path: root/contrib/antispoof.diff

diff -urN irc-cvs/common/numeric_def.h irc-cvs-nospoof/common/numeric_def.h
--- irc-cvs/common/numeric_def.h	Wed Jan 20 12:28:46 1999
+++ irc-cvs-nospoof/common/numeric_def.h	Tue Mar 16 12:45:56 1999
@@ -198,6 +198,10 @@
 #define ERR_UMODEUNKNOWNFLAG 501
 #define ERR_USERSDONTMATCH   502
 
+#if defined(NOSPOOF)
+#define ERR_BADPING          513
+#endif
+
 /*
  * Numberic replies from server commands.
  * These are currently in the range 200-399.
diff -urN irc-cvs/common/parse.c irc-cvs-nospoof/common/parse.c
--- irc-cvs/common/parse.c	Tue Dec 29 02:44:57 1998
+++ irc-cvs-nospoof/common/parse.c	Tue Mar 16 12:45:56 1999
@@ -56,7 +56,11 @@
   { MSG_INVITE,  m_invite,   MAXPARA, MSG_LAG|MSG_REGU, 0, 0, 0L},
   { MSG_WALLOPS, m_wallops,  MAXPARA, MSG_LAG|MSG_REG|MSG_NOU, 0, 0, 0L},
   { MSG_PING,    m_ping,     MAXPARA, MSG_LAG|MSG_REG, 0, 0, 0L},
+#if defined(NOSPOOF)
+  { MSG_PONG,    m_pong,     MAXPARA, MSG_LAG, 0, 0, 0L},
+#else
   { MSG_PONG,    m_pong,     MAXPARA, MSG_LAG|MSG_REG, 0, 0, 0L},
+#endif
   { MSG_ERROR,   m_error,    MAXPARA, MSG_LAG|MSG_REG|MSG_NOU, 0, 0, 0L},
 #ifdef	OPER_KILL
   { MSG_KILL,    m_kill,     MAXPARA, MSG_LAG|MSG_REG|MSG_OP|MSG_LOP, 0,0, 0L},
diff -urN irc-cvs/common/send.c irc-cvs-nospoof/common/send.c
--- irc-cvs/common/send.c	Fri Feb  5 10:26:35 1999
+++ irc-cvs-nospoof/common/send.c	Tue Mar 16 12:45:56 1999
@@ -392,6 +392,9 @@
 			 NULL,
 # endif
 			 0, {0, 0, NULL }, {0, 0, NULL },
+#if defined(NOSPOOF)
+			 -1,
+#endif
 			 0, 0, 0, 0, 0, 0, 0, 0, 0, NULL, NULL, 0, NULL, 0
 # if defined(__STDC__)	/* hack around union{} initialization	-Vesa */
 			 ,{0}, NULL, "", ""
diff -urN irc-cvs/common/struct_def.h irc-cvs-nospoof/common/struct_def.h
--- irc-cvs/common/struct_def.h	Sun Mar 14 11:59:54 1999
+++ irc-cvs-nospoof/common/struct_def.h	Tue Mar 16 12:45:56 1999
@@ -432,6 +432,9 @@
 	short	lastsq;		/* # of 2k blocks when sendqueued called last*/
 	dbuf	sendQ;		/* Outgoing message queue--if socket full */
 	dbuf	recvQ;		/* Hold for data incoming yet to be parsed */
+#if defined(NOSPOOF)
+	u_long	cookie;		/* Random cookie local clients must PONG */
+#endif
 	long	sendM;		/* Statistics: protocol messages send */
 	long	sendK;		/* Statistics: total k-bytes send */
 	long	receiveM;	/* Statistics: protocol messages received */
diff -urN irc-cvs/ircd/ircd.c irc-cvs-nospoof/ircd/ircd.c
--- irc-cvs/ircd/ircd.c	Sun Mar 14 11:59:58 1999
+++ irc-cvs-nospoof/ircd/ircd.c	Tue Mar 16 12:45:56 1999
@@ -493,6 +493,22 @@
 			else
 			    {
 				cptr->exitc = EXITC_PING;
+#if defined(NOSPOOF)
+				if((!IsRegistered(cptr)) && (cptr->name) &&
+				   (cptr->username))
+				    {
+					sendto_one(cptr,
+	":%s %d %s :Your client may not be compatible with this server.",
+					me.name, ERR_BADPING, cptr->name);
+					/* Someone suggest a better
+					 * place? :) - Earthpig
+					 */
+					sendto_one(cptr,
+	":%s %d %s :Compatible clients are available at "
+	"ftp://yoyo.cc.monash.edu.au/pub/irc/clients/",
+					me.name, ERR_BADPING, cptr->name);
+				    }
+#endif
 				(void)exit_client(cptr, cptr, &me,
 						  "Ping timeout");
 			    }
diff -urN irc-cvs/ircd/list.c irc-cvs-nospoof/ircd/list.c
--- irc-cvs/ircd/list.c	Tue Dec 29 02:44:57 1998
+++ irc-cvs-nospoof/ircd/list.c	Tue Mar 16 12:45:56 1999
@@ -146,6 +146,9 @@
 	if (size == CLIENT_LOCAL_SIZE)
 	    {
 		cptr->since = cptr->lasttime = cptr->firsttime = timeofday;
+#if defined(NOSPOOF)
+		cptr->cookie = 0;
+#endif
 		cptr->confs = NULL;
 		cptr->sockhost[0] = '\0';
 		cptr->buffer[0] = '\0';
