Nickserv Access Lists
This guide explains the way to control exactly how and in what circumstances you and others can use your nickname(s) on DALnet. The "control" I mentioned is provided to you by a NickServ feature known as the "access list" or by identifying to NickServ with your password each time you log on.
Finally, a brief notes - whenever I give a command to type such as :
/nickserv identify password
The command should be typed as it is shown, except that you should replace required parameters (here 'password') with the appropriate piece of information. For instance, in the above example, if your password was "apple", you would actually type
/nickserv identify apple
1 · Why you need to know this information
DALnet encourages you to read this guide because:
If NickServ always asks you for your password and you get fed up with this, you CAN fix it, and this explains how.
If this isn't the case, it's entirely possible that some others who really wanted to could use your nickname. Even if you're not paranoid about other people "pretending to be you", consider that they could get you in trouble by misbehaving in some way with your nickname.
2 · What nickname access lists are
A nickname access list is a list of addresses from which you are recognised as the authorised user of a nickname, without needing to manually send a password. These can be exact addresses or "masks" that match a range of addresses.
There are several ways in which a user may be allowed to use a registered nickname.
In order to explain these, here's a brief summary; a person may be using a registered nickname if:
1. Their address [username and hostname] matches one in the access list.
2. They sent the manual /nickserv identify password command.
3. Enforce is set off for the nick
4. Enforce is set on [in this case they can use it only for 60 seconds]
You can see by this that the "access list" is used for convenience, so that as long as you continue to use the same Internet service provider you won't normally need to type in the password each time you use your nickname.
3 · How do a username and hostname get added to your access list?
There are two ways in which this could happen:
1. You add it yourself by using the comand /nickserv access add mask (see below)
2. When you register your nick, the address you're using at that moment is automatically added to your access list (you may want to remove it; read on)
4 · How to change your nickname access list
Here are the commands for manipulating your access list. Before you use any of them, you should change to the appropriate nickname. You will also need to identify for the nick (/nickserv identify password) before you can do the ADD or DEL commands.
After you type any of these commands, NickServ will respond to show you the results or confirm that your command worked.
If there is no response, NickServ is probably lagged, so please be patient. If there is a message like nickserv - no such nick/channel or Services is currently down. Please wait a few moments, and then try again. then NickServ is probably not working at the moment; try again later.
/nickserv access list
Typing this command will show you the current access list
/nickserv access add mask
If an "address mask" is inappropriate, insecure, or no longer required, you can remove it from the list using this command.
/nickserv access del mask
5 · The pros and cons of having address masks in your access list
There are security advantages to clearing the access list, which means that you must always give NickServ the password so as to use the nick. Therefore, if the security of your nick is more important to you than convenience, this is the action you should take.
To clear your access mask list, do the following:
1. Type /nickserv identify password (where "password" is the password for your nick)
2. Type /nickserv access wipe
Once you have cleared your access list, you are going to need to identify with NickServ each time you log on to DALnet. To do this, you type:
/nickserv identify password
6 · Hostnames and usernames explained
In choosing a mask for yourself, the first thing to do is, while online, to run a /whois on yourself, and look at the results. You should see something like:
YourNick is ~user@009-443.provider.com * Your Silly Message
[etc]
or perhaps like:
*** YourNick is ~user@009-443.provider.com (Your Silly Message)
The important part is the ~user@009-443.provider.com part, which you should be able to see whatever format your IRC program uses. We'll take a closer look at the various parts of this.
Before we start: if your result looks like ~user@124.45.230.123 - i.e. four numbers and no words in the "hostname" part - please see section 8 in this guide.
6.1 The username
The username part of the above address is "~user". In fact, this itself divides into two parts - the "~" which indicates you don't have an ident server, and the "user" which is the actual username.
If at this point you change your username, you'll need to disconnect from IRC and reconnect. Then do the /whois again.
You need to know your "username" to choose a correct mask.
6.2 The hostname
The above user's hostname is "009-443.provider.com". This indicates that they are using the Internet service provider "provider.com", and that they are currently using the machine or phoneline at that provider which is number 009-443.
This hostname is what's known as a dynamic hostname. Dynamic hostnames include a number or similar code at the start, which is different each time you dial the provider to start an Internet session.
