DALnet Knowledge Base #450

User hostmasking feature

This KB article is available in the following languages: Arabic | German | Malaysian | Portuguese

=== When is this happening? ===

DALnet is has completed the staged rollout of user hostmasking.

All DALnet servers are now enabled for user hostmasking and will set usermode +H by default for new connections.

=== How does it work? ===

When a user connects to a hostmask enabled server, they will automatically be set usermode +H, which shows their masked hostname.

For example, a user that connects with host 10-23-23-116.server.myisp.net would be visible to other users as bdc7-7c7a-9179-7486-6846.server.myisp.net. A user who connects with IP address 10.20.17.4 would be visible to other users as f0c6-d3de-b094-6eeb-5c7.20.10.ip.

We are using a hashing algorithm, so the same host or IP will always be masked to the same result even if the user reconnects. The masked hostname is not changeable by users and users cannot request a custom hostmask.

When +H is on, the masked hostname will show in /whois, in channel joins/parts, and any other place a hostname is shown in ircd or services.

/who will show whichever host is currently in use; if the user is +H, it'll show the masked host, otherwise it'll show the real host.

The user has the option to set usermode -H to show their real hostname or IP. In order to set or remove the H usermode, the user must not be in any channels. This is keep client-side channel lists in sync. There is a limit of 2 usermode H changes in 5 minutes as a flood mitigation measure.

IRC Operators will be able to see the real hostname and real IP, even if if a user has hostmasking enabled.

=== What about ban evasion? ===

Any ircd or services feature that supports an address mask (access lists, bans, exempt lists, invite lists, HOP/VOP/AOP/SOP masks, AKILLs, etc.) will accept either the real hostname, the masked hostname, or the real IP and will apply no matter if the user is +H or -H.

For example, one could ban the above user with *!*@10*.server.myisp.net or *!*@10.23.* and the ban would still be effective even if the user is masked. Our systems will check the address mask against the real hostname, the masked hostname, and the real IP.

=== Are there any special cases? ===

Hostnames that consist of only one label and a TLD will always be hostmasked as an IP address. For example, if someone's real hostname is "example.com", this user will be hostmasked as "HASH.#.#.ip" because hostmasking as "HASH.com" would be too permissive.

If a hashed hostname exceeds 63 characters, we'll fallback to hostmasking the IP address instead. In a future release, the hostname limit will be increased to 255 characters.

KB #450

Category:

Frequently Asked Questions

Added by:

xPsycho

Added on:

09/08/2022 19:40

Last updated by:

xPsycho

Last updated on:

22/10/2022 01:54

Attachments

File	Size
* None *

Latest News

- Bahamut 2.2.3 release
- sakura.jp.as.dal.net is testlinked
- atw.hu.eu.dal.net linked!

View archive

User Account Login

Chat Now

Teams

Administration AOB IRCd Coding Documentation Help Committee Hostmasters KLine MassAds Postmasters Routing Services - Oper Training Services - Root Admins Web Team Teams Listing

Tip of the day

Want to know more about DALnet's history? check out http://docs.dal.net/docs/history.html