Detect VPN

[TTB]

Hi,

Is it possible to detect users who connect by VPN?

My hub is IPranged, and ppl can enter the hub because they have a good HubIP, but if they use VPN, their HubIP is the same. I only can trace ppl who use it by connecting them with a client ( userIP != hubIP ).

Is there a way to detect it with LUA scripting (PtokaX) or is that impossible?

gr. TTB.

[TTB]

I dont think there is a definitive way to do this.
But we could perhaps check the clients port usage ie. 1701, 1723 500 etc...
May I ask why you want to detect these users?

I want to detect those users, because my hub is IPranged (for users with more bandwith). With VPN they can enter the hub with lower bandwith and with an IP what I can not detect (only manually).

[TTB]

Something like this should be it... Thanx plop for the advice!

-- Simple VPN detector by TTB
-- Thanx plop for the concept!
-- 16 juni 2006
----------------------------------------
bot = "VPN-detector"

function ConnectToMeArrival(curUser,data)
	local s,e,ip = string.find(data, "(%S+):%d+|$")
	if ip ~= curUser.sIP then
		SendPmToOps(bot,"VPN? -> UserIP = "..curUser.sIP.."? ConnectIP = "..ip)
	end
end

[bastya_elvtars]

Something like this should be it... Thanx plop for the advice!

-- Simple VPN detector by TTB
-- Thanx plop for the concept!
-- 16 juni 2006
----------------------------------------
bot = "VPN-detector"

function ConnectToMeArrival(curUser,data)
	local s,e,ip = string.find(data, "(%S+):%d+|$")
	if ip ~= curUser.sIP then
		SendPmToOps(bot,"VPN? -> UserIP = "..curUser.sIP.."  ConnectIP = "..ip)
	end
end

This also disconnects users who are behind a NAT and have an internal IP as user IP.

[TTB]

-- Simple VPN detector by TTB
-- Thanx plop for the concept!
-- 16 juni 2006
----------------------------------------
bot = "VPN-detector"

SafeIP = {
	["192.168.0."]=1,
	["192.168.1."]=1,
	["10.0.0."]=1,
	["10.0.1."]=1,
}

function ConnectToMeArrival(curUser,data)
	local s,e,ip = string.find(data, "(%S+):%d+|$")
	if ip ~= curUser.sIP then
		for a,b in pairs(SafeIP) do
			if string.find(ip,a,1,false) then
				if not curUser.bOperator then
					SendPmToOps(bot,frmHub:GetHubName().." ---> Nick = "..curUser.sName.."? UserIP = "..curUser.sIP.."? ConnectIP = "..ip)
				end
			end
		end
	end
end

function OnError(ErrorMsg)
	SendPmToOps(bot,"[ERROR] "..frmHub:GetHubName().." ---> "..ErrorMsg)
end

Solved bastya?? :

[bastya_elvtars]

172.16.*.* (unsure)
and it's 10.*.*.*
and 192.168.*.*

[TTB]

I created it that only a and b should be entered in the table. The 10.x.x.x can't be done with this. I like it now the way it has been done.

-- Simple VPN detector by TTB
-- Thanx plop for the concept!
-- 16 juni 2006
----------------------------------------
bot = "VPN-detector"

SafeIP = {
	["192.168"]=1,
	["10.0"]=1,
}

function ConnectToMeArrival(curUser,data)
	local s,e,ip = string.find(data, "(%S+):%d+|$")
	if ip ~= curUser.sIP and not curUser.bOperator then
		for a,b in pairs(SafeIP) do
			if string.find(curUser.sIP,a,1,false) then
				local _,_,w,x,y,z = string.find(curUser.sIP, "(%d*).(%d*).(%d*).(%d*)")
				local _,_,ww,xx = string.find(a, "(%d*).(%d*)")
				w = tonumber(w)
				x = tonumber(x)
				ww = tonumber(ww)
				xx = tonumber(xx)
				if w ~= ww and x ~= xx then
					SendPmToOps(bot,frmHub:GetHubName().." ---> Nick = "..curUser.sName.."  UserIP = "..curUser.sIP.."  ConnectIP = "..ip)
				end
			end
		end
	end
end

function OnError(ErrorMsg)
	SendPmToOps(bot,"[ERROR] "..frmHub:GetHubName().." ---> "..ErrorMsg)
end

[GeceBekcisi]

RFC-1918 and RFC-3330 private address spaces:

• 127.0.0.0/8 --> 127.0.0.0 - 127.255.255.255
• 10.0.0.0/8 --> 10.0.0.0 - 10.255.255.255
• 172.16.0.0/12 --> 172.16.0.0 - 172.31.255.255
• 192.168.0.0/16 --> 192.168.0.0 - 192.168.255.255

So, I couldn't resist touching...

