egghelp.org community

[kitten]

Hello forum

I lost my botnet some time ago and have been updating egg to 1.6.17 and rewrote the conf files since then. I also checked some previous threads here to get help. Didn't help me so here you are, reading my complaining

I have two bots, hub (Kuiskaus) and leaf (Kirous). They connect fine, but if I enable userfile sharing, I get errors:

Hub says:
10:17 <kuiskaus> *** Linked to Kirous
10:17 <kuiskaus> [11:39] Creating resync buffer for Kirous
10:17 <kuiskaus> [11:39] Sending user file send request to Kirous
10:17 <kuiskaus> [11:39] Disconnected from: Kirous. No reason (lost 1 bot and 1 user)
10:17 <kuiskaus> *** Disconnected from: Kirous. No reason (lost 1 bot and 1 user)
10:17 <kuiskaus> [11:39] (Userlist transmit aborted.)

Leaf says:
10:18 <Kirous> *** Linked to Kuiskaus
10:18 <Kirous> [10:13] Downloading user file from Kuiskaus
10:18 <Kirous> [10:13] Lost userfile transfer from Kuiskaus; aborting.
10:18 <Kirous> *** Kuiskaus
10:18 <Kirous> [10:13] (Userlist download aborted.)

Hub thinks:
10:27 <kuiskaus> HANDLE PASS NOTES FLAGS LAST
10:27 <kuiskaus> Kirous yes 0 abflo 11:49 (unlinked)
10:27 <kuiskaus> BOT FLAGS: gs
10:27 <kuiskaus> HOSTS: *!*kirous@blaablaa.com
10:27 <kuiskaus> -telnet!*@blaablaa.com

Leaf thinks:
10:27 <Kirous> HANDLE PASS NOTES FLAGS LAST
10:27 <Kirous> Kuiskaus yes 0 abflo 10:22 (unlinked)
10:27 <Kirous> BOT FLAGS: ghp
10:27 <Kirous> HOSTS: *!telnet@dsl-blaablaa.com
10:27 <Kirous> *!*Kuiskaus@dsl-blaablaa.com
10:27 <Kirous> ADDRESS: myhost.com
10:27 <Kirous> users: 2010, bots: 2010


Now.. I saw in one thread that disabling resync buffer might help. What bugs me is that i get "Creating resync buffer for Kirous" if I have "set allow-resync 0" or "set allow-resync 1" in kuiskaus.conf file.

I have no NATs, but firewalls on both boxes. And Kirous is in a linux box not under my control so I can't access to its firewall rules. But that shouldn't be a problem since I did some research with Ethereal and no new connections are initialized from Kuiskaus to Kirous. Noticed however that all ident connections fail, but that shouldn't be a problem?

Here is some highlights from conf files:
kuiskaus.conf:
set reserved-portrange 2010:2020
set my-hostname "<my-host-name.com>"
loadmodule transfer
loadmodule share
loadmodule compress
set allow-resync 0

kirous.conf:
set reserved-portrange 2010:2020
loadmodule transfer
loadmodule share
loadmodule compress
set allow-resync 0

This has bugged me for months and I forgot it in between, so any help is appreciated

[demond]

firewalls normally prevent DCC by not allowing listening and inbound connections on arbitrary ports - whereas all IRC clients and bots, including eggdrop, by default use random listening ports for DCC (userfile transfer) - but there is a solution to this:

from eggdrop.conf:

[kitten]

Thanks for the quick answer.

Are you sure firewall needs to be mangled in leaf bot side? Ethereal didn't show any tcp handshakes to that direction. Normal DCC chat to the leaf bot works fine too.

[demond]

the hub needs to be able to open a listen port (a la DCC SEND request) and accept incoming connections on it; the firewall on the leaf side has no effect on that (as long as it allows outbound connections on arbitrary ports, which normally all firewalls in default configuration do)

[kitten]

Hmm.. then I'm stuck again. Well, I tought about coding a module that shares user information via common channel like #egg98721lnkfa982

Too much effort? Maybe, but then by botnet would work, hehe..

[demond]

what have you been smoking? that's the weirdest eggdrop idea I've ever heard

if you absolutely cannot get an open port on that firewall (which I very much doubt, most admins will open port(s) if asked to do so - that is, unless your bot is illegal), set up as hub the other bot, the one that runs on a host without firewall

[kitten]

Dunno, man. Being tired and at work early in the morning gives you ideas

Oh, the hub is in the comp I have root access and also I can manage that firewall. ISP doesn't do any filtering or firewalling either.

