Script to supply IP as passowrd

[BAlexandrov]

We are in internal network of one ISP. It is basically a big LAN.

We all have private IPs (192.168.x.x) and they are fixed -  we do not use DHCP Server but everyone have got one fixed IP. The connection to internet depend on second VPN conenction to our ISP server and do not depend on IP.

The problem is that everyone can easily change his IP in his network settings and our provider does not care much about this but anyway it is supposed to be one fixed IP per user.
The problem comes when I try to ban someone - he easily can change his IP address and nickname and get back.

Mine idea is to force users to obey that policy - they must use only their original IP address. Because of that I am thinking about variant of using their IP as password.

This way I will register new users with their IP. If someone is banned he will not be able to change his IP and get back.

Basically what I will achieve is same as forcing registration from administrators to in order users to be able to access the hub, but will make this task more easyer on admin side - there will be no need to ask for desired password and telling the user how to enter it and on user side - there will be no additional action needed.

Is this possible?

[BAlexandrov]

Tell me what you think, please

[bastya_elvtars]

Originally posted by BAlexandrov
Tell me what you think, please

this is not a hard2do script

if ya make a hub every user will be assigned his IP to.

if he logs in with a bad IP, it can cause disconnect.

not hard 2 do, want it? ;)

[BAlexandrov]

Suuure :)


If you can do it - when user connect to supply his IP as password would be just great.

[bastya_elvtars]

users wont become registered, but their ip will be linked 2 their names
they can change nick but not ip

edit

and 1 more thing

do u wanna check users from within that iprange only?

[BAlexandrov]

users wont become registered, but their ip will be linked 2 their names
they can change nick but not ip

Okay but the script itself will make a file with ip-nick pairs or I have to make it (it is not problem to generate it but it would be difficlt to add to it (the hub is not on my computer))

and 1 more thing
do u wanna check users from within that iprange only?

I already have a script that limits user IPs to specified range by -- easyranger -- tezlo, I found it in this forum. If you want you can incorporate these changes in it:

-- easyranger
-- tezlo

ipRanges = {}

denyMsg = " You dont belong here."

function compute(ip)
   local s, e, a, b, c, d = strfind(ip, "^(%d+).(%d+).(%d+).(%d+)$")
   if s then return a*16777216 + b*65536 + c*256 + d end return 0
end

function checkrange(table, ip)
   return foreachi(table, function(id, tmp)
      if (%ip >= tmp[1]) and (%ip <= tmp[2]) then return tmp end
   end)
end

function load(name, data)
   ipRanges[name] = ipRanges[name] or {}
   gsub(data, "(%S+) %- (%S+)", function(s, e)
      s, e = compute(s), compute(e)
      tinsert(ipRanges[%name], { s, e })
   end)
end

function Main()
   local f = openfile("ranger.dat", "r") assert(f, "ranger.dat")
   local file = read(f, "*a") closefile(f)   gsub(file, "%[(%S+)%]([%c%d%s%-%.]+)", load)
end

function NewUserConnected(user)
   local ip, isp = compute(user.sIP)
   for name, range in ipRanges do
      if checkrange(range, ip) then return end
   end user:SendData(denyMsg) user:Disconnect()
end

--ranger.dat
--[LAN]
--192.168.112.0 - 192.168.117.255

--[LOCAL]
--127.0.0.1 - 127.0.0.255

[bastya_elvtars]

i know easyranger

but i asked if i should limit the IPs that can connect to 192.168.0.0-192.168.255.255 - should i?

second: when you install my script, restart the hub. it joins a nick to an IP so nick change is possible, IP change not

dead entries will be removed in a cusom time if needed

[BAlexandrov]

I can stay with easyranger's script because it works just as I need -  to restict access to specified range and this range to be configurable (as is in ranger.dat now but it can change in time)

I don't see reason to dublicate this functionality but if you want, or if it is uncompatible with your idea then do it.

[BAlexandrov]

Can you describe me the algorithm that you think to implement.

It will associate nick with IP and cashe it somewhere? cleaning of this cashe in specified timeout is not needed, but it would be good to be able to delete single entry from it manually for any case.

This way if they continue to be not registered users it is most easy for badguy to change both IP and nickname and come back. If I enforce administrator based registration, then linking of nick-IP is not needed - I will be able to ban the nickname.

There are two sollutions for this - one is my original idea to register nicks with IP as their password and a script to supply the IP for password upon logging in.
There is another variant - Can I register nicks with empty password (currently I do not see a way)? Then when user log in he will be authenticated autamtically and then your IP will check if he have correct IP.

