Legends of Belariath

Technical Help

Networks, Security and IRC

A (hopefully) simple explanation of networking, with particular attention to security and IRC

With so many hostile programs and people out on the Internet, a short, hopefully easy to understand and simple explanation of what occurs when your computer connects you to IRC and other systems might help you both understand what is going on, and more importantly how to protect yourself and make informed choices, as well as deal with common problems.

General Stuff

What's going on here?

Let's start off with a overview of a typical IRC session starting up. When you start up your computer and run your favorite IRC software and tell it to connect, it uses DNS to find the IRC server you wish to talk to, informs the server you want to talk. Assuming the server is running and has room for another person talking to it, it connects back to your computer. The server then tries to find out information about you by both asking your software for your preferred nickname and by sending out an ident query to find out who you are and by asking DNS about who your computer is. These 3 pieces of information are combined to make your identity that is shown to other users, and used for such things as services from ChanServ or NickServ, as well as for permissions on what channels you can or cannot use. So, now you are connected, and join a channel or two. Almost everything you type gets sent to the server, which then sends a copy of that to each other person connected to it that is in the same channel as you.

But what's really going on?

Alright, so that's the big picture. Let's get a bit smaller. All communications over the Internet take place in small chunks of data called 'packets'. Think of them as envelopes filled with data. On each 'envelope' is the sender's address, the delivery address, the type of contents, and some other data we don't need to worry about. So, when you type in a line in IRC, or ask your computer to find another computer, or ask for a web-page, your computer puts all that data into a packet and then sends it off to your ISP.

"Why to my ISP, and not directly to the computer I want to talk to?", you may ask. The Internet works on a principle that no computer needs to know where every other computer is: all they have to know is how to find someone who knows more than they do. So since your computer probably doesn't have any idea where fred.irc.net is, and is almost certainly not directly connected to that server, it hands the packet to your ISP who knows at least a bit more about the final destination. Your ISP in turn hands it of to another computer, and so forth, until the packet gets to where the address on it says it's supposed to go. On the average, your packet may pass through anywhere from 5 to 30 other computers to get where its going. And the packet that comes back at you from the other computer might not even take the same path as the one you sent.

What is a server anyway?

Most of the traffic on the Internet follows what is called the 'client-server' model. What that means is there is a program running on a computer somewhere that sits waiting to provide a service, listening at a specific address and a specific port for incoming requests. Another program, called the client, wishes to make use of that service, so sends a request to the server to start the 'conversation' between your computer and the server. So the server is the system that listens, and provides services for the client, while the client is the system that makes use of the services, and has to go find the server to use them.

I have this thing called a router, what is it?

A router is a basically simple computer that decides where to send the packets that it receives. A router is sort of like your local postman, who gets mail from the central office, then passes it around to all the local addresses. In many cases, the router may also actually change addresses on incoming and outgoing packets. for example, if you have a broadband router at your home, your ISP might only supply you with a single address. That would mean you couldn't use more than one computer on your Internet connection at a time. But if you have a smart router that actually receives all the packets from the outside world before your computers, it can figure out which packets should really go where inside your house. That way it can support many computers all at the same time by giving your computers local only addresses, then changing them back and forth from its own address as they go out to and come back from the Internet. This is called NAT, or Network Address Translation.

So why do I need to know this?

The way a NAT router works is to watch what your computer sends out to the Internet, and guess from that what to allow back into your computer, as well as what other data should be handed to your computer's address instead of perhaps your housemate's. This means that your computer cannot be a server for users outside of your local network because the router doesn't know what to do with packets in a conversation you didn't start, and so throws them away. This can be a problem with many network games, and with using DCC as a part of IRC (more on that later). With many routers you can tell them to pass particular 'conversation start' requests to a single computer inside your local area, and that may be suitable for fixing problems with one computer, but not others on your local network.

What about safety?

