[Labs-l] Fwd: [freenode.net #132451] Request to lift a number of connections from IP

Faidon Liambotis faidon at wikimedia.org
Sun May 26 12:27:09 UTC 2013


On Sat, May 25, 2013 at 09:53:26AM -0400, John wrote:
> The best option would be to have a single ident server per IP so that
> individual projects/tools need to worry about this

Actually the sensible solution here would be to run an ident server on
the labs IPs (or a single IP used for IRC, with special network-node NAT
rules for port 6667), that would return the instance (or project) name
on the ident reply. The ident protocol was designed to return unix
usernames where single large unix systems had multiple users, but
mapping VM instances to ident seems more right for this decade.

What freenode basically wants is to be able to pinpoint abusers, have
specific max counts for them, block them and possibly report back to the
sysadmins. We have no way of going from irc bot -> instance name ->
project name right now and ident is a simple and fine protocol to do
that. Ident responses would be visible on /whois, so this makes it a
great debugging tool even for us internally.

I don't think it was sensible to ask freenode to lift all limits for all
labs IPs without having something like the above (and hence I think
freenode's reply is very appropriate). Labs is an open platform where a
plethora of users can get access to a VM and potentially set up malware
or spam bots.

Regards,
Faidon



More information about the Labs-l mailing list