mIRC Home    About    Download    Register    News    Help

Print Thread
#93108 07/08/04 03:37 AM
Joined: Oct 2003
Posts: 132
D
DV8 Offline OP
Vogon poet
OP Offline
Vogon poet
D
Joined: Oct 2003
Posts: 132
Recently, I tried connecting to DALnet and got the message "You match the pattern of a known trojan" and it kept booting me off every server. Well I know my computer is trojan free so I did a quick search on Google, found someone who had the same problem on Xchat and they suggested I change my username in the identd. Sure enough, it worked. Can someone please explain in layman's terms what an Ident Server is, how it works and why is it necessary. I've read the FAQ's but I don't understand. Seems like it's more trouble than it's worth.

#93109 07/08/04 03:48 AM
Joined: Jun 2003
Posts: 5,024
M
Hoopy frood
Offline
Hoopy frood
M
Joined: Jun 2003
Posts: 5,024
What 'FAQs' are you referring to? DALnet's Ident FAQ explains it pretty well. You may also like to take a look at this thread.

It isn't a waste of time smile

Regards,


Mentality/Chris
#93110 07/08/04 03:52 AM
Joined: Dec 2002
Posts: 2,962
S
Hoopy frood
Offline
Hoopy frood
S
Joined: Dec 2002
Posts: 2,962
An ident server (also called an identd) is simply a program that's purpose is to tell any computer that 'asks' what user is currently using your computer. It's a throwback from the good old days when most internet connected computers were large mainframes at universities and the like which could have many people using them, and the identd's response was a trusted source. These days most identds, like mIRC's, simply respond with whatever the user has told it to respond with and so are not trusted and add virtually no security or useful information to the IRC server whatsoever. The only exception is that since some IRC servers require an identd to be running some trojans that use IRC will implement an identd (sometimes taking over mIRC's) and respond with a random ident. Since these idents are often random letters like rgklhnla it's possible that some kind of lexical analyser could take that response and decide if it's jibberish, and if it is, refuse the connection. Whether that's what happened with you, or whether your ident matched a specific ident known to be a trojan's (some less advanced trojans simply use an unchanging ident like 'elite2k' or whatever).

All things considered, an identd has very little practical value for user identification.


Spelling mistakes, grammatical errors, and stupid comments are intentional.
#93111 07/08/04 04:19 AM
Joined: Oct 2003
Posts: 132
D
DV8 Offline OP
Vogon poet
OP Offline
Vogon poet
D
Joined: Oct 2003
Posts: 132
Okay, I think I understand now.

Mentality, I havn't read that FAQ before. Very helpful. Thanks for the link.

starbucks, my user name was 422H. Sort of a play on my nick. D is the 4th letter of the alphabet, V is the 22nd and H is the 8th. Kind of random laugh I understand why it thought it was a trojan now. I've changed it to a more proper name now and all is well.

Thanks for the help! smile

#93112 13/08/04 05:58 AM
Joined: Aug 2004
Posts: 1
B
Mostly harmless
Offline
Mostly harmless
B
Joined: Aug 2004
Posts: 1
This might be a pretty 'duh' thing to ask but.. if the identd thing on mIRC does keep randomly changing itself, but the virus scanners pick nothing up.. does it necessarily mean it's a trojan? Now we've noticed that mIRC is doing this, what's the next step? confused

#93113 13/08/04 12:43 PM
Joined: Dec 2002
Posts: 2,962
S
Hoopy frood
Offline
Hoopy frood
S
Joined: Dec 2002
Posts: 2,962
It's almost certainly a trojan or virus of some sort, I can't think of any legitimate reason why a script or program would ever do that. The first step would be to try out more Anti-virus software - the variation between what different AV software can detect is quite surprising, especially when it comes to IRC-related malware. Try running some of the AV/Trojan Scanners listed here.

If you still can't find anything try turning off all scripts (type /!remote off). If that stops the ident from changing then you'll have to either unload and delete all of your script files or if you've downloaded scripts/addons from several places then you could try and narrow it down by turning remotes on again (/!remote on) and then unload each script file individually and see if you can find specifically which script is causing the trouble.


Spelling mistakes, grammatical errors, and stupid comments are intentional.

Link Copied to Clipboard