Since there are a lot of programs that are trying to abuse the rather open nature of the Internet, defenses are unfortunately needed. The type of defense that applies most specifically to the Internet is called a firewall. What a firewall does is sit between the Internet and the programs on your computer and examine every packet that tries to pass. If a packet looks suspicious or is not of a kind the firewall has been told to let through, it will throw the packet away, and optionally alert you that something it didn't recognize tried to use your net connection. A firewall can be a separate piece of hardware, or can be a software program running on your machine. In the case of a software firewall, another function that can be performed is the checking of programs that are allowed to send things out in the first place. If you install a new program, or update an old one, your firewall program might ask you if you really wish that program to use the Internet. This feature can be a large benefit for stopping viruses, trojan programs, and spyware.

Wait! What are all those evil sounding things?

Some of the types of malicious software that can attack your computer are:

• Viruses: which usually try to infect other computers and can accidentally or intentionally damage your data and hardware
• Trojan Programs: programs that you download or get from someone else that have hidden features that allow someone else to get into and use your computer without your knowledge
• Spyware: programs that report on things that you do with your computer to another person or company

A good firewall program will help stop these problems from getting into your computer, as well as help you detect when and if you get zapped. But they are only a first line of defense: you need to be safe using your computer as well.

Practice Safe Computing

In order to be reasonably safe while enjoying what the net has to offer, here are a few things to keep in mind always.

1. Be careful of what you put on your computer. This is really the biggest and most effective step, although the hardest. Don't download software from places you can't really trust. Always try to get things from the manufacturer or their mirrors.
2. Don't trust programs that just show up 'on your doorstep'. Your friend probably isn't meaning harm with that cute screensaver she emails you, but are you willing to bet she's taken enough care that it doesn't have a virus or other problem? For that matter, with all the mail viruses around, are you certain it's from her? As a general rule, don't send programs to others through email if you can help it, and don't open programs that get sent to you.
3. Use protective programs. Virus checkers and firewalls can be had for free or very cheap, especially considering the cost to you in time, lost data and frustration if your data gets destroyed. Also it's just being a good neighbor to others on the Internet, because it means your computer is much less likely to be a threat to others, even unintentionally.
4. Keep your programs up to date. Modern computer programs are very complex, and it's all to easy for mistakes to cause your computer to be vulnerable to a hostile program or another person on the Internet. If you keep your software upgraded, you make it much less likely that you will be taken advantage of, and are likely to have a better experience as well.
5. Use your computer: don't be used by it. Many software programs have features designed to 'help' you by making decisions for you, like whether or not to run programs or accept data of various types automatically. Don't fall into the habit of using them, and most specifically, don't get into the habit of just hitting the 'Okay' button when a dialog box pops up. Not every program is trustworthy, and there is a reason those dialog box questions exist... are you really sure you want to do that?

How Free is Free?

A number of programs recently are provided free so long as they are allowed to display adverts to you. Often that is fairly harmless. The program connects to it's home when you are online and displays random adverts within your application. An example of this would be Eudora, the free e-mail client.

But of course, not every company stops there. More active 'adware' not only stores adverts on your own hard drive, it also spies on your activities in order to tailor those adverts more closely to your interests. It does this by watching and recording everything in your favorites, internet history etc. and then updating it's database when you go online so that the ads are fairly certain to relate to your interests. In other words, somewhere on some (or several) database(s) is a record of all the things you like to do online. Do you feel comfortable with that? With your habits being analysed? With that data being sold to other people?

And of course, it doesn't even stop there. Companies who make a popular free program are often used to piggyback other applications onto your computer without you knowing, unless you read very carefully what is happening during installation. The latest plans come from companies that piggyback onto KaZaa in particular. For starters, the default is for KaZaa to install another six programs unless you tell it not to. Just click the OK button a few times and you end up with a lot of apps you didn't expect and a lot of agreements you didn't bother to read.

You did that? Then the agreement you electronically signed includes the ability for them to use your computer, without your knowledge and without paying you. That's right. If you agreed to the terms when you installed KaZaa then you gave BDE the right to use your hard drive to store data, use your internet connection to distribute it, use your computing power.... In fact, under their agreement, you have agreed for them to do anything they damn well feel like doing in the future up to and including copying every file on your computer and reading it. Why? Because you also agreed that they could change the functionality of their software and the terms under which you use it, without them actually bothering to tell you what they are doing.

