Archive:Ways around an IRC block

From FreeCulture.org
(Redirected from Ways around an IRC block)
Jump to: navigation, search

Some ISPs attempt to block access to IRC. This is mostly common on school networks, which generally block IRC because it can be used for sharing files. This is troubling to free culture advocates, since IRC is also widely used for non-infringing (and even socially beneficial) purposes.

This page discusses methods of blocking IRC as well as circumvention strategies. The last -- simply asking the network administrators for access, and why IRC was blocked in the first places -- may be less trouble than other methods, and runs less risk of violating your provider's Acceptable Use Policy. It is also a good opportunity as a free culture advocate to discuss your concerns with shutting down communications tools simply because they can be used for copyright infringement.

Circumventing an IRC block

There are multiple ways to block IRC. Which ones are used depends on how lazy the sysadmins putting the block in place are.

  • Method: The first, easiest to implement, and easiest to circumvent is to block port 6667. This is the default IRC port, and blocking it will stop the most casual of users.
    Circumvention: Use a different port. Which port(s) you can use depends on the server. Many support connecting on other ports. If the server does not, then you may need to find a proxy of some sort, as discussed below.
  • Method: The next method is host blocking, where the admins go through and block the IPs or hostnames of IRC servers individually. Obviously, the admins cannot block all servers this way, but they can block enough.
    Circumvention: There are several ways to circumvent this, all one sort or another of proxying. First, you could use a web proxy in order to gain access to a CGI client. There are plenty of both out there. Actually, you could just using a webclient, but chances are good that those will be blocked too. Second, tunnel through something else. If you have SSH access to a computer outside the blocking, you can use that to gain access. You could use telnet the same way. Third, use a proxying program. There are lots of these out there, Triangle Boy and Peekabooty come to mind.
  • Method: A more advanced method is packet analysis. This is where the firewall servers examine each packet that goes through them. If they find that it fits the parameters they have defined for IRC, then it gets blocked. This can be a fairly effective method, but it is not without weaknesses.
    Circumvention: To get around this, changing port numbers usually will not work. A webclient is more likely to work, assuming that those are not blocked. The most likely was to get around this, though, is using an encrypted proxy. The encryption is important: without it, the packets may be detected as IRC and blocked anyway.

Circumvention Methods

These are methods to try, in ascending order. Please note that these require an appreciable bit of technical knowledge.

  1. Try using a different port. You should look at the websites of the network to find out what ports you can connect on. Some servers may not allow connections on other ports, in which case you need to try the next method.
  2. Try a CGI or Java client. Many networks have them, and there are ones out there that allow you to connect to an IRC server of your choice. Depending on how the client is made, it may actually function by tunnelling everything through the connection to the webserver.
  3. Try tunneling. If you have a shell account somewhere, try that. Heck, if your university gives you a shell account, try that first. The admins blocking IRC from the dorms may not be the same ones controlling the shell servers. Make the bureacracy work for you. You might be able to get a friend outside the firewall to set one up for you.
    • Something like
      ssh -f -N -L 23456:irc.freenode.net:6667 server.ihavea.shellaccount.on &
      works well. After running that command, tell your IRC client to connect to localhost on port 23456 and it will actually connect to irc.freenode.net over an encrypted connection.
  4. Try proxying. The only program that can be found easily at the time of writing, is six/four.
  5. If all else fails, talk to the admins personally. Chances are good they spend time on IRC, or have in the past. Chances are also good that, if you phrase the request correctly, they may be willing to poke a hole in the firewall for you. Just don't tell them that this is your last resort. Try to 'speak their language', as it were. Be Geek Like Them.

See also