irc server-like, listening on default irc port without ssl, just tells you how to connect

[edmund-huber]

Some MOTD like:

Hi!
To connect, you must use TLS.
The password is t###he^passw&ord (remove non-alphanumerics).

Then it hangs up.

[slingamn]

Implementation notes:

1. I'm fine sending the unobfuscated server password in plaintext --- it's just a roadblock for ordinary port probes. The server password is public information.
2. Let's send both complete connection information (the host/port/tls/password/channel that we display on the website) and a link to the website itself.
3. We may not want to send the regular MOTD numerics because some clients suppress the MOTD by default. We might have better luck with something like NOTICE.

[slingamn]

xinetd's banner_fail feature might be a good fit for this.

[DanielOaks]

note: Advertising an STS policy on this plaintext server which matches one on the server running on 6697 may let clients with newer software automagically use 6697 without needing to do anything manual (depending on the duration time and how often they connect after getting the initial policy, of course). Depends on having a non-self-signed cert on 6697 and possibly pushing a CAP LS reply line after dumping that MOTD to the user (if the 6667 software isn't a full ircd)

[slingamn]

I'm going to implement this in oragono, but I have mixed feelings about deploying it to darwin, because I feel like opening port 6667 inherently makes the server more vulnerable to passive monitoring (e.g., if some client connects and immediately tries to send a SASL PLAIN auth blob).

[slingamn]

This is a wontfix.