diff -urN irc-cvs/ircd/random.c irc-cvs-nospoof/ircd/random.c
--- irc-cvs/ircd/random.c	Thu Jan  1 10:00:00 1970
+++ irc-cvs-nospoof/ircd/random.c	Tue Mar 16 12:45:56 1999
@@ -0,0 +1,162 @@
+/************************************************************************
+ *   IRC - Internet Relay Chat, ircd/random.c
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 1, or (at your option)
+ *   any later version.
+ *
+ *   This program is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *   GNU General Public License for more details.
+ *
+ *   You should have received a copy of the GNU General Public License
+ *   along with this program; if not, write to the Free Software
+ *   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/time.h>
+#include "os.h"
+#include "s_defines.h"
+
+#ifdef NOSPOOF
+
+char localkey[8] = RANDOM_SEED;
+
+/*
+ * MD5 transform algorithm, taken from code written by Colin Plumb,
+ * and put into the public domain
+ *
+ * Kev: Taken from Ted T'so's /dev/random random.c code and modified to
+ * be slightly simpler.  That code is released under a BSD-style copyright
+ * OR under the terms of the GNU Public License, which should be included
+ * at the top of this source file.
+ *
+ * record: Cleaned up to work with ircd.  RANDOM_TOKEN is defined in
+ * setup.h by the make script; if people start to "guess" your cookies,
+ * consider recompiling your server with a different random token.
+ */
+
+/* The four core functions - F1 is optimized somewhat */
+
+#define F1(x, y, z) (z ^ (x & (y ^ z)))
+#define F2(x, y, z) F1(z, x, y)
+#define F3(x, y, z) (x ^ y ^ z)
+#define F4(x, y, z) (y ^ (x | ~z))
+
+/* This is the central step in the MD5 algorithm. */
+#define MD5STEP(f, w, x, y, z, data, s) \
+      ( w += f(x, y, z) + data,  w = w<<s | w>>(32-s),  w += x )
+
+/*
+ * The core of the MD5 algorithm, this alters an existing MD5 hash to
+ * reflect the addition of 16 longwords of new data.  MD5Update blocks
+ * the data and converts bytes into longwords for this routine.
+ *
+ * original comment left in; this used to be called MD5Transform and took
+ * two arguments; I've internalized those arguments, creating the character
+ * array "localkey," which should contain 8 bytes of data.  The function also
+ * originally returned nothing; now it returns an unsigned long that is the
+ * random number.  It appears to be reallyrandom, so... -Kev
+ *
+ * I don't really know what this does.  I tried to figure it out and got
+ * a headache.  If you know what's good for you, you'll leave this stuff
+ * for the smart people and do something else.                -record
+ */
+unsigned long ircrandom(void)
+{
+  unsigned long a, b, c, d;
+  unsigned char in[16];
+  struct timeval tv;
+
+  (void)gettimeofday(&tv, NULL);
+
+  (void)memcpy((void *)in, (void *)localkey, 8);
+  (void)memcpy((void *)(in+8), (void *)&tv.tv_sec, 4);
+  (void)memcpy((void *)(in+12), (void *)&tv.tv_usec, 4);
+
+  a = 0x67452301;
+  b = 0xefcdab89;
+  c = 0x98badcfe;
+  d = 0x10325476;
+
+  MD5STEP(F1, a, b, c, d, (long)in[ 0]+0xd76aa478,  7);
+  MD5STEP(F1, d, a, b, c, (long)in[ 1]+0xe8c7b756, 12);
+  MD5STEP(F1, c, d, a, b, (long)in[ 2]+0x242070db, 17);
+  MD5STEP(F1, b, c, d, a, (long)in[ 3]+0xc1bdceee, 22);
+  MD5STEP(F1, a, b, c, d, (long)in[ 4]+0xf57c0faf,  7);
+  MD5STEP(F1, d, a, b, c, (long)in[ 5]+0x4787c62a, 12);
+  MD5STEP(F1, c, d, a, b, (long)in[ 6]+0xa8304613, 17);
+  MD5STEP(F1, b, c, d, a, (long)in[ 7]+0xfd469501, 22);
+  MD5STEP(F1, a, b, c, d, (long)in[ 8]+0x698098d8,  7);
+  MD5STEP(F1, d, a, b, c, (long)in[ 9]+0x8b44f7af, 12);
