Hi,
Is it possible to detect users who connect by VPN?
My hub is IPranged, and ppl can enter the hub because they have a good HubIP, but if they use VPN, their HubIP is the same. I only can trace ppl who use it by connecting them with a client ( userIP != hubIP ).
Is there a way to detect it with LUA scripting (PtokaX) or is that impossible?
gr. TTB.
Quote from: Mutor on 12 May, 2006, 21:05:34
I dont think there is a definitive way to do this.
But we could perhaps check the clients port usage ie. 1701, 1723 500 etc...
May I ask why you want to detect these users?
I want to detect those users, because my hub is IPranged (for users with more bandwith). With VPN they can enter the hub with lower bandwith and with an IP what I can not detect (only manually).
Something like this should be it... Thanx plop for the advice!
-- Simple VPN detector by TTB
-- Thanx plop for the concept!
-- 16 juni 2006
----------------------------------------
bot = "VPN-detector"
function ConnectToMeArrival(curUser,data)
local s,e,ip = string.find(data, "(%S+):%d+|$")
if ip ~= curUser.sIP then
SendPmToOps(bot,"VPN? -> UserIP = "..curUser.sIP.."? ConnectIP = "..ip)
end
end
Quote from: TTB on 15 June, 2006, 14:11:59
Something like this should be it... Thanx plop for the advice!
-- Simple VPN detector by TTB
-- Thanx plop for the concept!
-- 16 juni 2006
----------------------------------------
bot = "VPN-detector"
function ConnectToMeArrival(curUser,data)
local s,e,ip = string.find(data, "(%S+):%d+|$")
if ip ~= curUser.sIP then
SendPmToOps(bot,"VPN? -> UserIP = "..curUser.sIP.." ConnectIP = "..ip)
end
end
This also disconnects users who are behind a NAT and have an internal IP as user IP.
-- Simple VPN detector by TTB
-- Thanx plop for the concept!
-- 16 juni 2006
----------------------------------------
bot = "VPN-detector"
SafeIP = {
["192.168.0."]=1,
["192.168.1."]=1,
["10.0.0."]=1,
["10.0.1."]=1,
}
function ConnectToMeArrival(curUser,data)
local s,e,ip = string.find(data, "(%S+):%d+|$")
if ip ~= curUser.sIP then
for a,b in pairs(SafeIP) do
if string.find(ip,a,1,false) then
if not curUser.bOperator then
SendPmToOps(bot,frmHub:GetHubName().." ---> Nick = "..curUser.sName.."? UserIP = "..curUser.sIP.."? ConnectIP = "..ip)
end
end
end
end
end
function OnError(ErrorMsg)
SendPmToOps(bot,"[ERROR] "..frmHub:GetHubName().." ---> "..ErrorMsg)
end
Solved bastya?? ::)
172.16.*.* (unsure)
and it's 10.*.*.*
and 192.168.*.*
8)
I created it that only a and b should be entered in the table. The 10.x.x.x can't be done with this. I like it now the way it has been done.
-- Simple VPN detector by TTB
-- Thanx plop for the concept!
-- 16 juni 2006
----------------------------------------
bot = "VPN-detector"
SafeIP = {
["192.168"]=1,
["10.0"]=1,
}
function ConnectToMeArrival(curUser,data)
local s,e,ip = string.find(data, "(%S+):%d+|$")
if ip ~= curUser.sIP and not curUser.bOperator then
for a,b in pairs(SafeIP) do
if string.find(curUser.sIP,a,1,false) then
local _,_,w,x,y,z = string.find(curUser.sIP, "(%d*).(%d*).(%d*).(%d*)")
local _,_,ww,xx = string.find(a, "(%d*).(%d*)")
w = tonumber(w)
x = tonumber(x)
ww = tonumber(ww)
xx = tonumber(xx)
if w ~= ww and x ~= xx then
SendPmToOps(bot,frmHub:GetHubName().." ---> Nick = "..curUser.sName.." UserIP = "..curUser.sIP.." ConnectIP = "..ip)
end
end
end
end
end
function OnError(ErrorMsg)
SendPmToOps(bot,"[ERROR] "..frmHub:GetHubName().." ---> "..ErrorMsg)
end
RFC-1918 and RFC-3330 private address spaces:
• 127.0.0.0/8 --> 127.0.0.0 - 127.255.255.255
• 10.0.0.0/8 --> 10.0.0.0 - 10.255.255.255
• 172.16.0.0/12 --> 172.16.0.0 - 172.31.255.255
• 192.168.0.0/16 --> 192.168.0.0 - 192.168.255.255
So, I couldn't resist touching...