What I dug up of ethereal:
- Hellos, username, passwords exchanged.
- Linked to..
- Both send my handle and host (I think this is because i'm in bots party lines?)
- Leaf says: "suy exempts invites compress" -> kuiskaus
- Hub says: "sfeats exempts invites compess" -> kirous
- Hub says: "kirous +EDNE.sus <some numbers>" -> kirous
- Leaf says: "bye" -> kuiskaus
- Hub says: "bye" -> kirous
- Fin. Connection closing

I don't know if this helps in any way but decided still to share it
Any idea how to get rid of that resync buffer (somebody suggested it in some thread) since set allow-resync 0 really doesn't do it?

Oh and yeah, the bots stay connected if I disable +s flag so I don't try to send userfile.

Thanks for demond this far trying to help me.

[demond]

you better use console logging with +th flags (log raw botnet traffic, share traffic; raw-log must be 1 for this to work) than ethereal

and double-check your config & scripts, since setting allow-resync to 0 really disables that resync buffer; maybe some script keeps setting it to 1 (but you ought to use it, I mean the resync buffer, since transfering the entire userfile after each reconnect doesn't make much sense)

[kitten]

Back after a long pause..
Thanks for the advice. Here comes some logs then, I hope you get something from them. Kuiskaus is hub and Kirous is leaf. Before this I changed allow-resync back to 1.

08:51 <Kirous> [08:46] Received challenge from Kuiskaus... sending response ...
08:51 <Kirous> [08:46] Linked to Kuiskaus.
08:51 <Kirous> *** Linked to Kuiskaus
08:51 <Kirous> [08:46] [Kuiskaus] tb Kuiskaus
08:51 <Kirous> [08:46] [Kuiskaus] j *********
08:51 <Kirous> [08:46] [Kuiskaus] i Kuiskaus I Dj
08:51 <Kirous> [08:46] {Kuiskaus} u?
08:51 <Kirous> [08:46] Downloading user file from Kuiskaus
08:51 <Kirous> [08:46] [Kuiskaus] el
08:51 <Kirous> [08:46] {Kuiskaus} feats exempts invites compress
08:51 <Kirous> [08:46] [Kuiskaus] u Kirous +EDNE
08:51 <Kirous> [08:46] {Kuiskaus} us 2130706433 2011 3628
08:51 <Kirous> [08:46] Lost userfile transfer from Kuiskaus; aborting.
08:51 <Kirous> *** Kuiskaus
08:51 <Kirous> [08:46] (Userlist download aborted.)

08:51 <Kuiskaus> *** Linked to Kirous
08:51 <Kuiskaus> [10:07] [Kirous] tb Kirous
08:51 <Kuiskaus> [10:07] [Kirous] j *********
08:51 <Kuiskaus> [10:07] [Kirous] i Kirous I G
08:51 <Kuiskaus> [10:07] [Kirous] el
08:51 <Kuiskaus> [10:07] {Kirous} uy exempts invites compress
08:51 <Kuiskaus> [10:07] Creating resync buffer for Kirous
08:51 <Kuiskaus> [10:07] Sending user file send request to Kirous
08:51 <Kuiskaus> [10:07] [Kirous] bye
08:51 <Kuiskaus> [10:07] Disconnected from: Kirous. No reason (lost 1 bot and 1 user)

[demond]

that means DCC userfile transfer has been tried but interrupted (or possibly never initiated successfully); in any case it's a firewall problem, and it's a problem that could be remedied, since the bots were already able to connect and establish a botlink

oh, and it has nothing to do with allow-resync

[kitten]

[arlo]

Just wanted to mention that I'm having the *exact* same problem. I'm running both the hub and leaf bots on the same machine, which I have complete control over. The firewall is open for needed ports, and I even tried it with the firewall completely disabled. All other botnet features function correctly. I carefully went over the instructions in the link posted above, and all the settins are as they should be. I'm stumped!

[CrazyEgg]

[arlo]

That's a good idea, thanks. Unfortunately, it didn't change anything for me. I even added *!*@* to both bots' host lists. *sigh*

[jinxdone]

Try setting either my-hostname or my-ip to your ip/host.

It helped for me, after some hairsplitting I noticed eggdrop that previously worked fine started acting up after I installed newer distro (recompile didn't help).. Turns out it was telling people to connect to 127.0.0.1 instead of eth0's address for dcc transfers -> userfile transfer fails.

Even though this is an old thread I hope it helps anybody with the same problem!