SLIRC
SECURITY CHECK INFORMATION 20 MAY 2007
Welcome to the StarLink-IRC Security Check Information Page
If you have READ the information below
and taken the appropriate action
but still cannot connect, you can send email to abuse@starlink-irc.org

New2Chat

CERT HOME COMPUTER SECURITY - Home PC Security made easy!

Free HOUSECALL Virus Scan
 http://housecall.antivirus.com/housecall/start_corp.asp

 
PAGE CONTENTS
 
Greetings and Introduction and our Security Check Policy
Three Steps to Securing your PC
LINUX User Information
PROXY Configuration
Connect - ROUTERS AND BROADBAND


ONNECT PROBLEMS: DIRECPC WIN XP and OTHERS  including DCC
<><>SP2 "Limited Connectivity" problems - Microsoft article
<>Windows XP Configure the XP firewall to allow IRC
<><> General Problems Connecting - AOL, DSL and CABLE Users or anyone who can connect ot OTHER nets but can't get to Starlink-IRC
 CABLE and DSL - Timeouts
CERT Home Computer Security - a MUST READ

DIRECPC Users

 
  Greetings!

You have most likely been sent to this page because our check-in service has determined that your network connection may be vulnerable to attack by a malicious user. Don't worry! If you follow the steps outlined below, you'll be back in no time at all.


Security Check Policy

We, the staff of StarLink-IRC, take your privacy and security VERY seriously. The results of our check-in tests are not logged by our servers or the checking software. This entire service is designed for your protection.

What Tristar does -

If your firewall announced that you have received an "attack" from a trojan horse or virus such as back orifice or netbus .. it is incorrect. This isn't unusual, most firewalls and security programs cry 'wolf' before they bother to actually check anything.

Since trojan horse programs are dangerous to our net as well as your pc, we try to prevent them from connecting. We do this by checking to see if your pc appears to accept a connection on ports known to be used by trojans. If a trojan is known to listen on port 12345, we check that port to see if your pc answers. A normal pc will not .. one that is compromised by a trojan or has a firewall that is answering for you will. Some firewalls will 'listen' to try to find out more about what is happening. The bad news is that by doing so they look from our end exactly like the trojan we are trying to detect.

WE DO NOT MAKE INVASIVE SCANS .. so we can't tell if its a firewall or a trojan and we're sure you wouldn't want us to try anyway. There are websites that can help with that problem.

The point here is, Tristar issues a plain warning about what is happening when you connect to our network. The ONLY time we check is when you connect to StarLink-IRC. If the check worries you that much, then simply don't connect and it won't happen. You are NOT being 'attacked' by a trojan no matter what your firewall says. Firewalls announce what they are programmed to announce, there are no little people in there who actually read things like IRC network connect messages or even dig to find out if its a real trojan or not.

In principle, we do not like the idea of checking user connections. While many other chat networks have been doing connection scanning for months, we have tried, without success, to come up with some other method of safeguarding the network and users. However, it has sadly become a necessary evil due to the recent growth in the volume and severity of attacks exploiting these vulnerabilities.

We sincerely apologize for any inconvenience this may cause.

 
  If you already have a "firewall" (especially Nukenabber), this is important.

Nukenabber, Lockdown, and similar products are commonly known as "port listeners" .. they do their job by 'listening' on specific connections (ports) for commands. Unfortunately, that is exactly what malicious code, viruses, and the like also do. The only difference is what happens after: a 'firewall' receives it and just throws it away, a malicious program receives it and hands control of your system to somebody without you even knowing.


When you use a true firewall, like Zone Alarm, it builds a 'wall' preventing access to or from your computer without your direct permission. When you use software, it makes a 'hole' in the firewall so it can do what it's supposed to. Being a software program, a port listener obviously operates the same way.

By running a firewall and a listener, you plug the holes and then reopen them. Does that make a lot of sense?

To use StarLink-IRC, you will have to either turn off the listener application or disable listening on any ports that you get warned about. See instructions here abut changing NukeNabber

Click here for information about firewalls and ports

 
 
Three Steps to Making Your System Safe
1 [Step 1] Run a virus scan

Hopefully you've already purchased anti-virus software, you should never be without it when using the Internet. If you haven't, here are a few links to various popular anti-virus packages - any of which will suffice (and some are free!)

There is a very good virus description database at F-Secure

F-Prot (Free) AVG Anti-Virus (Free) InoculateIT Personal Edition Norton AntiVirus 2001McAfee.com VirusScan Online

Once you have an anti-virus package, make absolutely sure that you have the latest virus signatures. Each software package will handle the update a bit differently - see the software's users guide for more information.

If you have SubSeven (a PARTICULARLY nasty trojan), check these links:

F-secure site (free) Black Ice site

Another informative site about Trojans:

Trojan Port Table and Information

Once you have the latest virus signatures, run a full scan. Scan everything - and we mean EVERYTHING - that your software will scan. Don't leave anything unscanned and left to chance. Allow that to finish before you continue to ...

2 [Step 2] Download and install ZoneAlarm

If you're connected to the Internet, you're going to want a firewall. Even if you have a hardware firewall, you'll want to install ZoneAlarm (it is free!)

You can download the free version (or the paid "Pro" package if any of the advanced features interest you). The free version should suffice for most people.

Read the ZoneAlarm documentation thoroughly. While this product is extremely easy to install and use, you'll want to understand the basic concepts before you start the configuration process.

Once you have ZoneAlarm installed, your computer will no longer allow connections to or from it without your express permission. Of course, you will want to allow certain common applications (Internet Explorer, mIRC, etc.) to access the Internet. You may be surprised at what you find coming both into and out of your system without your knowledge!

