File: antispoof.diff

package info (click to toggle)
ircd-irc2 2.11.1p1%2Bdfsg-2
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 2,920 kB
  • ctags: 3,075
  • sloc: ansic: 36,365; sh: 3,245; makefile: 372
file content (484 lines) | stat: -rw-r--r-- 18,057 bytes parent folder | download | duplicates (11) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
 
diff -urN irc-cvs/common/numeric_def.h irc-cvs-nospoof/common/numeric_def.h
--- irc-cvs/common/numeric_def.h	Wed Jan 20 12:28:46 1999
+++ irc-cvs-nospoof/common/numeric_def.h	Tue Mar 16 12:45:56 1999
@@ -198,6 +198,10 @@
 #define ERR_UMODEUNKNOWNFLAG 501
 #define ERR_USERSDONTMATCH   502
 
+#if defined(NOSPOOF)
+#define ERR_BADPING          513
+#endif
+
 /*
  * Numberic replies from server commands.
  * These are currently in the range 200-399.
diff -urN irc-cvs/common/parse.c irc-cvs-nospoof/common/parse.c
--- irc-cvs/common/parse.c	Tue Dec 29 02:44:57 1998
+++ irc-cvs-nospoof/common/parse.c	Tue Mar 16 12:45:56 1999
@@ -56,7 +56,11 @@
   { MSG_INVITE,  m_invite,   MAXPARA, MSG_LAG|MSG_REGU, 0, 0, 0L},
   { MSG_WALLOPS, m_wallops,  MAXPARA, MSG_LAG|MSG_REG|MSG_NOU, 0, 0, 0L},
   { MSG_PING,    m_ping,     MAXPARA, MSG_LAG|MSG_REG, 0, 0, 0L},
+#if defined(NOSPOOF)
+  { MSG_PONG,    m_pong,     MAXPARA, MSG_LAG, 0, 0, 0L},
+#else
   { MSG_PONG,    m_pong,     MAXPARA, MSG_LAG|MSG_REG, 0, 0, 0L},
+#endif
   { MSG_ERROR,   m_error,    MAXPARA, MSG_LAG|MSG_REG|MSG_NOU, 0, 0, 0L},
 #ifdef	OPER_KILL
   { MSG_KILL,    m_kill,     MAXPARA, MSG_LAG|MSG_REG|MSG_OP|MSG_LOP, 0,0, 0L},
diff -urN irc-cvs/common/send.c irc-cvs-nospoof/common/send.c
--- irc-cvs/common/send.c	Fri Feb  5 10:26:35 1999
+++ irc-cvs-nospoof/common/send.c	Tue Mar 16 12:45:56 1999
@@ -392,6 +392,9 @@
 			 NULL,
 # endif
 			 0, {0, 0, NULL }, {0, 0, NULL },
+#if defined(NOSPOOF)
+			 -1,
+#endif
 			 0, 0, 0, 0, 0, 0, 0, 0, 0, NULL, NULL, 0, NULL, 0
 # if defined(__STDC__)	/* hack around union{} initialization	-Vesa */
 			 ,{0}, NULL, "", ""
diff -urN irc-cvs/common/struct_def.h irc-cvs-nospoof/common/struct_def.h
--- irc-cvs/common/struct_def.h	Sun Mar 14 11:59:54 1999
+++ irc-cvs-nospoof/common/struct_def.h	Tue Mar 16 12:45:56 1999
@@ -432,6 +432,9 @@
 	short	lastsq;		/* # of 2k blocks when sendqueued called last*/
 	dbuf	sendQ;		/* Outgoing message queue--if socket full */
 	dbuf	recvQ;		/* Hold for data incoming yet to be parsed */
+#if defined(NOSPOOF)
+	u_long	cookie;		/* Random cookie local clients must PONG */
+#endif
 	long	sendM;		/* Statistics: protocol messages send */
 	long	sendK;		/* Statistics: total k-bytes send */
 	long	receiveM;	/* Statistics: protocol messages received */
diff -urN irc-cvs/ircd/ircd.c irc-cvs-nospoof/ircd/ircd.c
--- irc-cvs/ircd/ircd.c	Sun Mar 14 11:59:58 1999
+++ irc-cvs-nospoof/ircd/ircd.c	Tue Mar 16 12:45:56 1999
@@ -493,6 +493,22 @@
 			else
 			    {
 				cptr->exitc = EXITC_PING;
+#if defined(NOSPOOF)
+				if((!IsRegistered(cptr)) && (cptr->name) &&
+				   (cptr->username))
+				    {
+					sendto_one(cptr,
+	":%s %d %s :Your client may not be compatible with this server.",
+					me.name, ERR_BADPING, cptr->name);
+					/* Someone suggest a better
+					 * place? :) - Earthpig
+					 */
+					sendto_one(cptr,
+	":%s %d %s :Compatible clients are available at "
+	"ftp://yoyo.cc.monash.edu.au/pub/irc/clients/",
+					me.name, ERR_BADPING, cptr->name);
+				    }
+#endif
 				(void)exit_client(cptr, cptr, &me,
 						  "Ping timeout");
 			    }
diff -urN irc-cvs/ircd/list.c irc-cvs-nospoof/ircd/list.c
--- irc-cvs/ircd/list.c	Tue Dec 29 02:44:57 1998
+++ irc-cvs-nospoof/ircd/list.c	Tue Mar 16 12:45:56 1999
@@ -146,6 +146,9 @@
 	if (size == CLIENT_LOCAL_SIZE)
