EFNet on the Rocks Again 237
Dragonsbane writes: "Things just keep getting better and better on EFNet. Already down to 30-something servers, the network has been hit with a huge denial of service attack, one which seems to have targeted the major hubs and open servers on the network. Information regarding the losses (six servers have been shut down in two days, one of which will not be returning) can be found at the network's news page. Having used EFNet for the last 5 years, I held on for dear life during the last bumpy ride, but I find myself wondering if the oldest IRC network can pull out of this type of situation a second time?"
Sad to see it dying. (Score:1)
The Obvious Answer, Let more Servers Link (Score:1)
Re:Humor me will you? (Score:2)
A simple nslookup:
Name: www.efnet.org
Address: 193.125.190.214
That Class belongs to Relcom in Moscow (Russia)
The only Russian IRC server connected at the moment (which can easily be found via
So even the website isn't on the same network as the only IRC server in the same country.
Doesn't anyone use nslookup and ARIN/RIPE/etc anymore?
Re:Uh.... (Score:2)
Not really. Mostly it was because I'd found a perl OperServ script and decided to run that for the hell of it, then discovered Andy Church's services clone and decided to hack around on it. Most people at the time were ambivalent to the concept of services on WTnet and we made do with channel bots like we did on EFnet. (The bots worked well, for what it's worth.)
The only thing services offers, in my opinion, is the convenience of not having to type "/msg __Ralph op #watertower blah". The other niceties are largely unused (for instance, nobody bothers to
The only thing services is really used for on our network is keeping people out of certain channels, just like any other network. Only I keep having to re-code the AKICK handling routines.
- A.P.
--
Re:Do people still use IRC? (Score:2)
Re:IRC warrioring out of hand. (Score:2)
Re:What it will take to save EFNet (Score:2)
Of the solutions listed above, I think only nickserve and chanserve would be actual significant improvements. It would also be nice if there was better enforcement of all the servers running the same software, or at least software that follows the same rules (there have been glaring exceptions to this in the past, dunno if it still holds).
I think there's one thing above all else about EFNet (and afaik, all IRC networks) which desperately needs to be fixed: it's designed with the most retarded possible network topology, a tree. A few simple redundant links and an improved inter-server protocol would result in it being many times less useful (and hopefully less tempting) to packet a server. But I've never seen anyone discuss actually implementing this.
-HrebRe:Do people still use IRC? (Score:2)
Re:How do you DCC? (Score:2)
Vermifax
Nothing wrong with dalnet.... (Score:2)
Vermifax
Load of bitter tripe. (Score:2)
Vermifax
Re:Load of bitter tripe. (Score:2)
The whole point is you don't have a 'right' (although you seem to think you do) to be on my friends and my channel (EFNET or otherwise) the only difference is on DALNET you can't turn into a baby and DOS me to get channel ops.
The whole first person to create a channel is a lame argument. Start another channel, that should be the answer on EFNET or DALNET or any irc network for that matter.
Vermifax
Re:Load of bitter tripe. (Score:2)
b) I see no problem with the system except a bunch of whiney people going "WAAHH!!! we can't have the channel/nick we want"
So if a person buys the house you want before you can make an offer, do you get the right to set fire to it?
Vermifax
It's Pretty Simple... (Score:2)
or...
B) Say "Later." to EFNet and, in all likelyhood, never face an irc-related DoS attack again.
--
Re:What's the point? (Score:2)
Re:Efnet (Score:2)
IRC isn't a MUD. They just change nicks and connection origin. In light of the fact that nicks aren't registered and there's no guest/registered distinction on any IRC network in common use, you tell me how to implement a server-based
Yeah, "all you need" is PFM. All I need is not to use the hopelessly lame IRC except on small private networks. It's the same thing that happened to CB, internet style.
--
Re:What it will take to save EFNet (Score:2)
As an Australian, I think the visable effects of EFnet being hit are compounded: the fact that being an Australian automatically removes 70% of possible servers away to connect to - we're just not allowed to connect. I know this must sound like a whine ( and i'll get modded down for it ) but stop and think that its not all rosey and peachy for everyone ALL of the time.
I am saddend to see that this type of activity is still occuring. DDOS on IRC networks just because you dont like someone ( or some group ), hacking of IRC networks just to let off steam and to teach "lessons" - its going to be the ruin of EFnet. It already is well on its way to being so. I've been on EFnet for a good 8 years, part of the massive exodus of Australians from AustNet to EFnet, the growth of EFnet as a small infant, to the glorious network that it was, and now I bare witness to its slow death.