+  MD5STEP(F1, c, d, a, b, (long)in[10]+0xffff5bb1, 17);
+  MD5STEP(F1, b, c, d, a, (long)in[11]+0x895cd7be, 22);
+  MD5STEP(F1, a, b, c, d, (long)in[12]+0x6b901122,  7);
+  MD5STEP(F1, d, a, b, c, (long)in[13]+0xfd987193, 12);
+  MD5STEP(F1, c, d, a, b, (long)in[14]+0xa679438e, 17);
+  MD5STEP(F1, b, c, d, a, (long)in[15]+0x49b40821, 22);
+
+  MD5STEP(F2, a, b, c, d, (long)in[ 1]+0xf61e2562,  5);
+  MD5STEP(F2, d, a, b, c, (long)in[ 6]+0xc040b340,  9);
+  MD5STEP(F2, c, d, a, b, (long)in[11]+0x265e5a51, 14);
+  MD5STEP(F2, b, c, d, a, (long)in[ 0]+0xe9b6c7aa, 20);
+  MD5STEP(F2, a, b, c, d, (long)in[ 5]+0xd62f105d,  5);
+  MD5STEP(F2, d, a, b, c, (long)in[10]+0x02441453,  9);
+  MD5STEP(F2, c, d, a, b, (long)in[15]+0xd8a1e681, 14);
+  MD5STEP(F2, b, c, d, a, (long)in[ 4]+0xe7d3fbc8, 20);
+  MD5STEP(F2, a, b, c, d, (long)in[ 9]+0x21e1cde6,  5);
+  MD5STEP(F2, d, a, b, c, (long)in[14]+0xc33707d6,  9);
+  MD5STEP(F2, c, d, a, b, (long)in[ 3]+0xf4d50d87, 14);
+  MD5STEP(F2, b, c, d, a, (long)in[ 8]+0x455a14ed, 20);
+  MD5STEP(F2, a, b, c, d, (long)in[13]+0xa9e3e905,  5);
+  MD5STEP(F2, d, a, b, c, (long)in[ 2]+0xfcefa3f8,  9);
+  MD5STEP(F2, c, d, a, b, (long)in[ 7]+0x676f02d9, 14);
+  MD5STEP(F2, b, c, d, a, (long)in[12]+0x8d2a4c8a, 20);
+
+  MD5STEP(F3, a, b, c, d, (long)in[ 5]+0xfffa3942,  4);
+  MD5STEP(F3, d, a, b, c, (long)in[ 8]+0x8771f681, 11);
+  MD5STEP(F3, c, d, a, b, (long)in[11]+0x6d9d6122, 16);
+  MD5STEP(F3, b, c, d, a, (long)in[14]+0xfde5380c, 23);
+  MD5STEP(F3, a, b, c, d, (long)in[ 1]+0xa4beea44,  4);
+  MD5STEP(F3, d, a, b, c, (long)in[ 4]+0x4bdecfa9, 11);
+  MD5STEP(F3, c, d, a, b, (long)in[ 7]+0xf6bb4b60, 16);
+  MD5STEP(F3, b, c, d, a, (long)in[10]+0xbebfbc70, 23);
+  MD5STEP(F3, a, b, c, d, (long)in[13]+0x289b7ec6,  4);
+  MD5STEP(F3, d, a, b, c, (long)in[ 0]+0xeaa127fa, 11);
+  MD5STEP(F3, c, d, a, b, (long)in[ 3]+0xd4ef3085, 16);
+  MD5STEP(F3, b, c, d, a, (long)in[ 6]+0x04881d05, 23);
+  MD5STEP(F3, a, b, c, d, (long)in[ 9]+0xd9d4d039,  4);
+  MD5STEP(F3, d, a, b, c, (long)in[12]+0xe6db99e5, 11);
+  MD5STEP(F3, c, d, a, b, (long)in[15]+0x1fa27cf8, 16);
+  MD5STEP(F3, b, c, d, a, (long)in[ 2]+0xc4ac5665, 23);
+
+  MD5STEP(F4, a, b, c, d, (long)in[ 0]+0xf4292244,  6);
+  MD5STEP(F4, d, a, b, c, (long)in[ 7]+0x432aff97, 10);
+  MD5STEP(F4, c, d, a, b, (long)in[14]+0xab9423a7, 15);
+  MD5STEP(F4, b, c, d, a, (long)in[ 5]+0xfc93a039, 21);
+  MD5STEP(F4, a, b, c, d, (long)in[12]+0x655b59c3,  6);
+  MD5STEP(F4, d, a, b, c, (long)in[ 3]+0x8f0ccc92, 10);
+  MD5STEP(F4, c, d, a, b, (long)in[10]+0xffeff47d, 15);
+  MD5STEP(F4, b, c, d, a, (long)in[ 1]+0x85845dd1, 21);
+  MD5STEP(F4, a, b, c, d, (long)in[ 8]+0x6fa87e4f,  6);
+  MD5STEP(F4, d, a, b, c, (long)in[15]+0xfe2ce6e0, 10);
+  MD5STEP(F4, c, d, a, b, (long)in[ 6]+0xa3014314, 15);
+  MD5STEP(F4, b, c, d, a, (long)in[13]+0x4e0811a1, 21);
+  MD5STEP(F4, a, b, c, d, (long)in[ 4]+0xf7537e82,  6);
+  MD5STEP(F4, d, a, b, c, (long)in[11]+0xbd3af235, 10);
+  MD5STEP(F4, c, d, a, b, (long)in[ 2]+0x2ad7d2bb, 15);
+  MD5STEP(F4, b, c, d, a, (long)in[ 9]+0xeb86d391, 21);
+
+  /*
+   * we have 4 unsigned longs generated by the above sequence; this scrambles
+   * them together so that if there is any pattern, it will be obscured.
+   */
+  return (a ^ b ^ c ^ d);
+}
+
+#endif
diff -urN irc-cvs/ircd/s_debug.c irc-cvs-nospoof/ircd/s_debug.c
--- irc-cvs/ircd/s_debug.c	Fri Feb  5 10:44:16 1999
+++ irc-cvs-nospoof/ircd/s_debug.c	Tue Mar 16 12:45:56 1999
@@ -148,6 +148,9 @@
 #ifdef INET6
 '6',
 #endif
+#if defined(NOSPOOF)
+'*',
+#endif
 '\0'};
 
