|
|
| Author |
Message |
al5001
Lurker
Joined: 17 Jul 2003
Posts: 181
Location: Canada
|
 Posted: Jul 11, 2004 1:38am Post subject: |
 |
|
You can't just track people down like that. Most ISPs, if not all, have what's called an IP pool for dynamic IP addresses. Unless you run a business, you'll never have a static address, and more likely you'll have a dynamic address from an IP pool. This IP pool could even cover one whole country, holding thousands of addresses, each belonging to different places. Saying that you can track people down just with their IP is totally bullocks. You can only trace the IP down to the provider, and then you'll need to get a court order to even force the ISP to tell you any info on that person. Ever hear about the internet privacy act? No ISP can just give away your street address without court order or your permission
So okay, I blew away that point. The only thing you have left is security. DDoS, hacking, etc -- most computers that have Windows preinstalled already have antivirus and firewall software. Anyone these days not having it is a sitting duck. GNU/Linux, BSD, and the rest of UNIX-based systems all have some kind of firewall capability. All you gotta do is configure it. And if you don't have a firewall and antivirus software, some ISPs will even delete your account, just like my ISP will. DDoS is the only problem I see, and if it gets really bad, the user can just get a new IP address by renewing the lease with cable/DSL, or reconnecting with dialup. At the very very least, the user could talk to his own ISP and report to them the person doing the DDoS.
You'll need many more excuses before you can convince me that IP masking is desperately needed in IRCd. As I see it, hostmasking is a luxurious feature, not a necessity.
PS: Just think about it. Every email you send. Every website you visit. Every DCC file you send. You give away your IP to all of those. |
|
| Back to top |
|
 |
Talrias
Lurker
Joined: 16 Feb 2004
Posts: 163
Location: :noitacoL
|
| Posted: Jul 11, 2004 9:08am Post subject: |
|
|
| al5001 wrote: | | PS: Just think about it. Every email you send. Every website you visit. Every DCC file you send. You give away your IP to all of those. |
Unfortunately your comparison is flawed.
When I get an email, I only see the IP address of the SMTP server which the email came from. I do not see the IP address of the user sending it.
When I view a website, most of the time only the website owner is the only person who can see the IP address, or people helping to run the website (e.g. community moderators or employees).
I choose who to send DCCs to.
These are all unlike your vision of IRC where the IPs are fully revealed to anyone else connected to the server! This is unlike emails, websites AND DCC.
If you are going to post other situations where IPs are shown to practically anyone using the service, please make sure they are correct.
Chris |
|
| Back to top |
|
|
magpie
Idler
Joined: 18 Jan 2004
Posts: 454
Location: Essex, UK
|
| Posted: Jul 11, 2004 9:44am Post subject: |
|
|
| Talrias wrote: |
Unfortunately your comparison is flawed.
When I get an email, I only see the IP address of the SMTP server which the email came from. I do not see the IP address of the user sending it. |
That depends very much on the SMTP server and the configuration of it and the client sending the email. |
|
| Back to top |
|
|
Talrias
Lurker
Joined: 16 Feb 2004
Posts: 163
Location: :noitacoL
|
| Posted: Jul 11, 2004 10:06am Post subject: |
|
|
| magpie wrote: | | Talrias wrote: |
Unfortunately your comparison is flawed.
When I get an email, I only see the IP address of the SMTP server which the email came from. I do not see the IP address of the user sending it. |
That depends very much on the SMTP server and the configuration of it and the client sending the email. |
Regardless, his point is still wrong. No other users of the email service is able to view any IP addresses from emails I get, unlike on IRC. |
|
| Back to top |
|
|
GeniusDex
Lurker
Joined: 16 Aug 2003
Posts: 150
|
| Posted: Jul 12, 2004 12:38am Post subject: |
|
|
| al5001 wrote: | | You can't just track people down like that. Most ISPs, if not all, have what's called an IP pool for dynamic IP addresses. Unless you run a business, you'll never have a static address, and more likely you'll have a dynamic address from an IP pool. This IP pool could even cover one whole country, holding thousands of addresses, each belonging to different places. Saying that you can track people down just with their IP is totally bullocks. You can only trace the IP down to the provider, and then you'll need to get a court order to even force the ISP to tell you any info on that person. Ever hear about the internet privacy act? No ISP can just give away your street address without court order or your permission |
I haven't had a dynamic IP for years now, about the only providers left that have it (at least over here) are dial-in providers (or 2 or 3 broadband providers everyone's swearing at for having dynamic ip's). And those dynamic IP ISP's should (i know some do, not sure about all) track who has what IP at what time, so if they get an abuse mail coming in from anyone saying "that ip has hacked me" and have enough proof (for example), they can easily take action. If i see someone who has a botnet i rather send a mail to abuse@ of the ISP than bring him to court myself. And if i do that, an ISP has nothing useful when i sent them a masked host. You'd have to ask the net admins for the real IP, and thus everyone can quite easily get the real ip from someone. Conclusion: insecure or pointless.