You WILL see a lot of activity messages like "Zone Alarm has blocked access to your computer from xxxxxxxxx" Don't be concerned right away, all you are seeing is traffic that your system has always been getting .. you just didn't know it. Watch ZA work for a while and you will see what is 'normal' for your situation.

3 [ Step 3] Reconnect to StarLink-IRC

... with the knowledge that you're not only making your system and the network that it lies on safer, but StarLink-IRC a nicer place to visit.

 
  WINDOWS XP USERS

XP Service Pack 2 - Limited Connectivity

If you recently upgraded to XP  SP2, you may encounter a "limited or no connectivity" error message that prevents you from getting online. Microsoft has a knowledge base article on the issue but we have not tested it ourselves .

http://www.windows-help.net/WindowsXP/troub-13.htm
http://www.microsoft.com/downn  Knowledge base article.


If you use Windows XP, you may have problems connecting to IRC. This is due to the Internet Connection Firewall (ICF) that ships with XP. You may need to turn ICF off in order to chat. You can install Zone Alarm, a very good firewall, as a replacement. To disable the firewall, follow these steps. (Or go see the microsoft XP website for more information.)


To disable Internet Connection Firewall

Open Network Connections (Click Start, click Control Panel, and then double-click Network Connections.) Click the Dial-up, LAN or High-Speed Internet connection that you want to protect. Under Network Tasks, click "Change settings of this connection". On the Advanced tab, under "Internet Connection Firewall": Clear the "Protect my computer and network by limiting or preventing access to this computer from the Internet" check box.

While we don't recommend it, if you REALLY insist on using the XP ICF anyway, you can probably connect if you add port 113 to the firewall. (Port 113 is for the "IDENT" function).

On the same tab as above, but below where you clear ICF:

click on "add" First line put : ircchat Second line put: 127.0.0.1 Third line put : 113Fourth line put: 113

(Note: You still won't be able to DCC send if ICF is enabled but you will be able to connect)

 
  CONNECT PROBLEMS

DCC PROBLEMS WITH ROUTERS by birdman (Keith)

www.new2chat.com

IRC AND ROUTERS   IRC AND BROADBAND

CONNECT PROBLEMS - IDENT

If you have a problem connecting to SL-IRC but not to other nets, the problem could be IDENT settings. This happens if the ISP is slow, or for some reason port 113 (IDENT) is slow or being blocked between our servers and your client.

This explains why you might be able to connect to some nets but not Starlink-IRC. Not all nets block certain combinations of upper/lower characters and numbers, although many do.

Some users (particularly AOL) have reported problems connecting to SL-IRC. One cause for this seems to be IDENT services being either badly lagged or blocked somewhere in AOL's routing networks. The cause: When IDENT is running, the information in the IDENT tab is what is returned when you connect to the server. For Example if you have the following settings: IDENT: ircuser EMAIL: myEmailName876@.aol.com

If you connect and IDENT works, your 'whois' becomes: ircuser@1234.ipt.aol.com

BUT

If you connect and IDENT does NOT work, your client will pick up your email address and your "whois" becomes: myEmailName876@1234.ipt.aol.com

The problem is, certain combinations of upper/lower case and/or numbers are blocked from connecting by the server software - so if your email setting is upper/lower/numeric, when it gets picked up during connection, you can't connect.

GENERAL FIX:

Make sure your email setting in your client (e.g. mIRC) is something simple like mynick@aol.com. That way if IDENT stops working, your userid (the part to the left of the @ in your whois info) becomes "mynick".

CONNECT PROBLEMS - CABLE AND DSL FIXES

If you have a new (or changed) DSL or cable connection and are getting timeouts. Try setting the retry waiting period to 320 seconds or so. (in mIRC, look in File.connect.options in the "When connecting" box "If not connected in __" option.)

Try powering down the DSL or CABLE modem and the PC for about a minute. Then power back up and that may fix the problem.


CONNECT PROBLEMS - PROXY WARNING - DIRECPC USERS

DIRECPC USERS
If you are having difficulty by being hit with a proxy warning when connecting to StarLink-IRC

FIND YOUR PROXY
1) Open a trouble ticket with your DirecPC tech support
2) Tell them you need to use their proxy to IRC
3) If that isn't successful, tell them that cookies don't work and you need to use the proxy.

SETUP mIRC
in connection/firewall...
1) set firewall support to both, protocol to proxy
2) hostname is the ip addy that you get from direcpc
3) port is 3128

SETUP Macintosh OS X-Chat Aqua
For Mac OS X users (Intel), the client is called X-Chat Aqua.
in Preferences/Network/Network Setup put the proxy address in the proxy server field.
Use Proxy port 3128.
Proxy type is HTTP.

Proxy IPs that may work:
69.19.14.10

credit for this solution to BobAZ of #sciastro

 
  LINUX USERS  Updated 5/20/2007

While it is doubtful that you will ever actually have a virus issue similar to Windows users, we  are providing some information here that might be useful. Since ZoneAlarm is unavailable to you, we suggest you look at ipfwadm/ipchains (depending on the version of your kernel), this can be used with IP masquerading as well.

IPFWADM FAQ Linux IPCHAINS HowTo
Netfilter (for 2.4)
Also

F-Prot and AVG make Linux scanners that work much like their Windows versions but are not as complex.  See
http://free.grisoft.com for AVG
http://www.f-prot.com/  which has Linux, FreeBSD and Sun versions listed

We hope this helps!

 
  PROXY USERS  

Undernet has an excellent page for properly configuring your PROXY server.

 
©2007 StarLink-IRC.org All Rights Reserved
Valid HTML.