 	    {
 		cptr->since = cptr->lasttime = cptr->firsttime = timeofday;
+#if defined(NOSPOOF)
+		cptr->cookie = 0;
+#endif
 		cptr->confs = NULL;
 		cptr->sockhost[0] = '\0';
 		cptr->buffer[0] = '\0';
diff -urN irc-cvs/ircd/random.c irc-cvs-nospoof/ircd/random.c
--- irc-cvs/ircd/random.c	Thu Jan  1 10:00:00 1970
+++ irc-cvs-nospoof/ircd/random.c	Tue Mar 16 12:45:56 1999
@@ -0,0 +1,162 @@
+/************************************************************************
+ *   IRC - Internet Relay Chat, ircd/random.c
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 1, or (at your option)
+ *   any later version.
+ *
+ *   This program is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *   GNU General Public License for more details.
+ *
+ *   You should have received a copy of the GNU General Public License
+ *   along with this program; if not, write to the Free Software
+ *   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/time.h>
+#include "os.h"
+#include "s_defines.h"
+
+#ifdef NOSPOOF
+
+char localkey[8] = RANDOM_SEED;
+
+/*
+ * MD5 transform algorithm, taken from code written by Colin Plumb,
+ * and put into the public domain
+ *
+ * Kev: Taken from Ted T'so's /dev/random random.c code and modified to
+ * be slightly simpler.  That code is released under a BSD-style copyright
+ * OR under the terms of the GNU Public License, which should be included
+ * at the top of this source file.
+ *
+ * record: Cleaned up to work with ircd.  RANDOM_TOKEN is defined in
+ * setup.h by the make script; if people start to "guess" your cookies,
+ * consider recompiling your server with a different random token.
+ */
+
+/* The four core functions - F1 is optimized somewhat */
+
+#define F1(x, y, z) (z ^ (x & (y ^ z)))
+#define F2(x, y, z) F1(z, x, y)
+#define F3(x, y, z) (x ^ y ^ z)
+#define F4(x, y, z) (y ^ (x | ~z))
+
+/* This is the central step in the MD5 algorithm. */
+#define MD5STEP(f, w, x, y, z, data, s) \
+      ( w += f(x, y, z) + data,  w = w<<s | w>>(32-s),  w += x )
+
+/*
+ * The core of the MD5 algorithm, this alters an existing MD5 hash to
+ * reflect the addition of 16 longwords of new data.  MD5Update blocks
+ * the data and converts bytes into longwords for this routine.
+ *
+ * original comment left in; this used to be called MD5Transform and took
+ * two arguments; I've internalized those arguments, creating the character
+ * array "localkey," which should contain 8 bytes of data.  The function also
+ * originally returned nothing; now it returns an unsigned long that is the
+ * random number.  It appears to be reallyrandom, so... -Kev
+ *
+ * I don't really know what this does.  I tried to figure it out and got
+ * a headache.  If you know what's good for you, you'll leave this stuff
+ * for the smart people and do something else.                -record
+ */
+unsigned long ircrandom(void)
+{
+  unsigned long a, b, c, d;
+  unsigned char in[16];
+  struct timeval tv;
+
+  (void)gettimeofday(&tv, NULL);
+
+  (void)memcpy((void *)in, (void *)localkey, 8);
+  (void)memcpy((void *)(in+8), (void *)&tv.tv_sec, 4);
+  (void)memcpy((void *)(in+12), (void *)&tv.tv_usec, 4);
+
+  a = 0x67452301;
+  b = 0xefcdab89;
+  c = 0x98badcfe;
+  d = 0x10325476;
+
+  MD5STEP(F1, a, b, c, d, (long)in[ 0]+0xd76aa478,  7);
+  MD5STEP(F1, d, a, b, c, (long)in[ 1]+0xe8c7b756, 12);
+  MD5STEP(F1, c, d, a, b, (long)in[ 2]+0x242070db, 17);
+  MD5STEP(F1, b, c, d, a, (long)in[ 3]+0xc1bdceee, 22);
+  MD5STEP(F1, a, b, c, d, (long)in[ 4]+0xf57c0faf,  7);
+  MD5STEP(F1, d, a, b, c, (long)in[ 5]+0x4787c62a, 12);
+  MD5STEP(F1, c, d, a, b, (long)in[ 6]+0xa8304613, 17);
+  MD5STEP(F1, b, c, d, a, (long)in[ 7]+0xfd469501, 22);