Still feel comfortable with that?

If not, the most reliable way to remove such programs (known as parasites) is to use a free program called AdAware from Lavasoft. Oh, and even if you have never downloaded and installed a pice of adware, you can still have picked up a number of spies without knowing it, just by following a normal pattern of surfing the web.

IRC Specifics

Many IRC servers are also part of a 'network' of IRC servers, and so they send a copy of what you type to other servers on the same network as well so that they can pass your words along to their users. This allows a great many more people to be connected to the same network, but it also introduces some interesting new problems. The biggest is what is called by many a 'netsplit', where for what ever reason a server or group of servers can no longer talk to the rest of the network. When this happens, people on each side of the split can still talk to each other, but it will look like everyone else just quit all at once. IRC networks tend to be self healing, so if you wait a while, your server will reconnect with the other servers, and things will be as before. Or if you can't wait, you can always switch to another server on the same network.

Aaaaggh! I got killed!

Some people upon connecting will be informed from the server that they are not welcome on the network and are 'killed'. If this happens to you, make sure to read the 'kill message' carefully, as it will tell you why this is happening, and give ideas about what to do about it. Many IRC networks are now requiring ident replies or they will kill your connection, on the theory that many types of abuse rely on address spoofing or bouncing that would be impossible to have ident work with. So, if you're behind a NAT router or firewall, you'll need a way to make your computer's ident service contactable from the Internet in order to prevent being kicked.

The first thing to do is make sure your firewall will pass packets for the ident service. Tell it to allow port 113 for both TCP and UDP, and this should solve that problem. To get around the problem of having a server behind a NAT router, many routers have an ability to set what is called 'port forwarding'. This tells the router to take any requests for service from the Internet on a particular port or range of ports and send them to a single, specific computer. It doesn't affect conversations that start from inside your network, and it can't be used to provide the same service from many computers on your network, but it should be sufficient for almost all uses. Access your router settings, and add forwarding for port 113, TCP and UDP to the computer you will be using IRC from, and make sure your computer has ident spoofing turned on via your IRC software, or that it is running an ident server.

Slow as a tortoise?

Another concern for many IRC users is what is called by many 'lag'. Lag is the delay between when a person types something, and when another person sees it. Lag is a byproduct of the way that the internet in general works, for reasons that will be discussed below, and can never be totally eliminated, but it should be almost unnoticeable in most cases. Remember that a packet to the server may pass through many other computers, and if they are overloaded, it may meet with large delays. Also, of course there might be delays in the relays between the IRC servers too.

One can measure 'lag' by using the '/ping' command, but to understand what it tells you, you should understand the process. A ping measures the round trip time it takes for a packet to get from your computer to the target, and back. In the case of IRC, if you and the person you are pinging are on different servers, the ping message actually has to pass from you, to your server, through all of the servers in between, then finally to the other person before returning. This can explain why you can get vastly different results if you and another person both ping a third person at the same time. Also, pinging yourself can be very useful, as it will show you the amount of delay to the server you are currently connected to. If it's too much, you can then consider switching to another server.

DCCWHAT?

A common method of chatting privately via IRC without having to worry about netsplits, as well as for transferring files is called DCC (Direct Client Connect). The way it works is the initiator of the transaction (chat or file send/receive) sends a special sort of private message to the recipient, containing the type and the initiator's network address, and then sets itself up as a server for the type of transaction. The recipient reads the address, and then tries to connect as a client.

With this knowledge, it can be seen how firewalls and NAT routers can be problems for these services. As the initiator has to be a server (has to listen for the other side to start the direct conversation), a NAT router on the initiator's side will see a packet for a conversation it doesn't know about, and throw it away. Also, firewalls on both ends have to be willing to allow packets of rather random ports through (although most IRC software allows you to set a pre-defined range of ports to use, there is no standardized port number for DCC services). This is why you may be able to receive chats and files from friends, yet are unable to start a chat with another person, or send files.

The same solution that applied to ident can be used here as well. Make your IRC software use a narrow range of ports with a fairly high number (say, 8000 to 8500), and set your firewall to pass those packets, and set port forwarding for that range as well.

BACK