From MIXXnet Wiki

Revision as of 19:25, 3 October 2009 by MIXX941 (Talk | contribs) (Minor formatting edit)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

MIXXnet allows connections to the network using a proxy. While we do not globally deny access to proxied connections under normal circumstances, we do have mechanisms in place which provide channel operators fine control over what is and what is not allowed in their channels. This article will outline MIXXnet's network-wide proxy policies and how we handle connections made through proxies.

General Information

All connections made to the network are checked against various Domain Name Service Blacklists (DNSBLs) which can identify potential sources of abuse. Port scans may also be performed to check for active open proxies running on your IP address. If the IP address you are connecting from is detected as being a proxy, you will receive a private message from "ProxyGuard" notifying you of this and your hostname will be altered with one of the following appended to the end:

  • .dnsbl.proxy - IP address is on a blacklist that we check against
  • .tor.proxy - Tor Project exit node that allows connections to IRC ports

If your IP address is on a blacklist, you will be given removal instructions via private message. Please follow these instructions to get your IP removed from the blacklist and reconnect to MIXXnet when the removal process is complete. If the removal process is successful, you should no longer be detected as a proxy and your normal hostname should be shown on the network.

Channel operators have the option of banning some or all users that are detected as using a proxy. If you are detected and notified, please be aware that you may not be able to join certain channels on the network until you are removed from the blacklist. This is entirely a channel's decision and we as a network will not override this channel policy.

MIXXnet reserves the right to impose temporary global limits or restrictions on proxied connections if a situation warrants.

If you have any questions about or need help regarding connections through proxies, please ask in #help.

Channel Implementation

MIXXnet provides the ability for channels to restrict access to users using proxies which can help with potential abuse issues like bot floods or ban evasion. This is not enabled by default in any channels, however it can be set and removed at will by channel operators. Blocking proxied connections is handled through channel mode "b" (ban). The following is a list of hostmasks you can ban to block proxies from your channel:

  • *!*@*.dnsbl.proxy - Block users whose IP is blacklisted as an abusive IP (does not include Tor)
  • *!*@*.tor.proxy - Block users who are connecting through the Tor Project
  • *!*@*.proxy - Block all detected proxies

If your channel blocks some or all of the above proxies and a user attempts to join, they will be notified that they are banned. We understand that this might not be the most desired behavior, however we have come up with a couple methods to help the user know why they are banned and how to fix it.

1) Anytime a user is detected as being a proxy, they will receive a private message notifying them of this which provides a link to this article with the explanation above as well as instructions for removal if possible. This should hopefully clarify why they are banned from your channel, and once they are removed from the blacklist they will be allowed to join immediately upon reconnecting to IRC.

2) Channel operators also have the option of setting a channel to redirect users to if they are banned and attempt to join. In this case, you should direct users who are banned due to using a proxy to #proxyhelp to receive further help on this issue. For example, to block all proxies and redirect proxied users to #proxyhelp:

/mode #channel +b *!*@*.proxy#proxyhelp

While false positives in our testing have been very low so far, we do recommend carefully thinking about your channel's normal proxy policy as banning based on detections through this system will be placing trust in third party blacklists to be accurate and responsible.

For any help regarding restricting proxies in your channel, please ask in #help.