Techie question: someone explain IP masking to me

[Ms2001]

Bill H.:

Mr2001 wrote
True. But IRC spoofing is in the application layer, and TCP spoofing is in the transport layer. They’re very different as far as how they’re done, what they accomplish, and how they’re prevented.

I’ve been writing IRC clients, servers, and bots for 7 years, and I’m not aware of any IRC spoofing that can be done at the application level (other than social engineering - stealing or guessing an operator’s password, etc.).

The spoof protection on IRC servers simply verifies that the client is receiving data from the server, and the only way I can see that a client would be able to send but not receive is if it’s using a spoofed TCP connection. Do you know of any other explanations?

[Bill_H]

Mr2001 wrote

I’ve been writing IRC clients, servers, and bots for 7 years, and I’m not aware of any IRC spoofing that can be done at the application level (other than social engineering - stealing or guessing an operator’s password, etc.).

The spoof protection on IRC servers simply verifies that the client is receiving data from the server, and the only way I can see that a client would be able to send but not receive is if it’s using a spoofed TCP connection. Do you know of any other explanations?

At first I assumed you were referring to a feature in some networks and channels that is used to keep bots out. The enforcing network server or bot sends a pm to a new visitor saying “please reply back with this number: 12345” (except it’s some random number instead of 12345). If the client responds back appropriately he’s allowed in, if not, he’s booted.

This is implemented in the application layer (i.e. in the application itself, not down in the stack where TCP, IP, ethernet drivers, etc. live). In other words, when the server sends that message, and when the client replies, the message is it’s own sort of protocol which is passed over the IRC protocol (an application layer protocol), which sends it through TCP (a transport layer protocol), which sends it through IP (a network layer protocol), which sends it through ethernet (a datalink protocol) and out the wire.

But perhaps you were referring to a security feature of some servers and clients where after registration, the Server sends the Client an IRC ping containing a random number. The Client is required to send back an IRC pong message containing the same number, or he’ll be booted.

This was put in place to make blind spoofing more difficult. It is implemented at the Application layer to prevent a problem at the Network layer. It’s worth noting again however that blind TCP spoofing has been rare for some time as most stacks do their best to prevent it. There are bugs found and exploited now and then, like any other software, but a general solution (random sequence numbers) was implemented in all stacks long ago.