EFnet was ( and in some ways, still is ) the creme of the crop of IRC networks. Everyone who was anyone could be found there. I'd wager that some could credit some of their work due to conversations on it. And to be sappy, the amount of close relationships ( or even more - IRC marraiges! ) that have been forged, EFnet proves itself to be a valuable resource, despite its pitfalls.
It's one matter to just say 'move to another network', but its another to manage to find somewhere as central as EFnet is.
Hail Eris!
Re:What's the point? (Score:2)
What does 133t mean?
The only possibilities that have occured to me are:
1) stupid
2) obnoxious
3) silly
4) sanguine
5) repulsive
6) juvenile
7) bait
8) neat
9) light
10)
Caution: Now approaching the (technological) singularity.
Blackened (Score:2)
oldcharred.blackened.com: AMD K6-2 @ 333mhz, 128M of ram, 18G-10k rpm scsi primary, 9G secondary. This server houses the origional irc2.blackened.com EFnet server, the largest EFnet server in the world before it de-linked. Still running with the origional IRCD, I, O, C/N lines and TCM.
It's a pity that, in blackened's case, volunteer workers such as mjr are forced to abandon what they love to do, because of immature kiddies flooding the network with useless garbage.
Re:Blackened (Score:2)
There was a reason for that.
Re:Efnet (Score:2)
Ops, nick protection, and channel protection. All worthless. All designed to beef up the ego of people who have to prove that they're on the bot and can k1x0r your ass. Wow, so l33t. The hackers are preferable to that.
All you really need on a system like IRC is
Someone coming into YOUR channel and doing things you don't like? Deal with it. It's not for you to tell everyone else on the channel that they can't listen to this person (by kicking them). They can make that decision on their own. It's for you to ignore them and get on with your life.
But, I'm sure you don't want to hear any of this. Most IRCers I know all live for ops, it's all about sucking up until they're added to the ops list, so that they get to kick people, etc. They're just like the script kiddies but without the ability to use back orifice or sub-seven.
As far as I'm concerned, you can have Dalnet. It's sole use is collecting gits like you and keeping them far away from someone who just wants to use a chat system and doesn't want a life based around a little '@'.
Re:Uh.... (Score:2)
That means that if they got there first and made a channel with a popular name (#quake, #perl, #pokemon, etc) that they will control it until the end of time. Alternatively, if they suck up to one of these people, they can get ops. With the @X or @W 'bots', they can log in any time of the day and get ops. Then they be an op. With ops. Did I mention they tend to be op-happy?
They also rarely tend to be happy with just having ops. They tend to use it... Kick anyone who disagrees with them, or the party line. Offer ops to people who will kiss their ass, etc.
Regular (EFNet) IRC has a bit of this, but with the complete channel ownership it gets worse.
Re:What it will take to save EFNet (Score:2)
Implement
Get rid of ops at the same time. Let people deal with anyone they dislike by simply ignoring them.
The problem?
It'll never be done. The lusers who crave ops don't just want to ignore someone, it irks them that this person should be allowed to say something that they don't like. They want to kick these people off of a channel just to keep them from saying whatever it is they say.
Which is why most people play with IRC for a while but then quit using it, they get fed up with the bullshit politicing you have to go through.
Re:What it will take to save EFNet (Score:2)
The problem with someone +s or +i'ing a channel is that they take a name someone else might want to use (because, face it, #perl is an obvious channel to talk to perl programmers, etc) and make it off-limits.
I think people should be able to make private channels that are assigned some unique identifier (ie, random characters) and be able to control that. Other channels, with names that attract others? No. Why is your claim to #starwars any better than anyone else's? Why do you have to right to kick/silence someone? Chances are from the viewpoint of an outsider, you were as big an ass to the guy you want to kick as he was to you.
Having the server do a few regexps isn't going to take a lot of CPU and it'd save sending a message through a web of servers, DoSing the receiver, who was just going to throw it away anyways.
If people just acted like grown-ups and ignored jerks, those jerks would go away. However, if people rely of ops or irc-ops to kick someone off, that person will be justifiably annoyed. And it also gives them attention.
A
Later I mentioned an idea of getting rid of ops and the only objections I heard were that people wouldn't be able to give friends ops. Nobody had any serious concerns about how the system would work, just that they wouldn't be able to give ops to people they liked. (And ban people they didn't.) Wow, that opened my eyes to the type of people who tend to hang out in that environment.
Re:Uh.... (Score:2)
Nick protection is just plain silly. It's like bob@server.com ranting that bob@aol.com should have to change his email address. If you want to see who you're talking to, look at their hostname.
