Is it possible to setup network-wide server-ban?

These are old archives. They are kept for historic purposes only.
Post Reply
core
Posts: 17
Joined: Sun Jul 02, 2006 10:51 pm

Is it possible to setup network-wide server-ban?

Post by core » Tue Oct 31, 2006 7:25 pm

If we had some abusive server, and it allready has C/N lines on some amount of hubs (in the same network), is there some way to ban this abusive server network-wide, before hub-s administrators will remove conf entries?

Yes, i know that services can "jupe" server, but if i place the jupe, one of hubs after that temporarily disconnects from the network, and that abusive server connects to temporarily-separated hub - after that is jupe is present - hub will unable to connect to the network while juped server linked to it - which result possibly long network slpit.

Is there way to remotely ban network-wide, some server? some sort of "server q-lines", etc?

Jobe
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Post by Jobe » Tue Oct 31, 2006 7:29 pm

I dont know if a GZline will work but i know ZLines are supposed to block servers connecting too since they reject the connection based on the origanating IP not what data it sends. So in theory GZlines should but i dont know.

core
Posts: 17
Joined: Sun Jul 02, 2006 10:51 pm

Post by core » Tue Oct 31, 2006 7:50 pm

Jobe1986 wrote:I dont know if a GZline will work but i know ZLines are supposed to block servers connecting too since they reject the connection based on the origanating IP not what data it sends. So in theory GZlines should but i dont know.
thank you for your reply, yes, gzline (szline in services) - actually network-widely bans ip-address, but only ip-address not server name, - for example - if server uses dynamic-ip for linking (hostname "*") - gzline will not help. only if i ban entire subnet....

Jobe
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Post by Jobe » Tue Oct 31, 2006 8:16 pm

Then maybe it might be an idea for a module or even feature request to extend ZLines and GZlines so that if you provide a host name instead of an IP then it looks up that host name and caches the IP it returns and periodically updates the cached IP so you could for example use a no-ip.com od dyndns.com dynamic DNS host name.

core
Posts: 17
Joined: Sun Jul 02, 2006 10:51 pm

Post by core » Tue Oct 31, 2006 9:00 pm


aquanight
Official supporter
Posts: 862
Joined: Tue Mar 09, 2004 10:47 pm
Location: Boise, ID

Post by aquanight » Tue Oct 31, 2006 9:11 pm

It helps to not link servers like this in the first place (and hostname * is already a bad idea for more reasons than just this).

One possible resolution to this is to remove the jupe, let the network rejoin, squit off the bad server (necessary only if your servs choke on squitting a present server - most decent ones don't), then re-jupe it. NOOP can also help, and gzlining the ip block would work as a drastic solution.

Also, deny link{} and ban server{} blocks could help, but they have the same potential problem as juping (one leg that won't let go of the bad server ends up split off for a long time).

Post Reply