| Quote: | | So okay, I blew away that point. The only thing you have left is security. DDoS, hacking, etc -- most computers that have Windows preinstalled already have antivirus and firewall software. Anyone these days not having it is a sitting duck. GNU/Linux, BSD, and the rest of UNIX-based systems all have some kind of firewall capability. All you gotta do is configure it. And if you don't have a firewall and antivirus software, some ISPs will even delete your account, just like my ISP will. DDoS is the only problem I see, and if it gets really bad, the user can just get a new IP address by renewing the lease with cable/DSL, or reconnecting with dialup. At the very very least, the user could talk to his own ISP and report to them the person doing the DDoS. |
And you can only report someone when you have their real IP or hostname, that's about the only valid tracking you have on the internet, the rest can be all lies.
| Quote: | | You'll need many more excuses before you can convince me that IP masking is desperately needed in IRCd. As I see it, hostmasking is a luxurious feature, not a necessity. |
It comes in handy for people who are trustable and have a higher risk at being victims (mainly IRCops). But no, as a normal user you have not much more risk than when you just browse the web and send an email or two.
| Quote: | | PS: Just think about it. Every email you send. Every website you visit. Every DCC file you send. You give away your IP to all of those. |
With IRC anyone can join and easily get your IP, with the examples you give only the target can easily get your IP. |
|
| Back to top |
|
|
Ashen
Idler
Joined: 05 Jan 2004
Posts: 285
|
| Posted: Jul 12, 2004 10:14pm Post subject: |
|
|
The fundamental problem here is that without accountability, IRC would descend into a warzone.
The ident, nick, version, and so on of a connected user can be changed very easily in almost all cases. The only thing we have left to identify people with that they can't very easily change is their IP/host.
IRC Admins know this, and so do coders. Why do you think it is that it is common for the default bantype in various services to be *!*@full.host?
I am totally against fully hiding the IP addresses of clients, using vhosts such as username.staticdomain.org (undernet's ID.users.undernet.org is an example of this bad policy) as ban evasion becomes almost impossible to defeat without oper intervention.
Partial IP address hiding may be useful to stop user<-->user DoS or nuking (but then again, is stopping this our responsibility?). Even if this is true, it is the same principle that has resulted in our situation with AOL where, due to not being able to resolve a user on AOL down to any small area, in order to ban one AOL user (XHCO8304.ipt.aol.com), we have to ban them all (*.ipt.aol.com). It makes banning people extremely difficult...... and turns ban evasion from a minor problem into a serious disaster.
I'd support some very limited hostmasking of a small part of the address of a client (maybe, up to the first . in a hostname with more then 4 parts, or the last segment of the 4 part IP address) but no more then this...... to provide users with more anonymity beyond this is simply encouraging them to act without care for the consequences.
-Ashen |
|
| Back to top |
|
|
angelic
Lurker
Joined: 01 Aug 2003
Posts: 148
|
| Posted: Jul 13, 2004 1:05am Post subject: |
|
|
The first few pages of this thread were amusing to start with and then just plain insulting.
As the admin of a network that uses UnrealIRCD i seem to fit into the newbie catagory for some of you here. Not only that, but to add insult to injury, because my network uses unreal, i _must_ be power hungry admin. Oh, on top of that i'm a girl, so i'm buggered.
<evil cackle>
We chose unreal because of the options and freedom it allows our users, for the clueful developers who (more often than not *hi codemastr*) listen to their users and supporters, we chose anope services for the same reasons.
I dislike the implications made in this thread by the self named elite of irc.
Firstly why should irc remain closed to people less technically minded than l33t *nix g0d5? Why shouldn't a teacher wanting to open a network for their book group be able to grab and ircd and run it?
Secondly, rarely do i join a network and _not_ see some kind of oper abuse. I view comments, like those made here, to users in that god awful "i am l33t3r than j00" tone, as abuse.
You can guarantee you've not done yourselves or the networks you're representing any favours with this thread. |
|
| Back to top |
|
|
al5001
Lurker
Joined: 17 Jul 2003
Posts: 181
Location: Canada
|
| Posted: Jul 13, 2004 3:05pm Post subject: |
|
|
| Quote: | | Unfortunately your comparison is flawed. |
Wow, gotta love those ignorant replies I keep getting.
Now, sign up for hotmail. Yes! Do it! Now.. send yourself an email from your hotmail address to one of your POP3 email addresses. Next, check the properties of the email that was sent. You will see something like this:
X-Originating-IP: [209.226.xxx.xxx]
X-Originating-Email: [user@hotmail.com]
I did this myself and it actually sent my REAL IP!!! Now, how is my point flawed?????????
Explain. |
|
| Back to top |
|
|
katsklaw
Guru
Joined: 28 Jun 2004
Posts: 1122
|
| Posted: Jul 13, 2004 3:19pm Post subject: |
|
|
ok, we aren't talkin about modes anymore ... we are talkin about everything but. So this thread has outlived it's purpose.
Closed. |
|
| Back to top |
|
|
|
|
| |
Register
Log in