Just another example of people wanting control...
Re:Efnet (Score:2)
It's easy to tell. People who resort to person insults over the issue are people whose social standing rests completely on the '@'.
Tell you what. Get a tattoo of an @ sign on your face. That'll let people know you're to be respected.
If channels had random names, cybersquatting wouldn't be a problem. But if someone wants to talk Counterstrike (for example), which channel do you think they'll try. Starting another channel by another name isn't going to do any good because nobody would ever go there.
Thus, the first person to start a channel (and thus get ops) gets to lord it over everyone who goes there after that.
The only people who like the ops system are those who've kissed enough ass to get ops and thus are waiting their turn, for some sycophant to latch onto their sphincter.
Re:Load of bitter tripe. (Score:2)
If you didn't have ops and instead had to rely on
Re:Efnet (Score:2)
I realized it was just a political game for people and left when IMs became a decent alternative to IRC for coordinating with a group of net friends in realtime.
I just happen to be able to see that the problem is people like you. Op lovers who'll do anything to defend their little habit.
Say it with me, "I'm not a control freak! I never kick anyone... unless they mouth me off."
It's people with your attitude who resist having an op-free network where nobody can lord their power over anyone else. If you'd step back and look at it from the perspective of someone who doesn't want to have to play nice to some teenage kid with ops just because he wants to chat, you'd see the inherent problems in the system.
I guess from the position of that young kid with their first taste of power, it's pretty cool though.
Come back to this conversation in ten years, if you've got any friends in real life, you'll see it a bit differently. If you're still on IRC all the time, well, you won't have aged much.
Re:Load of bitter tripe. (Score:2)
The "first person" argument is valid, about nicks and about channels.
Why should one person have the ability to control what nick you can use, or what channel you can use?
Look at how ICQ does names, you can pick any name, even if anyone else uses it. The UIN is the only unique bit. When you want to message 'Batman' or any other common nick you look at the email (or in IRC terms, the hostname) and pick the right one. From then on, you can just use the common name.
That system gets by perfectly without anyone having sole rights to the name. So why couldn't IRC work that way?
Simply because people aren't happy unless they control something. They think their spark of creative genius ("Hey, I'll name myself after a comic-book character!") deserves some special recognition... ("Hey, I'll keep anyone else from doing it!")
The same goes for channels. Why do you need someone to "maintain order" in a channel? If you could just ignore someone and they'd never bug you again, what is really gained from kicking them?
"But I want a private channel!"
Then choose one with a name nobody else will ever want to go into. There's no reason you need to make #marvel, #windows, #quake, or any other commonly-named channel your private one. Create #MyChan348234, +s+i it, and invite your friends (off of one of the commonly-named channels) into it for anything private.
It also makes the system a lot easier. There's no need for the complication of a nick-serv and a chan-serv. If nobody can own anything, you don't need to keep track of ownership.
The system becomes less complex, people stop attacking each other for control because there is no control, etc.
Can you see a problem with this system, or are you just upset at the idea of losing ops?
Re:Load of bitter tripe. (Score:2)
b) I'm saying people should just cope with it. Scratch these annoyingly complex systems which exist JUST to give people exclusive power over a nick or a channel.
The nick/chan serv elements are more of a problem than they're worth. The only reason I've ever got for keeping them when I've proposed a new, simpler, IRC model, is that people want ops.
My sole problem with ops is people who won't give it up, wanting to damn the system just so they get their power.
If IRC was FIXED, it wouldn't have people trying to DoS servers to split channels, or kick people to get nicks. It also wouldn't need complex and easily broken system for preventing this. People would still try to attack each other, but a
I've tried to work with IRC developers, I've proposed this idea to hundreds of people. The *ONLY* argument I've ever heard against it is that it doesn't have ops, and people wouldn't be able to kick people, or give ops to their friends.
They say this in various ways "what if someone came into my channel and started..." or such. But
To me, this as good as proves that most IRC users are ass-kissing op-wannabees, or power-tripping ops.
Echelon (Score:2)
And the FBI probably has bigger problems to deal with then IRC servers going down due to poor design.
web history? (Score:2)
Re:Open servers (Score:2)
Hi, we really need more open servers. Would you mind hosting our network and reciving hundreds of Distributed Denial of service attacks a day?
