Proxy Monitor Information for Users of the DALnet IRC Network
What is a proxy monitor?
DALnet operates a system which checks the IP addresses of users connecting to our service for open proxies. These can be used to spoof connections and generally abuse our network and are therfor prohibited on DALnet. They are also a security risk if installed on a user's PC without their knowledge.
I get k-lined with a message similar to 'K-Lined: Open proxy found on your host' when I try to connect. Help!
This message indicates that our proxy monitor system has determined your IP address may be open to abuse. You must take action to correct the problem before you will be able to connect to DALnet. What action you take depends on the exact content of the message as there are a number of possible problems we check for.
- If the message you see contains the address http://kline.dal.net/exploits/proxysec.html it indicates we have detected an open proxy or insecure router configuration on your IP address. Please see this page for help with the issue. When the issue is resolved you will be able to connect to DALnet normally, no further action is required.
- If the message contains the address http://cbl.abuseat.com then your IP address is listed on the Composite Blocking List. Visit the URL given in the message for full information about why the address is listed. In particular, be aware that the CBL lists hosts which are vulnerable to a commonly exploited Windows security problem, so please ensure your PC is fully up to date with all the latest service packs and hotfixes from http://windowsupdate.microsoft.com . Once you have resolved the problem you will need to follow the removal instructions given on the CBL page and wait for this to be processed before you will be able to connect to DALnet. Note that you must fix the problem before trying to delist your IP or it will not be removed from the list!
- If the message contains the address http://www.njabl.org then your IP is listed on the NJABL Blocking List. Visit the URL given in the message for full information about why the address is listed. When you have resolved the problem, follow the instructions given on the NJABL page to remove your IP from the list. Note that you must fix the problem before trying to remove your IP from the list or the removal will fail.
Points to note
None of these list block addresses for simply being dynamically assigned, for belonging to a specific region or for belonging to a specific service provider. They only list addresses which meet the very specific criteria laid down by the list maintainers. We further check the output returned from the lists in order to ensure that only those hosts which are listed as running insecure proxy servers or as being vulnerable to certain well known and widely exploited windows vulnerabilities are affected.
DALnet has NO control over the content of the lists and our staff cannot add or remove addresses from them. Nor can we exempt users or IP ranges from checking by the proxy monitor system, if you do not wish your host checked by our proxy monitors please do not connect to DALnet.
The specific windows vulnerability currently being checked for is MS06-040, the full details of which you can find here : http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx
The lists in use on DALnet at present are :
http://njabl.org - Not Just Another Bogus Blocklist
http://cbl.abuseat.org - Composite Block List