-- Simple VPN detector by TTB
-- Thanx plop for the concept!
-- 16 juni 2006
-- Touched by GeceBekcisi (2006-06-15)
----------------------------------------
bot = "VPN-detector"

-- Safe IP table with decimal forms of some IP ranges, decimal forms are precalculated to save some CPU clocks :)
SafeIP = {
	{2130706432, 2147483647},? -- 127.0.0.0,127.255.255.255
	{167772160,184549375},? -- 10.0.0.0,10.255.255.255
	{2886729728,2887778303},? -- 172.16.0.0,172.31.255.255
	{3232235520,3232301055},? -- 192.168.0.0,192.168.255.255
}

function ConnectToMeArrival(curUser,data)
	if not curUser.bOperator then
		local _,_,sIP = string.find(data,"$ConnectToMe%s+%S+%s+(%d+%.%d+%.%d+%.%d+):%d+|")
		if sIP and sIP ~= curUser.sIP then
			local DecIP = IPtoDEC(sIP)
			for Index,Table in ipairs(SafeIP) do? -- (Newbie hint: With this notation, "SafeIP[Index]" equals to "Table")
				if not (DecIP > Table[1] and DecIP < Table[2]) then
					SendPmToOps(bot,frmHub:GetHubName().." ---> Nick = "..curUser.sName.."? UserIP = "..curUser.sIP.."? ConnectIP = "..sIP)
				else
					curUser:SendData(bot,"Your active mode IP address ("..sIP..") is incorrect, please correct it as ("..curUser.sIP..") and then reconnect.")
				end
			end
		end
	end
end

function OnError(ErrorMsg)
	SendPmToOps(bot,"[ERROR] "..frmHub:GetHubName().." ---> "..ErrorMsg)
end

function IPtoDEC(sIP)
	if sIP then
		local _,_,a,b,c,d = string.find(sIP, "^(%d+)%.(%d+)%.(%d+)%.(%d+)$")
		return a*16777216 + b*65536 + c*256 + d
	end
end

[TTB]

thanx!  ;D

[bastya_elvtars]

Maybe you should check on active searches as well. And thanks to GB for correcting me.

[GeceBekcisi]

Another touch...

-- Simple VPN detector by TTB
-- Thanx plop for the concept!
-- 16 juni 2006
-- Touched by GeceBekcisi (2006-06-15)
-- Added active search IP checking by GeceBekcisi (2006-06-16)
----------------------------------------
bot = "VPN-detector"

-- Safe IP table with decimal forms of some IP ranges, decimal forms are precalculated to save some CPU clocks :)
SafeIP = {
	{2130706432, 2147483647},  -- 127.0.0.0,127.255.255.255
	{167772160,184549375},  -- 10.0.0.0,10.255.255.255
	{2886729728,2887778303},  -- 172.16.0.0,172.31.255.255
	{3232235520,3232301055},  -- 192.168.0.0,192.168.255.255
}

function ConnectToMeArrival(curUser,data)
	if not curUser.bOperator then
		local _,_,sIP = string.find(data,"$ConnectToMe%s+%S+%s+(%d+%.%d+%.%d+%.%d+):%d+|")
		if sIP then return CheckUser(curUser,sIP) end
	end
end


function SearchArrival(curUser, data)
	if curUser.bActive and not curUser.bOperator then
		local _,_,sIP = string.find(Data, "$Search (%d+%.%d+%.%d+%.%d+):%d+%s+%a%?%a%?%d+%?%d+%?.*|")
		if sIP then return CheckUser(curUser,sIP) end
	end
end

function OnError(ErrorMsg)
	SendPmToOps(bot,"[ERROR] "..frmHub:GetHubName().." ---> "..ErrorMsg)
end

