< Day Day Up > |
Hack 80 Fake an Ident Response
Fake a simple Identification Protocol server to convince IRC servers who you are. In the Unix world, it is generally taken for granted that it is possible to determine the ownership of a TCP connection by querying the Ident server. A process called identd runs in the background and accepts queries from remote machines. The Ident server then responds with information that identifies the user of that connection. Most IRC servers attempt to use the Identification Protocol to establish the identity of each user that connects to it. When you connect to the IRC server, it will establish a separate connection to the Ident server on the machine you are connecting from. The IRC server will then ask to whom the connection belongs. If all goes well, the Ident server will respond correctly, the IRC server will be happy, and you'll be allowed to chat away. One curious thing about the Ident Protocol is that nearly all IRC servers make use of it, yet a huge number of users do not run a permanent Ident server. In particular, users of Microsoft Windows will find that their operating system does not run an Ident server unless they have specifically downloaded and installed one. For this reason, most IRC clients come with their own implementation of an Ident server built in. When you instruct your client to connect to an IRC server, it can turn on the temporary Ident server to accept the Ident query. Once this has been done, there is no need to leave the Ident server running, so it can be closed. The Identification Protocol runs on TCP port 113. On Unix-based systems, "normal" users will not have permission to run processes that create server sockets on this low port number. As the identd process is normally already running as root on most Unix systems, this is not so much of a problem. On other operating systems where an Ident server is not already running, such as Windows, there are often no restrictions on creating such processes. If you do have permission to create a server socket that accepts connections on port 113, it is worth remembering that there can only be one process at a time that does this. The Identification Protocol is fairly simple, and you need to know only a little bit about it to fool an IRC server. However, if you want to know more, the protocol is defined in RFC 1413. The full contents of this RFC document can be found at http://www.faqs.org/rfcs/rfc1413.html. When a client (or in our case, an IRC server) wants to query our Ident server, it will do so by connecting to it and sending a line of text. For the purpose of hacking together a quick program to satisfy an IRC server, you do not even need to know what this line of text is—all you have to do is make sure it's used as part of your response. The expected response must start with this line and end with your desired login. Here is an example of an Ident request from an IRC server: 3408, 6667 The request is simply asking who is connecting to port 6667 from port 3408 on the local machine. If you want to tell the IRC server that your login is "paul," you simply respond with: 3408, 6667 : USERID : UNIX : paul You can now close the connection and shut down the Ident server. Note that each line sent via the Identification Protocol must be terminated with a trailing return and new line (i.e., \r\n). 13.4.1 The CodeSave the following in a file called IdentServer.java : import java.net.*; import java.io.*; public class IdentServer { public static void ident(String login) throws IOException { // Wait for a connection on port 113. ServerSocket ss = new ServerSocket(113); Socket socket = ss.accept( ); BufferedReader reader = new BufferedReader( new InputStreamReader(socket.getInputStream( ))); BufferedWriter writer = new BufferedWriter( new OutputStreamWriter(socket.getOutputStream( ))); // Read the line from the connecting client. String line = reader.readLine( ); if (line != null) { System.out.println(line); // Create our line of reply and send it back. line = line + " : USERID : UNIX : " + login; System.out.println(line); writer.write(line + "\r\n"); writer.flush( ); } // Close the connection and let the program end. writer.close( ); ss.close( ); } public static void main(String[] args) { try { // Tell the ident server to respond with the login "paul". ident("paul"); } catch (IOException e) { // If anything goes wrong, print it to the standard output. e.printStackTrace( ); } } } 13.4.2 Running the HackCompile the program with the javac command: % javac IdentServer.java After compiling the program, run it with the java command: % java IdentServer This hack is standalone and can be run as a temporary one-shot Ident server. While the IdentServer is running, you can connect to an IRC server and let it respond to the Ident request. After the response has been sent, the program will end. As you can see from this hack, implementing a simple Ident server is not particularly difficult. This standalone program could be modified and used within your own Java applications, including IRC clients or bots. 13.4.3 Firewalls and IdentTake care when using Ident from behind a firewall or Network Address Translation (NAT). If the IRC server you are connecting to is unable to see your Ident server, there is no point running it in the first place. Remote machines must be able to connect to port 113 of your machine to use your Ident server. To allow this to happen through a firewall, you may need to explicitly open this port or allow it to be forwarded from another machine. |
< Day Day Up > |