+  MD5STEP(F1, a, b, c, d, (long)in[ 8]+0x698098d8,  7);
+  MD5STEP(F1, d, a, b, c, (long)in[ 9]+0x8b44f7af, 12);
+  MD5STEP(F1, c, d, a, b, (long)in[10]+0xffff5bb1, 17);
+  MD5STEP(F1, b, c, d, a, (long)in[11]+0x895cd7be, 22);
+  MD5STEP(F1, a, b, c, d, (long)in[12]+0x6b901122,  7);
+  MD5STEP(F1, d, a, b, c, (long)in[13]+0xfd987193, 12);
+  MD5STEP(F1, c, d, a, b, (long)in[14]+0xa679438e, 17);
+  MD5STEP(F1, b, c, d, a, (long)in[15]+0x49b40821, 22);
+
+  MD5STEP(F2, a, b, c, d, (long)in[ 1]+0xf61e2562,  5);
+  MD5STEP(F2, d, a, b, c, (long)in[ 6]+0xc040b340,  9);
+  MD5STEP(F2, c, d, a, b, (long)in[11]+0x265e5a51, 14);
+  MD5STEP(F2, b, c, d, a, (long)in[ 0]+0xe9b6c7aa, 20);
+  MD5STEP(F2, a, b, c, d, (long)in[ 5]+0xd62f105d,  5);
+  MD5STEP(F2, d, a, b, c, (long)in[10]+0x02441453,  9);
+  MD5STEP(F2, c, d, a, b, (long)in[15]+0xd8a1e681, 14);
+  MD5STEP(F2, b, c, d, a, (long)in[ 4]+0xe7d3fbc8, 20);
+  MD5STEP(F2, a, b, c, d, (long)in[ 9]+0x21e1cde6,  5);
+  MD5STEP(F2, d, a, b, c, (long)in[14]+0xc33707d6,  9);
+  MD5STEP(F2, c, d, a, b, (long)in[ 3]+0xf4d50d87, 14);
+  MD5STEP(F2, b, c, d, a, (long)in[ 8]+0x455a14ed, 20);
+  MD5STEP(F2, a, b, c, d, (long)in[13]+0xa9e3e905,  5);
+  MD5STEP(F2, d, a, b, c, (long)in[ 2]+0xfcefa3f8,  9);
+  MD5STEP(F2, c, d, a, b, (long)in[ 7]+0x676f02d9, 14);
+  MD5STEP(F2, b, c, d, a, (long)in[12]+0x8d2a4c8a, 20);
+
+  MD5STEP(F3, a, b, c, d, (long)in[ 5]+0xfffa3942,  4);
+  MD5STEP(F3, d, a, b, c, (long)in[ 8]+0x8771f681, 11);
+  MD5STEP(F3, c, d, a, b, (long)in[11]+0x6d9d6122, 16);
+  MD5STEP(F3, b, c, d, a, (long)in[14]+0xfde5380c, 23);
+  MD5STEP(F3, a, b, c, d, (long)in[ 1]+0xa4beea44,  4);
+  MD5STEP(F3, d, a, b, c, (long)in[ 4]+0x4bdecfa9, 11);
+  MD5STEP(F3, c, d, a, b, (long)in[ 7]+0xf6bb4b60, 16);
+  MD5STEP(F3, b, c, d, a, (long)in[10]+0xbebfbc70, 23);
+  MD5STEP(F3, a, b, c, d, (long)in[13]+0x289b7ec6,  4);
+  MD5STEP(F3, d, a, b, c, (long)in[ 0]+0xeaa127fa, 11);
+  MD5STEP(F3, c, d, a, b, (long)in[ 3]+0xd4ef3085, 16);
+  MD5STEP(F3, b, c, d, a, (long)in[ 6]+0x04881d05, 23);
+  MD5STEP(F3, a, b, c, d, (long)in[ 9]+0xd9d4d039,  4);
+  MD5STEP(F3, d, a, b, c, (long)in[12]+0xe6db99e5, 11);
+  MD5STEP(F3, c, d, a, b, (long)in[15]+0x1fa27cf8, 16);
+  MD5STEP(F3, b, c, d, a, (long)in[ 2]+0xc4ac5665, 23);
+
+  MD5STEP(F4, a, b, c, d, (long)in[ 0]+0xf4292244,  6);
+  MD5STEP(F4, d, a, b, c, (long)in[ 7]+0x432aff97, 10);
+  MD5STEP(F4, c, d, a, b, (long)in[14]+0xab9423a7, 15);
+  MD5STEP(F4, b, c, d, a, (long)in[ 5]+0xfc93a039, 21);
+  MD5STEP(F4, a, b, c, d, (long)in[12]+0x655b59c3,  6);
+  MD5STEP(F4, d, a, b, c, (long)in[ 3]+0x8f0ccc92, 10);
+  MD5STEP(F4, c, d, a, b, (long)in[10]+0xffeff47d, 15);
+  MD5STEP(F4, b, c, d, a, (long)in[ 1]+0x85845dd1, 21);
+  MD5STEP(F4, a, b, c, d, (long)in[ 8]+0x6fa87e4f,  6);
+  MD5STEP(F4, d, a, b, c, (long)in[15]+0xfe2ce6e0, 10);
+  MD5STEP(F4, c, d, a, b, (long)in[ 6]+0xa3014314, 15);
+  MD5STEP(F4, b, c, d, a, (long)in[13]+0x4e0811a1, 21);
+  MD5STEP(F4, a, b, c, d, (long)in[ 4]+0xf7537e82,  6);
+  MD5STEP(F4, d, a, b, c, (long)in[11]+0xbd3af235, 10);
+  MD5STEP(F4, c, d, a, b, (long)in[ 2]+0x2ad7d2bb, 15);
+  MD5STEP(F4, b, c, d, a, (long)in[ 9]+0xeb86d391, 21);
+
+  /*
+   * we have 4 unsigned longs generated by the above sequence; this scrambles
+   * them together so that if there is any pattern, it will be obscured.
+   */
+  return (a ^ b ^ c ^ d);
+}
+
+#endif
diff -urN irc-cvs/ircd/s_debug.c irc-cvs-nospoof/ircd/s_debug.c
--- irc-cvs/ircd/s_debug.c	Fri Feb  5 10:44:16 1999
+++ irc-cvs-nospoof/ircd/s_debug.c	Tue Mar 16 12:45:56 1999
@@ -148,6 +148,9 @@
 #ifdef INET6
 '6',
 #endif
+#if defined(NOSPOOF)
+'*',
+#endif
 '\0'};
 