-- Simple VPN detector by TTB
-- Thanx plop for the concept!
-- 16 juni 2006
-- Touched by GeceBekcisi (2006-06-15)
----------------------------------------
bot = "VPN-detector"
-- Safe IP table with decimal forms of some IP ranges, decimal forms are precalculated to save some CPU clocks :)
SafeIP = {
{2130706432, 2147483647},? -- 127.0.0.0,127.255.255.255
{167772160,184549375},? -- 10.0.0.0,10.255.255.255
{2886729728,2887778303},? -- 172.16.0.0,172.31.255.255
{3232235520,3232301055},? -- 192.168.0.0,192.168.255.255
}
function ConnectToMeArrival(curUser,data)
if not curUser.bOperator then
local _,_,sIP = string.find(data,"$ConnectToMe%s+%S+%s+(%d+%.%d+%.%d+%.%d+):%d+|")
if sIP and sIP ~= curUser.sIP then
local DecIP = IPtoDEC(sIP)
for Index,Table in ipairs(SafeIP) do? -- (Newbie hint: With this notation, "SafeIP[Index]" equals to "Table")
if not (DecIP > Table[1] and DecIP < Table[2]) then
SendPmToOps(bot,frmHub:GetHubName().." ---> Nick = "..curUser.sName.."? UserIP = "..curUser.sIP.."? ConnectIP = "..sIP)
else
curUser:SendData(bot,"Your active mode IP address ("..sIP..") is incorrect, please correct it as ("..curUser.sIP..") and then reconnect.")
end
end
end
end
end
function OnError(ErrorMsg)
SendPmToOps(bot,"[ERROR] "..frmHub:GetHubName().." ---> "..ErrorMsg)
end
function IPtoDEC(sIP)
if sIP then
local _,_,a,b,c,d = string.find(sIP, "^(%d+)%.(%d+)%.(%d+)%.(%d+)$")
return a*16777216 + b*65536 + c*256 + d
end
end
thanx! ;D
Maybe you should check on active searches as well. And thanks to GB for correcting me.
Another touch...
-- Simple VPN detector by TTB
-- Thanx plop for the concept!
-- 16 juni 2006
-- Touched by GeceBekcisi (2006-06-15)
-- Added active search IP checking by GeceBekcisi (2006-06-16)
----------------------------------------
bot = "VPN-detector"
-- Safe IP table with decimal forms of some IP ranges, decimal forms are precalculated to save some CPU clocks :)
SafeIP = {
{2130706432, 2147483647}, -- 127.0.0.0,127.255.255.255
{167772160,184549375}, -- 10.0.0.0,10.255.255.255
{2886729728,2887778303}, -- 172.16.0.0,172.31.255.255
{3232235520,3232301055}, -- 192.168.0.0,192.168.255.255
}
function ConnectToMeArrival(curUser,data)
if not curUser.bOperator then
local _,_,sIP = string.find(data,"$ConnectToMe%s+%S+%s+(%d+%.%d+%.%d+%.%d+):%d+|")
if sIP then return CheckUser(curUser,sIP) end
end
end
function SearchArrival(curUser, data)
if curUser.bActive and not curUser.bOperator then
local _,_,sIP = string.find(Data, "$Search (%d+%.%d+%.%d+%.%d+):%d+%s+%a%?%a%?%d+%?%d+%?.*|")
if sIP then return CheckUser(curUser,sIP) end
end
end
function OnError(ErrorMsg)
SendPmToOps(bot,"[ERROR] "..frmHub:GetHubName().." ---> "..ErrorMsg)
end
function CheckUser(curUser,sIP)
if curUser and sIP and sIP ~= curUser.sIP then
local DecIP = IPtoDEC(sIP)
for Index,Table in ipairs(SafeIP) do -- (Newbie hint: With this notation, "SafeIP[Index]" equals to "Table")
if not (DecIP > Table[1] and DecIP < Table[2]) then
SendPmToOps(bot,frmHub:GetHubName().." ---> Nick = "..curUser.sName.." UserIP = "..curUser.sIP.." ConnectIP = "..sIP)
else
curUser:SendData(bot,"Your active mode IP address ("..sIP..") is incorrect, please correct it as ("..curUser.sIP..") and then reconnect.")