function CheckUser(curUser,sIP)
	if curUser and sIP and sIP ~= curUser.sIP then
		local DecIP = IPtoDEC(sIP)
		for Index,Table in ipairs(SafeIP) do  -- (Newbie hint: With this notation, "SafeIP[Index]" equals to "Table")
			if not (DecIP > Table[1] and DecIP < Table[2]) then
				SendPmToOps(bot,frmHub:GetHubName().." ---> Nick = "..curUser.sName.."  UserIP = "..curUser.sIP.."  ConnectIP = "..sIP)
			else
				curUser:SendData(bot,"Your active mode IP address ("..sIP..") is incorrect, please correct it as ("..curUser.sIP..") and then reconnect.")
				return 1
			end
		end
	end
end

function IPtoDEC(sIP)
	if sIP then
		local _,_,a,b,c,d = string.find(sIP, "^(%d+)%.(%d+)%.(%d+)%.(%d+)$")
		return a*16777216 + b*65536 + c*256 + d
	end
end

[TTB]

Thank you GeceBekcisi, bastya_elvtars, Mutor and Plop.?

@ GeceBekcisi => You made a little typo in the last script:

local _,_,sIP = string.find(Data, "$Search (%d+%.%d+%.%d+%.%d+):%d+%s+%a%?%a%?%d+%?%d+%?.*|")

should be:

local _,_,sIP = string.find(data, "$Search (%d+%.%d+%.%d+%.%d+):%d+%s+%a%?%a%?%d+%?%d+%?.*|")

It is the "data".


I've also seen when ppl don't enter their correct IP in their settings, it will also be seen as VPN. Users who will use this script should be aware of that.

[TTB]

Updated the script, now you get 1 message, not 4 when 4 are in table!

-- Simple VPN detector by TTB
-- Thanx plop for the concept!
-- 16 juni 2006
-- Touched by GeceBekcisi (2006-06-15)
-- Added active search IP checking by GeceBekcisi (2006-06-16)
----------------------------------------
bot = "VPN-detector"

-- Safe IP table with decimal forms of some IP ranges, decimal forms are precalculated to save some CPU clocks :)
SafeIP = {
	{2130706432, 2147483647},  -- 127.0.0.0,127.255.255.255
	{167772160,184549375},  -- 10.0.0.0,10.255.255.255
	{2886729728,2887778303},  -- 172.16.0.0,172.31.255.255
	{3232235520,3232301055},  -- 192.168.0.0,192.168.255.255
}

function ConnectToMeArrival(curUser,data)
	if not curUser.bOperator then
		local _,_,sIP = string.find(data,"$ConnectToMe%s+%S+%s+(%d+%.%d+%.%d+%.%d+):%d+|")
		if sIP then return CheckUser(curUser,sIP) end
	end
end


function SearchArrival(curUser, data)
	if curUser.bActive and not curUser.bOperator then
		local _,_,sIP = string.find(data, "$Search (%d+%.%d+%.%d+%.%d+):%d+%s+%a%?%a%?%d+%?%d+%?.*|")
		if sIP then return CheckUser(curUser,sIP) end
	end
end

function OnError(ErrorMsg)
	SendPmToOps(bot,"[ERROR] "..frmHub:GetHubName().." ---> "..ErrorMsg)
end

function CheckUser(curUser,sIP)
	if curUser and sIP and sIP ~= curUser.sIP then
		local DecIP = IPtoDEC(sIP)
		local a = 0
		for Index,Table in ipairs(SafeIP) do  -- (Newbie hint: With this notation, "SafeIP[Index]" equals to "Table")
			if not (DecIP > Table[1] and DecIP < Table[2]) then
				a = 0
			else
				a = a + 1
			end
		end
		if a == 0 then
			SendPmToOps(bot,frmHub:GetHubName().." ---> Nick = "..curUser.sName.."  UserIP = "..curUser.sIP.."  ConnectIP = "..sIP.."   Possible (VPN)violation -> PLEASE (SPEED)CHECK!")
		else
			--curUser:SendData(bot,"Your client's IP is incorrectly configured. Enter the correct one in the IP field in your client settings or try passive mode. Your current ip is: "..curUser.sIP)
			SendPmToOps(bot,frmHub:GetHubName().." ---> Nick = "..curUser.sName.."  UserIP = "..curUser.sIP.."  ConnectIP = "..sIP.."   *SAFE*")
			return 1
		end
	end
end

function IPtoDEC(sIP)
	if sIP then
		local _,_,a,b,c,d = string.find(sIP, "^(%d+)%.(%d+)%.(%d+)%.(%d+)$")
		return a*16777216 + b*65536 + c*256 + d
	end
end