 #ifdef DEBUGMODE
@@ -344,7 +347,7 @@
 	sendto_one(cptr, ":%s %d %s :BS:%d MXR:%d MXB:%d MXBL:%d PY:%d",
 		   ME, RPL_STATSDEFINE, nick, BUFSIZE, MAXRECIPIENTS, MAXBANS,
 		   MAXBANLENGTH, MAXPENALTY);
-	sendto_one(cptr, ":%s %d %s :ZL:%d CM:%d CP:%d",
+	sendto_one(cptr, ":%s %d %s :ZL:%d CM:%d CP:%d NS:%s",
 		   ME, RPL_STATSDEFINE, nick,
 #ifdef	ZIP_LINKS
 		   ZIP_LEVEL,
@@ -352,9 +355,14 @@
 		   -1,
 #endif
 #ifdef	CLONE_CHECK
-		   CLONE_MAX, CLONE_PERIOD
+		   CLONE_MAX, CLONE_PERIOD,
+#else
+		   -1, -1,
+#endif
+#if defined(NOSPOOF)
+		   "yes"
 #else
-		   -1, -1
+		   "no"
 #endif
 		   );
 }
diff -urN irc-cvs/ircd/s_err.c irc-cvs-nospoof/ircd/s_err.c
--- irc-cvs/ircd/s_err.c	Sun Feb 28 02:45:29 1999
+++ irc-cvs-nospoof/ircd/s_err.c	Tue Mar 16 12:45:56 1999
@@ -162,6 +162,19 @@
                 { 0, (char *)NULL },
 /* 501 */	{ ERR_UMODEUNKNOWNFLAG, ":Unknown MODE flag" },
 /* 502 */	{ ERR_USERSDONTMATCH, ":Can't change mode for other users" },
+#if defined(NOSPOOF)
+                { 0, (char *)NULL },
+                { 0, (char *)NULL },
+                { 0, (char *)NULL },
+                { 0, (char *)NULL },
+                { 0, (char *)NULL },
+                { 0, (char *)NULL },
+                { 0, (char *)NULL },
+                { 0, (char *)NULL },
+                { 0, (char *)NULL },
+                { 0, (char *)NULL },
+/* 513 */	{ ERR_BADPING, (char *)NULL },
+#endif
 		{ 0, (char *)NULL }
 };
 
