|
||||||
|
This command gives the Administrator statistics on the how OPSB is
|
||||||
|
performing, how many checks it has conducted, and other information
|
||||||
|
relating to the performance of OPSB.
|
||||||
|
|
||||||
|
The format of the command is as follows:
|
||||||
|
-> *opsb* status
|
||||||
|
=opsb= Proxy Results:
|
||||||
|
=opsb= Hosts Scanned: 5831 Hosts found Open: 1 Exceptions 0
|
||||||
|
=opsb= Cache Entries: 128
|
||||||
|
=opsb= Cache Hits: 5523
|
||||||
|
=opsb= Blacklist Hits: 4
|
||||||
|
=opsb= Currently Scanning 0 Proxies (0 in queue):
|
||||||
|
|
102
README.opsb.html
Normal file
102
README.opsb.html
Normal file
File diff suppressed because one or more lines are too long
27
html.css
Normal file
27
html.css
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
body {
|
||||||
|
background: #FFFFFF;
|
||||||
|
}
|
||||||
|
|
||||||
|
h1, h2, h3, h4, h5 {
|
||||||
|
color: #800000;
|
||||||
|
font-family: sans-serif;
|
||||||
|
}
|
||||||
|
|
||||||
|
span.term {
|
||||||
|
font-weight: bold;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.sidebar {
|
||||||
|
background: #F0F0F0;
|
||||||
|
border: 1px solid gray;
|
||||||
|
padding: 5px;
|
||||||
|
margin: 20px;
|
||||||
|
}
|
||||||
|
|
||||||
|
pre.programlisting {
|
||||||
|
background: #F0F0F0;
|
||||||
|
border: 1px solid gray;
|
||||||
|
padding: 2px;
|
||||||
|
font-size: 10pt;
|
||||||
|
white-space: pre;
|
||||||
|
}
|
Reference in a new issue