[lynyrd]

hi, how about modify this one?

code:
-----------------------------------------------------------------------
-- OP-protection script
-- From an idea of Wo??eL, developed by sebastiannielsen, piglja, VidFamne and TiM? TrAVelleR
-- If someone get hold of an OP's password and try to connect as an OP, he's get banned.
--
-- Add the IPs and names below, and the first IP must correspond to first OP, and so on,
-- and if any of the OPs has dynamic IP, only enter "dynip" as IP.
-- Implented security, if [OP]blaster has IP 123.456.789.012, and he is trying to access [OP]sebastian's or [OP]admin's account, he is banned.
-- unless you have writen "dynip" to disable IP-check for that OP.


ops = { "nick1", "nick2", "nick3" }
ips = { "123.456.789.0", "dynip", "dynip" }

function User(user)
for i,v in ops do
if ((user.sName == user) and (not user.sIP == ips))
or ((user.sName == user) and (not ips == "dynip")) then
else break
end
end
user:Ban()
Unban(user.sName)
user:Disconnect()
end
-----------------------------------------------------------------------
end of code

[NotRabidWombat]

Uh. This script is a VERY bad idea.

1) Any user in the hub can discover any other users password.
2) Any user can easily alias as any other user by switching their IP / arp poisoning / IP spoofing / etc.

You may want to consider IP as a secondary authentication for users ie: a user enters the password and may only come from this IP. You may also want to consider a download blocker / chat blocker for unregistered users.

Either way, blocking annoying people on a LAN is not easy. I know this from expierence after running one for 2 years. My best solution was mac address identification through netbios (nbtstat if you want to dos). I only used this tactic on the most annoying users, to keep others guessing how I was blocking.

-NotRabidWombat

[bastya_elvtars]

This is my ver...

-- FixIP by bastya_elvtars(the rock n' roll doctor)
-- made for BAlexandrov
-- fixip users cant change their IP inside a LAN
-- code from: userinfo by NightLitch, usercleaner by plop, userwelcome by RabidWombat, lawmaker by bastya_elvtars :P

Bot="IPChecker"

checkops=1 -- 1 to check ops ips, 0 to not

autoclean=1 --set 1 to automatically clean the ip database every day to prevent growing huge

weeks=5 -- users being offline for this amount of weeks will be cleaned out

-------- only scripters (and my) zone below :D
function Main()
	if checkops==1 then
		OpConnected=NewUserConnected
		CleanDay = date("%Y. %m. %d.")
	end
end

function NewUserConnected(user)
	local iptable=LoadUserInfo("ips.dat")
	if not iptable[user.sName] then
		iptable[user.sName]=user.sIP
		SaveUserinfo(iptable,"ips.dat")
	elseif iptable[user.sName]~=user.sIP then
		user:SendData(Bot,"BadIP! Please update your IP to ".. iptable[user.sName])
		user:Disconnect()
	end
	iptable=nil
	Clear()
end

function DataArrival(user,data)
	if autoclean == 1 then
		if CleanDay ~= date("%Y. %m. %d.") then -- user cleaning trigger, works as a timer without a timer
			CleanDay = date("%Y. %m. %d.")
			Cleaning()
		end
	end
end

function SaveUserinfo(table,file)
	writeto(file)
	for a,b in table do
		write(a.."|"..b.."\n")
	end
	writeto()
end

function LoadUserInfo(file)
	local table={}
	readfrom(file)
	while 1 do
		local line=read()
		if line == nil then 
			readfrom()
			break
		else 
			local _,_,nick,item=strfind(line,"([^|]+)|(.+)")
			table[nick]=item
		end
	end
	readfrom()
	return table
end

function Cleaning()
	local x=clock()
	SendToAll(Bot, "IP info database cleaner started. This might take long, so please be patient!")
	local juliannow = JulianDate(SplitTimeString(date("%Y. %m. %d. %X")))
	local oldest = weeks*7*1440
	local Count2,Count = 0,0
	local Seen=LoadLastSeen()
	local iptable=LoadUserInfo("ips.dat")
	for a,b in iptable do
		Count = Count+1
		if Seen[a] then
			local julianu=JulianDate(SplitTimeString(Seen[a]))
			local diff=juliannow-julianu
			local hours, mins= floor(diff) * 24 + floor(frac(diff) * 24), floor(frac(frac(diff)*24)*60)
			local usrtime=hours*60+mins
			if (usrtime) > oldest then
				Count2 = Count2 +1
				Seen[a] = nil
				iptable[a]=nil
				SaveUserinfo(iptable,"ips.dat")
				SaveSeen(Seen)
			end
		else
			Seen[a] = date("%Y. %m. %d. %X")
		end
	end
	if Count ~= 0 then
		SendToAll(Bot,"This cleanup took "..clock()-x.." seconds, during that "..Count.." users were processed, "..Count2.." of them were deleted.|")
	end
	SaveSeen(Seen)
	iptable=nil
	Seen=nil
	Clear()
end

function LoadLastSeen()
	local Seen={}
	readfrom("lastseen.dat")
	while 1 do
		local line = read()
		if line ==  nil then
			break
		end
		local s,e,name,date = strfind(line, "(.+)$(.+)")
		if name then
			Seen[name]=date
		end
	end
	readfrom()
	return Seen
end