Some hostnames (for instance at a company or institution) may be static - that is, each time you start an Internet session, you'll have exactly the same hostname. Dynamic hostnames always have a number or odd code at the start; static hostnames normally are just words, but might include numbers also.
Here are some examples of static hostnames:
spelt-lib.demon.co.uk
altair.dur.ac.uk
quilt.usn.blaze.net.au
puree.ugcs.caltech.edu
And here are some dynamic hostnames:
ppp96.sagelink.net
one-pm30.norwich.net
ip022.phx.primenet.com
pc38.bgmoess-klu.ac.at
7 · Address masks explained
First, a quick note about what address masks do not include. They do not include the nickname portion *! that you might have seen in channel ban masks. They also must not include the ~ at the start of the username, which might be displayed in the /whois output. If you include either of these two things, it's likely that the mask will never work.
Address masks can be of two forms.
7.1 Exact
For instance, an address mask could be:
peter@orion.dur.ac.uk
This mask would only allow people using the exact computer or phoneline "orion.dur.ac.uk", and whose username ("email" in mIRC) was set to "peter", to use the nickname without identifying.
7.2 Wildcards
Wildcards are the * symbols you might see in address masks. A * symbol "matches" any number of characters (letters or numbers), even none at all.
For example:
"for*"
would match "forest", "fortune", "for" - anything beginning with the three letters "for".
"*st"
would match "forest", "best", "Bucharest" - anything ending with the two letters "st".
"f*st"
would match "forest", "frost", "fst", "fast" - anything beginning with "f" that also ends in "st".
"f*s*t"
would match "forest", "foresight", "frost" - anything that begins with "f", ends with "t", and has an "s" somewhere in thdIf you don't fully understand that, don't worry; such complex wildcards aren't usually needed to specify access masks.
7.3 How to choose a correct mask for yourself
So, you know your username and hostname, and whether the address is static or dynamic. What now?
If your hostname is numeric - a set of 4 numbers, instead of "words" - you should now look at section 8, which explains how to deal with this situation - these hostnames work differently from the normal type.
7.4 If you have a static address
The correct access mask for you in this case is:
username@hostname
For instance, in the unlikely event that the example I gave was a static address, the correct access mask would be:
user@009-443.provider.com
7.5 If you have a dynamic address
Things are slightly more complicated here. You basically need to replace the part of the hostname that changes each time with a *:
username@*.part-of-hostname-that-doesn't-change
For instance, a good mask for the above example would be:
user@*.provider.com
If the 009 was always the same every time that user dialed up, and only the 443 changed, then an even better mask would be:
user@009-*.provider.com
8 · Numeric hostnames
Sometimes the hostname part of your address may appear not as a name:
username@A56.myprovider.com
but as a set of 4 numbers:
username@154.43.68.56
The set of numbers - also known as an IP address - is actually the "real" host address. The reason why your hostname sometimes comes up as a number is usually lag between your service provider and the IRC server you're connecting to. In this case, the IRC server may not get a response to the "name lookup" within a reasonable time, so it falls back on using the number.
Assuming you normally get a name, if your hostname ends up being a number one time, the easiest solution is probably just to change server, or even reconnect to the same server.
If you want your nickname to be as secure as possible
Delete all the addresses from the access mask, and use the
/nickserv identify password
command every time you log on to DALnet. (See section 5 of this guide.)
If you have a static address
If you're one of the lucky few with a static address, you should have an access list consisting of your username@hostname and nothing else. The mask in the list shouldn't have any wildcards (* symbols) since your address is always exactly the same.
Delete any other masks that might be in the list.
Because your address is static, nobody else could have a matching address, so this is quite secure; it's unlikely others will be able to abuse your nickname.
If you have a dynamic address
Most of us are stuck with dynamic addressess, unfortunately. The basic principle is to have only one mask in the list, which will "allow in" as few people as possible. Delete any other masks.
The mask should include your username, and as much of the hostname as possible (all of it that doesn't change). When you have a dynamic IP, access masks almost always allow large groups of people the potential to use your nickname. If you're not satisfied with this, your only option is to delete all access masks from the list, and manually identify with NickServ every time you use
source dalnet and revised by Clavelina