 #ifdef DEBUGMODE
@@ -344,7 +347,7 @@
 	sendto_one(cptr, ":%s %d %s :BS:%d MXR:%d MXB:%d MXBL:%d PY:%d",
 		   ME, RPL_STATSDEFINE, nick, BUFSIZE, MAXRECIPIENTS, MAXBANS,
 		   MAXBANLENGTH, MAXPENALTY);
-	sendto_one(cptr, ":%s %d %s :ZL:%d CM:%d CP:%d",
+	sendto_one(cptr, ":%s %d %s :ZL:%d CM:%d CP:%d NS:%s",
 		   ME, RPL_STATSDEFINE, nick,
 #ifdef	ZIP_LINKS
 		   ZIP_LEVEL,
@@ -352,9 +355,14 @@
 		   -1,
 #endif
 #ifdef	CLONE_CHECK
-		   CLONE_MAX, CLONE_PERIOD
+		   CLONE_MAX, CLONE_PERIOD,
+#else
+		   -1, -1,
+#endif
+#if defined(NOSPOOF)
+		   "yes"
 #else
-		   -1, -1
+		   "no"
 #endif
 		   );
 }
diff -urN irc-cvs/ircd/s_err.c irc-cvs-nospoof/ircd/s_err.c
--- irc-cvs/ircd/s_err.c	Sun Feb 28 02:45:29 1999
+++ irc-cvs-nospoof/ircd/s_err.c	Tue Mar 16 12:45:56 1999
@@ -162,6 +162,19 @@
                 { 0, (char *)NULL },
 /* 501 */	{ ERR_UMODEUNKNOWNFLAG, ":Unknown MODE flag" },
 /* 502 */	{ ERR_USERSDONTMATCH, ":Can't change mode for other users" },
+#if defined(NOSPOOF)
+                { 0, (char *)NULL },
+                { 0, (char *)NULL },
+                { 0, (char *)NULL },
+                { 0, (char *)NULL },
+                { 0, (char *)NULL },
+                { 0, (char *)NULL },
+                { 0, (char *)NULL },
+                { 0, (char *)NULL },
+                { 0, (char *)NULL },
+                { 0, (char *)NULL },
+/* 513 */	{ ERR_BADPING, (char *)NULL },
+#endif
 		{ 0, (char *)NULL }
 };
 