return 1
end
end
end
end
function IPtoDEC(sIP)
if sIP then
local _,_,a,b,c,d = string.find(sIP, "^(%d+)%.(%d+)%.(%d+)%.(%d+)$")
return a*16777216 + b*65536 + c*256 + d
end
end
Thank you GeceBekcisi, bastya_elvtars, Mutor and Plop.? 8)
@ GeceBekcisi => You made a little typo in the last script:
local _,_,sIP = string.find(Data, "$Search (%d+%.%d+%.%d+%.%d+):%d+%s+%a%?%a%?%d+%?%d+%?.*|")
should be:
local _,_,sIP = string.find(data, "$Search (%d+%.%d+%.%d+%.%d+):%d+%s+%a%?%a%?%d+%?%d+%?.*|")
It is the "data".
I've also seen when ppl don't enter their correct IP in their settings, it will also be seen as VPN. Users who will use this script should be aware of that.
Updated the script, now you get 1 message, not 4 when 4 are in table!
-- Simple VPN detector by TTB
-- Thanx plop for the concept!
-- 16 juni 2006
-- Touched by GeceBekcisi (2006-06-15)
-- Added active search IP checking by GeceBekcisi (2006-06-16)
----------------------------------------
bot = "VPN-detector"
-- Safe IP table with decimal forms of some IP ranges, decimal forms are precalculated to save some CPU clocks :)
SafeIP = {
{2130706432, 2147483647}, -- 127.0.0.0,127.255.255.255
{167772160,184549375}, -- 10.0.0.0,10.255.255.255
{2886729728,2887778303}, -- 172.16.0.0,172.31.255.255
{3232235520,3232301055}, -- 192.168.0.0,192.168.255.255
}
function ConnectToMeArrival(curUser,data)
if not curUser.bOperator then
local _,_,sIP = string.find(data,"$ConnectToMe%s+%S+%s+(%d+%.%d+%.%d+%.%d+):%d+|")
if sIP then return CheckUser(curUser,sIP) end
end
end
function SearchArrival(curUser, data)
if curUser.bActive and not curUser.bOperator then
local _,_,sIP = string.find(data, "$Search (%d+%.%d+%.%d+%.%d+):%d+%s+%a%?%a%?%d+%?%d+%?.*|")
if sIP then return CheckUser(curUser,sIP) end
end
end
function OnError(ErrorMsg)
SendPmToOps(bot,"[ERROR] "..frmHub:GetHubName().." ---> "..ErrorMsg)
end
function CheckUser(curUser,sIP)
if curUser and sIP and sIP ~= curUser.sIP then
local DecIP = IPtoDEC(sIP)
local a = 0
for Index,Table in ipairs(SafeIP) do -- (Newbie hint: With this notation, "SafeIP[Index]" equals to "Table")
if not (DecIP > Table[1] and DecIP < Table[2]) then
a = 0
else
a = a + 1
end
end
if a == 0 then
SendPmToOps(bot,frmHub:GetHubName().." ---> Nick = "..curUser.sName.." UserIP = "..curUser.sIP.." ConnectIP = "..sIP.." Possible (VPN)violation -> PLEASE (SPEED)CHECK!")
else
--curUser:SendData(bot,"Your client's IP is incorrectly configured. Enter the correct one in the IP field in your client settings or try passive mode. Your current ip is: "..curUser.sIP)
SendPmToOps(bot,frmHub:GetHubName().." ---> Nick = "..curUser.sName.." UserIP = "..curUser.sIP.." ConnectIP = "..sIP.." *SAFE*")
return 1
end
end
end
function IPtoDEC(sIP)
if sIP then
local _,_,a,b,c,d = string.find(sIP, "^(%d+)%.(%d+)%.(%d+)%.(%d+)$")
return a*16777216 + b*65536 + c*256 + d
end
end