diff -urN irc-cvs/ircd/s_user.c irc-cvs-nospoof/ircd/s_user.c
--- irc-cvs/ircd/s_user.c	Tue Mar 16 12:32:51 1999
+++ irc-cvs-nospoof/ircd/s_user.c	Tue Mar 16 12:51:41 1999
@@ -335,9 +335,9 @@
 
 /*
 ** register_user
-**	This function is called when both NICK and USER messages
-**	have been accepted for the client, in whatever order. Only
-**	after this the USER message is propagated.
+**	This function is called when both NICK and USER [and maybe PONG]
+**	messages have been accepted for the client, in whatever order.
+**	Only after this the USER message is propagated.
 **
 **	NICK's must be propagated at once when received, although
 **	it would be better to delay them too until full info is
@@ -1007,9 +1007,30 @@
 
 		/* This had to be copied here to avoid problems.. */
 		(void)strcpy(sptr->name, nick);
+#if defined(NOSPOOF)
+		/* If the client hasn't gotten a cookie-ping yet,
+		   choose a cookie and send it. -record!jegelhof@cloud9.net */
+
+		if (!sptr->cookie)
+		    {
+			while((!sptr->cookie) || (sptr->cookie==-1))
+				sptr->cookie=(ircrandom());
+			sendto_one(cptr, "PING :%lu", sptr->cookie);
+			sendto_one(sptr,
+	":%s %d %s :If your client freezes here, type /QUOTE PONG %lu "
+	"or /PONG %lu ",
+			me.name, ERR_BADPING, sptr->name,
+			sptr->cookie, sptr->cookie);
+		    }
+
+		if ((sptr->user) && (sptr->cookie==-1))
+		{
+#else
 		if (sptr->user)
+#endif
 			/*
-			** USER already received, now we have NICK.
+			** USER [and possibly PONG] already received,
+			** now we have NICK.
 			** *NOTE* For servers "NICK" *must* precede the
 			** user message (giving USER before NICK is possible
 			** only for local client connection!). register_user
@@ -1020,6 +1041,9 @@
 					  sptr->user->username)
 			    == FLUSH_BUFFER)
 				return FLUSH_BUFFER;
+#if defined(NOSPOOF)
+		}
+#endif
 	    }
 	/*
 	**  Finally set new nick name.
@@ -1849,7 +1873,12 @@
 	if (strlen(realname) > REALLEN)
 		realname[REALLEN] = '\0';
 	sptr->info = mystrdup(realname);
-	if (sptr->name[0]) /* NICK already received, now we have USER... */
+	if ((sptr->name[0])
+#if defined(NOSPOOF)
+	    && (!MyConnect(sptr) || (sptr->cookie==-1))
+#endif
+	    )
+	    /* NICK already received, now we have USER... */
 	    {
 		if ((parc == 6) && IsServer(cptr)) /* internal m_user() */
 		    {
@@ -2222,7 +2251,32 @@
 	aClient *acptr;
 	char	*origin, *destination;
 