diff -urN irc-cvs/ircd/s_user.c irc-cvs-nospoof/ircd/s_user.c
--- irc-cvs/ircd/s_user.c	Tue Mar 16 12:32:51 1999
+++ irc-cvs-nospoof/ircd/s_user.c	Tue Mar 16 12:51:41 1999
@@ -335,9 +335,9 @@
 
 /*
 ** register_user
-**	This function is called when both NICK and USER messages
-**	have been accepted for the client, in whatever order. Only
-**	after this the USER message is propagated.
+**	This function is called when both NICK and USER [and maybe PONG]
+**	messages have been accepted for the client, in whatever order.
+**	Only after this the USER message is propagated.
 **
 **	NICK's must be propagated at once when received, although
 **	it would be better to delay them too until full info is
@@ -1007,9 +1007,30 @@
 
 		/* This had to be copied here to avoid problems.. */
 		(void)strcpy(sptr->name, nick);
+#if defined(NOSPOOF)
+		/* If the client hasn't gotten a cookie-ping yet,
+		   choose a cookie and send it. -record!jegelhof@cloud9.net */
+
+		if (!sptr->cookie)
+		    {
+			while((!sptr->cookie) || (sptr->cookie==-1))
+				sptr->cookie=(ircrandom());
+			sendto_one(cptr, "PING :%lu", sptr->cookie);
+			sendto_one(sptr,
+	":%s %d %s :If your client freezes here, type /QUOTE PONG %lu "
+	"or /PONG %lu ",
+			me.name, ERR_BADPING, sptr->name,
+			sptr->cookie, sptr->cookie);
+		    }
+
+		if ((sptr->user) && (sptr->cookie==-1))
+		{
+#else
 		if (sptr->user)
+#endif
 			/*
-			** USER already received, now we have NICK.
+			** USER [and possibly PONG] already received,
+			** now we have NICK.
 			** *NOTE* For servers "NICK" *must* precede the
 			** user message (giving USER before NICK is possible
 			** only for local client connection!). register_user
@@ -1020,6 +1041,9 @@
 					  sptr->user->username)
 			    == FLUSH_BUFFER)
 				return FLUSH_BUFFER;
+#if defined(NOSPOOF)
+		}
+#endif
 	    }
 	/*
 	**  Finally set new nick name.
@@ -1849,7 +1873,12 @@
 	if (strlen(realname) > REALLEN)
 		realname[REALLEN] = '\0';
 	sptr->info = mystrdup(realname);
-	if (sptr->name[0]) /* NICK already received, now we have USER... */
+	if ((sptr->name[0])
+#if defined(NOSPOOF)
+	    && (!MyConnect(sptr) || (sptr->cookie==-1))
+#endif
+	    )
+	    /* NICK already received, now we have USER... */
 	    {
 		if ((parc == 6) && IsServer(cptr)) /* internal m_user() */
 		    {
@@ -2222,7 +2251,32 @@
 	aClient *acptr;
 	char	*origin, *destination;
 
