SecureFAQ How to protect yourself and your channel on NewNet by NewNet Opers/Admins Update: 10/20/97 (JumpMan) For questions and/or help regarding these issues, go to #services Introduction: ----------------- Due to the recent problems IRC in general has been experiencing with some abusive users exploiting the IRC system in general, we have compiled this information to help you protect yourself. These steps have been here all along, but many users are not familiar with them. We strongly encourage you to read and implement the following procedures to ensure you are not a victim of an abusive users exploitation. Scope: ---------------- This document answers the following questions: 1) How do I ensure no-one is using my nickname when I am not on irc? 2) How do I protect myself against another person impersonating me? 3) How do I ensure that no-one can obtain channel ops using my nickname? 4) How do I protect my channel against a takeover? NickServ is your most important line of defense. The key to all of the above is the proper use of NickServ. In the following paragraphs we will show you how NickServ will protect you from all of the above. NOTE: This document does not take the place of the !Services FAQ obtained from channel #services. !Services covers ALL NickServ/ChanServ commands and is recommended reading. Protecting Your NickServ Identity ------------------------------------------ To ensure your nickname is not being used by anyone but yourself, you must first register your nick. The command for this is: /msg nickserv register Do not forget your password. It is very important that you keep it in a safe place. Once registered, you need to set a nickserv access mask. This is done by determining your user@host. Before you can do this, you must first insure you are properly idented. To properly ident in mIRC, go to FILE/SETUP/IDENTD then check the Enable Ident Server box, and in the User ID box, type your preferred Ident. All other entries are fine as they are. To properly ident in pIRCh, To propely ident in BitchX, To properly ident in Ircle, To properly ident in Once you have set your desired ident, you must log off, exit your program and restart. Log into the NewNet server of choice, and type: /dns The exact name you chose to ident with should be right before the @ sign. There should be no ~ sign in front of it. If there is, there is something wrong and we suggest to join #services for help. To determine the proper mask, you must know a little about how your isp assigns dns addresses. Is your dns address static (always stays the same) or dynamic (changes each time you dial in to your provider)? If it is static, then the task is easy. Your mask would look similar to the following: YourIdent@206.48.106.86 or YourIdent@newnet.rulez.com In this case, the command to add your nickserv mask is: /msg nickserv access add YourIdent@206.48.106.86 <<--Place your mask here. Note: You must be registered and identified (/msg nickserv identify ) for this command to work. In most cases, your mask is dynamic and each time you dial in it changes. In this case you must determine exactly what changes about it. For example, my mask is User1@hes*.southwind.net. My actual dns can be anywhere from User1@hes1.southwind.net to User1@hes24.southwind.net. Since I know what numbers change, I am able to use the * to denote a wildcard. It is VERY important you do not wildcard the ident portion of your mask. If you are unsure of your correct NickServ mask, join #services and ask for help. This is a key issue in security and it is very important it be done correctly. In this case, the command to add your nickserv mask is: /msg nickserv access add YourIdent@hes*.southwind.net <) for this command to work. Once you have a single access mask added to nickserv, you are ready to ensure no-one will be using your nick while you are away. To do this, type: /msg nickserv set kill on NickServ will now warn the person trying to take your nick and if that is insufficient, will kill them to ensure your nick is not used. Providing you have properly taken the above steps, you will be in for hassle free enjoyment of NewNet with no worry of an abusive user violating your nick. Additionally, proper ident, proper mask, and setting the kill feature on will also make your channel ops more secure. Protecting Your Channel ------------------------------------- NickServ is your channels best line fo defense against takeovers, etc. Here is how to ensure your channel is as secure as possible: 1) Never add ops to the Chanserv access list by Mask. Always use their Nickname. Example: /msg chanserv access add JumpMan 5 You might ask why this is better? In order for JumpMan to have access to ops in the channel, he must first have identified with NickServ. This requires his nickserv password. If he followed all of the steps above, you can be darn sure its really him getting opped in your channel. The chanserv mask does not require this and is therefore less secure. 2) Set Secureops on. Example: /msg chanserv set secureops on This feature ensures that anyone who is NOT on the chanserv access list will not get ops. If one of your ops were to attempt to op a friend not on the list, chanserv would de-op them immediately. This feature coupled with adding your ops by nickname will greatly reduce the chances of a channel takeover. ------------------------------------- We hope this helped you understand and implement the proper security procedures for both you personally and your channel. If you have ANY questions regarding this information, stop by #services and chat with us and we will be most happy to help. 1. There is a little known and WONDERFUL function of NickServ called: /msg nickserv set OPER on now, you cannot identify unless you have your oper pass in first. Use this in conjunction with: /msg nickserv set kill on If you are a user be sure you have /msg nickserv set kill on. That will stop anyone from using your nick. Now, they have to use ANOTHER nick.. too bad, cause now they can't spoof. :) but lets not stop there: 2. Make sure your NickServ access masks are EXACT. It would be a good idea to have only 1 access mask.. the one you use. Make sure you are ALWAYS idented ( no ~ in front of your nick) then add the mask so that only you (with your particular ident) can use the mask. For Example : I am JumpMan. In my mIRC (or whatever) I have chosen the word User1 to be my Ident. My dial up currently has me at: hes2.southwind.net. The ONLY mask I need and the one that ensures no-one else can be me is: User1@hes*.southwind.net. NOT *User1@*.southwind.net and NOT *User1@hes*.southwind.net. 3. ALWAYS add channel ops by NICK, not by chanserv mask. This will ensure the user is Idented with Nickserv first and that hopefully KILL protection is enabled. With nickserv, you can guarantee the person is who they say they are because they had to enter their nickserv pass to identify BEFORE gaining ops.