-	if (parc < 2 || *parv[1] == '\0')
+#if defined(NOSPOOF)
+	/* Check to see if this is a PONG :cookie reply from an
+	   unregistered user.  If so, process it. -record       */
+
+	if((!IsRegistered(sptr)) && (sptr->cookie!=0) &&
+	   (sptr->cookie!=-1) && (parc>1))
+	    {
+		if(strtoul(parv[parc-1],NULL,10)==sptr->cookie)
+		    {
+			sptr->cookie=-1;
+			if((sptr->user) && (sptr->name[0]))
+				/* NICK and USER OK */
+				return register_user(cptr, sptr, sptr->name,
+						     sptr->user->username);
+		    }
+		else
+			sendto_one(sptr,
+	":%s %d %s :To connect, type /QUOTE PONG %lu or /PONG %lu",
+				   me.name, ERR_BADPING, sptr->name,
+				   sptr->cookie, sptr->cookie);
+
+		return 1;
+	    }
+#endif
+
+ 	if (parc < 2 || *parv[1] == '\0')
 	    {
 		sendto_one(sptr, replies[ERR_NOORIGIN], ME, BadTo(parv[0]));
 		return 1;
diff -urN irc-cvs/support/Makefile.in irc-cvs-nospoof/support/Makefile.in
--- irc-cvs/support/Makefile.in	Fri Mar 12 20:06:00 1999
+++ irc-cvs-nospoof/support/Makefile.in	Tue Mar 16 12:47:37 1999
@@ -153,7 +153,7 @@
 SERVER_OBJS = channel.o class.o hash.o ircd.o list.o res.o s_auth.o \
               s_bsd.o s_conf.o s_debug.o s_err.o s_id.o s_misc.o s_numeric.o \
               s_serv.o s_service.o s_user.o s_zip.o whowas.o \
-              res_init.o res_comp.o res_mkquery.o
+              res_init.o res_comp.o res_mkquery.o random.o
 
 IAUTH_COMMON_OBJS = clsupport.o clmatch.o # This is a little evil
 IAUTH_OBJS = iauth.o a_conf.o a_io.o a_log.o \
@@ -431,6 +431,9 @@
 
 res_mkquery.o: ../ircd/res_mkquery.c setup.h config.h
 	$(CC) $(S_CFLAGS) -c -o $@ ../ircd/res_mkquery.c
+
+random.o: ../ircd/random.c setup.h config.h
+	$(CC) $(S_CFLAGS) -c -o $@ ../ircd/random.c
 
 iauth.o: ../iauth/iauth.c config.h setup.h
 	$(CC) $(A_CFLAGS) -c -o $@ ../iauth/iauth.c
diff -urN irc-cvs/support/config.h.dist irc-cvs-nospoof/support/config.h.dist
--- irc-cvs/support/config.h.dist	Mon Feb 22 10:41:32 1999
+++ irc-cvs-nospoof/support/config.h.dist	Tue Mar 16 12:45:57 1999
@@ -374,6 +374,30 @@
  */
 #undef	CLONE_CHECK
 
+/* Define this to turn on code that enables a PING/PONG cookies sequence
+ * whenever a client connects. The purpose of this is to prevent IP
+ * spoofing (normally based on predicting TCP/IP sequence numbers).
+ * This breaks the RFC slightly, but so far only one (old) client has
+ * been encountered that breaks. There's a small overhead if you define
+ * it, but it's essential for older BSD-based (or any other) TCP/IP
+ * stacks with predictable sequence numbers.
+ */
+
+#undef	NOSPOOF
+
+/* Random number generator seed -- used for cookies if NOSPOOF is
+ * defined.
+ *
+ * Set this to an 8 character random text string.
+ * Do _NOT_ use the default text.
+ * If people are able to defeat the IP-spoofing protection on your
+ * server, please consider changing this value and recompiling.
+ */
+
+#if defined(NOSPOOF)
+#define	RANDOM_SEED "ChangeMe"
+#endif
+
 /*   STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP  */
 /*   STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP  */
 /*   STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP  */