-	if (parc < 2 || *parv[1] == '\0')
+#if defined(NOSPOOF)
+	/* Check to see if this is a PONG :cookie reply from an
+	   unregistered user.  If so, process it. -record       */
+
+	if((!IsRegistered(sptr)) && (sptr->cookie!=0) &&
+	   (sptr->cookie!=-1) && (parc>1))
+	    {
+		if(strtoul(parv[parc-1],NULL,10)==sptr->cookie)
+		    {
+			sptr->cookie=-1;
+			if((sptr->user) && (sptr->name[0]))
+				/* NICK and USER OK */
+				return register_user(cptr, sptr, sptr->name,
+						     sptr->user->username);
+		    }
+		else
+			sendto_one(sptr,
+	":%s %d %s :To connect, type /QUOTE PONG %lu or /PONG %lu",
+				   me.name, ERR_BADPING, sptr->name,
+				   sptr->cookie, sptr->cookie);
+
+		return 1;
+	    }
+#endif
+
+ 	if (parc < 2 || *parv[1] == '\0')
 	    {
 		sendto_one(sptr, err_str(ERR_NOORIGIN, parv[0]));
 		return 1;
diff -urN irc-cvs/support/Makefile.in irc-cvs-nospoof/support/Makefile.in
--- irc-cvs/support/Makefile.in	Fri Mar 12 20:06:00 1999
+++ irc-cvs-nospoof/support/Makefile.in	Tue Mar 16 12:47:37 1999
@@ -153,7 +153,7 @@
 SERVER_OBJS = channel.o class.o hash.o ircd.o list.o res.o s_auth.o \
               s_bsd.o s_conf.o s_debug.o s_err.o s_id.o s_misc.o s_numeric.o \
               s_serv.o s_service.o s_user.o s_zip.o whowas.o \
-              res_init.o res_comp.o res_mkquery.o
+              res_init.o res_comp.o res_mkquery.o random.o
 
 IAUTH_COMMON_OBJS = clsupport.o clmatch.o # This is a little evil
 IAUTH_OBJS = iauth.o a_conf.o a_io.o a_log.o \
@@ -431,6 +431,9 @@
 
 res_mkquery.o: ../ircd/res_mkquery.c setup.h config.h
 	$(CC) $(S_CFLAGS) -c -o $@ ../ircd/res_mkquery.c
+
+random.o: ../ircd/random.c setup.h config.h
+	$(CC) $(S_CFLAGS) -c -o $@ ../ircd/random.c
 
 iauth.o: ../iauth/iauth.c config.h setup.h
 	$(CC) $(A_CFLAGS) -c -o $@ ../iauth/iauth.c
diff -urN irc-cvs/support/config.h.dist irc-cvs-nospoof/support/config.h.dist
--- irc-cvs/support/config.h.dist	Mon Feb 22 10:41:32 1999
+++ irc-cvs-nospoof/support/config.h.dist	Tue Mar 16 12:45:57 1999
@@ -374,6 +374,30 @@
  */
 #undef	CLONE_CHECK
 
+/* Define this to turn on code that enables a PING/PONG cookies sequence
+ * whenever a client connects. The purpose of this is to prevent IP
+ * spoofing (normally based on predicting TCP/IP sequence numbers).
+ * This breaks the RFC slightly, but so far only one (old) client has
+ * been encountered that breaks. There's a small overhead if you define
+ * it, but it's essential for older BSD-based (or any other) TCP/IP
+ * stacks with predictable sequence numbers.
+ */
+
+#undef	NOSPOOF
+
+/* Random number generator seed -- used for cookies if NOSPOOF is
+ * defined.
+ *
+ * Set this to an 8 character random text string.
+ * Do _NOT_ use the default text.
+ * If people are able to defeat the IP-spoofing protection on your
+ * server, please consider changing this value and recompiling.
+ */
+
+#if defined(NOSPOOF)
+#define	RANDOM_SEED "ChangeMe"
+#endif
+
 /*   STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP  */
 /*   STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP  */
 /*   STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP  */