--------------------------------------------------------------------- saving last seen date
function SaveSeen(Seen)
	writeto("lastseen.dat")
	for a,b in Seen do
		Seen[a]=b
		write(a.."$"..b.."\n")
	end
	writeto()
end


-- Split a specific Time string into its components
-- New Format: D. M. Y. HR:MN:SC" - 24hr time
-- return: Y,M,D,HR,MN,SC  HR is in 24hr format
function SplitTimeString(TimeString) -- 
	--local s,e,Y,M,D,HR,MN,SC = strfind(TimeString, "([^.]+). ([^.]+). ([^.]+). ([^:]*):([^:]*):(%S*)");
	-- 14/09/2004 16.23.25
	local grab=function(TimeString)
					if strfind(TimeString,"/")then
						local _,_,D,M,Y,HR,MN,SC=strfind(TimeString,"([^/]+).([^/]+).(%S+) ([^:]+).([^:]+).([^:]+)")
						return D,M,Y,HR,MN,SC
					elseif strfind (TimeString,"%d%-%d") then
						local _,_,D,M,Y,HR,MN,SC = strfind(TimeString, "([^-]+).([^-]+).(%S+) ([^:]+).([^:]+).(%S+)")
						return D,M,Y,HR,MN,SC
					elseif strfind (TimeString,"%d%d.%d%d.%d%d%d%d%s+") then
						local _,_,Y,M,D,HR,MN,SC = strfind(TimeString, "([^.]+).([^.]+).(%S+). ([^:]+).([^:]+).(%S+)")
						return D,M,Y,HR,MN,SC
					else
						local _,_,Y,M,D,HR,MN,SC = strfind(TimeString, "([^.]+). ([^.]+). ([^.]+). ([^:]+).([^:]+).(%S+)")
						return D,M,Y,HR,MN,SC
					end
				end

	local D,M,Y,HR,MN,SC=grab(TimeString)
	D = tonumber(D)
	M = tonumber(M)
	Y = tonumber(Y)
	HR = tonumber(HR)
	--assert(HR < 24)
	MN = tonumber(MN)
	--assert(MN < 60)
	SC = tonumber(SC)
	--assert(SC < 60)

	assert(HR < 24);
	assert(MN < 60);
	assert(SC < 60);
	return D,M,Y,HR,MN,SC
end

function JulianDate(DAY, MONTH, YEAR, HOUR, MINUTE, SECOND) -- HOUR is 24hr format
	local jy, ja, jm;
	assert(YEAR ~= 0);
	assert(YEAR ~= 1582 or MONTH ~= 10 or DAY < 4 or DAY > 15);
	--The dates 5 through 14 October, 1582, do not exist in the Gregorian system!");
	if(YEAR < 0 ) then
		YEAR = YEAR + 1;
	end
	if( MONTH > 2) then 
		jy = YEAR;
		jm = MONTH + 1;
	else
		jy = YEAR - 1;
		jm = MONTH + 13;
	end
	local intgr = floor( floor(365.25*jy) + floor(30.6001*jm) + DAY + 1720995 );
	--check for switch to Gregorian calendar
	local gregcal = 15 + 31*( 10 + 12*1582 );
	if(DAY + 31*(MONTH + 12*YEAR) >= gregcal ) then
		ja = floor(0.01*jy);
		intgr = intgr + 2 - ja + floor(0.25*ja);
	end
	--correct for half-day offset
	local dayfrac = HOUR / 24 - 0.5;
	if( dayfrac < 0.0 ) then
		dayfrac = dayfrac + 1.0;
		intgr = intgr - 1;
	end
	--now set the fraction of a day
	local frac = dayfrac + (MINUTE + SECOND/60.0)/60.0/24.0;
	--round to nearest second
	local jd0 = (intgr + frac)*100000;
	local  jd  = floor(jd0);
	if( jd0 - jd > 0.5 ) then jd = jd + 1 end
	return jd/100000;
end

function frac(num)
	return num - floor(num);
end

function Clear()
	collectgarbage()
	flush()
end

this affects all users, will rewrite for your range if needed, but without an exact answer...

[BAlexandrov]

Sorry for the late answer guys, but I don't had time.
I see now there are two scripts, I will review them and choose the winner :-P
(I am programmer too anyway ;))

Just give me couple of days.

[bastya_elvtars]

above script edited, had an error, i was just lazy 2 grab it carefully lol