Hrm (Score:3)
Re:Still other sources for IRC fun... (Score:2)
So long, old friend. (Score:2)
I also remember it being kind of the "outlaw frontier", where almost anything went, and hacking was somewhat encouraged. Moderators took a real hands-off approach unless you were being blatently over the top. Perhaps this rogue spirit is what is killing it today. If you encourage (or don't discourage) hackers and crackers and script kiddies, perhaps you reap what you sow. I just don't understand why, if someone gives you a really nice sandbox to play in and hack in, why you'd feel the need to take a big huge shit in it. Have fun raising hell in EFNet, but attacking the servers themselves is crossing the line.
Maybe they just want to be known as the people who took down EFNet. Likely, they'll be known as someone who spoiled a good thing.
Good bye, old friend, you'll be missed.
Re:IRC warrioring out of hand. (Score:3)
You "never did anything to harm an IRC server", yet you had an "army of clonebots?" Were these magical clonebots? You know, the kind that can connect to the network without using up connections that would have otherwise been used by legitimate clients? Were they the kind of clonebots that could send nickfloods and tsunamis to #warez directly, without interacting with (or consuming the resources of) the servers?
IMHO, the DDoSers of today are the clonebotters of 6 years ago. The technology is different, but the mentality is the same. 6 years ago, people didn't have the big, fat network pipes that they've got today, and there weren't as many fools running networked, compromised boxes 24/7. 6 years ago, the DDoS attacks of today weren't technically possible. If they were possible, they would have been used.
You sound like you've outgrown the phase, which is good, but I suspect that if you were six years younger, you would be right alongside of the group that is responsible for this.
Re:IRC warrioring out of hand. (Score:3)
Legitimate clients don't change their nicks ten times a second, nor do they use TextBox/PhoEniX-style tsunamis (large amounts of text) against users and channels. Unless your clonebots joined the target channel and said "hehehe" and "LOL" every ten seconds or so, I think it's a safe assumption that they used well more than their fair share of resources. I can certainly say that in my years as an oper, I never encountered such benign clonebots.
I disagree strongly. They were more difficult, available to a smaller group of people.
Well, certainly the ability to do a distributed flood existed, but nowhere near to the extent that it exists today. The IRC "floodnets" that were the precursor to the modern DDoS didn't appear until a few years later. The modern DDoS would be an impossibility were it not for the large number of unprotected cable modem/DSL users and wide-open corporate networks, most of which didn't exist at that time.
Re:IRC warrioring out of hand. (Score:2)
And, even though I'm going to get flamed for this, the argument exists that if the opers in their very-finite wisdom didn't do everything in their power to protect the sheep from themselves the kiddies would still be perfectly content to do simple text floods, nick collides and split riding instead of DDoSing full servers.
Infact, the many ircd "enhancements" currently make irc almost unusable for those who DON'T break the rules. No ops on split, no join on split, hell, there is even atleast one server which won't even allow you to chanop no matter what the server state. I mean wtf is this? No (ops|join) on split with a perfectly working TS is redundant, it just makes it harder to recover opless channels. Not allowing anyone to chanop is just fucking stupid, period.
EFNet, even for those who do follow the rules, is becoming unusable, not to mention that there are assholish and apathetic opers who just don't give a shit. Unless you're their friend you're fucked about getting help from one. I can see the frustration the kiddies are exhibiting.
-- iCEBaLM: 5+ years of EFNet usage.
Re:What it will take to save EFNet (Score:2)
Hostmask mirroring leads to endless problems in an IRC environment. How do you tell one person from another? Force nick registration? Nobody wants to sign up just to use IRC, that's one of the best things keeping it separate from instant messaging. Really it's much easier the way it is, with opers mostly hiding their real hosts not so they're not DoS'd, but so that it's at least more difficult to find/hack them and gain control over their server.
Nickserv/Chanserv don't help. DALnet/Undernet have services, they get hit. Not as much or nearly as hard as EFNet, but they do. Also, services have been known to be hacked(not that EFNet hasn't, but at least there isn't a service in place that makes it a 1 step process to 0w|\| every single channel)
Invisible hubs might sound nice in theory, and in fact were at least at one point scheduled for the next version of the EFnet ircd. However, this alone won't do a fucking thing. Because only a few servers have the balls to let many clients on anymore(irc.east.gblx.net, irc.ins.net.uk), taking down just those two servers takes out something like 1/2 of all EFNet users. Maybe you can't take channels so easily(like you can now?) but it'll still fuck with everyone trying to chat, and make the servers question why the hell they bother(which I don't understand myself. I have a friend who's an EFNet server admin, and I still don't get why.)
Re:Hrm (Score:2)
I'm fairly upset... (Score:3)
*sigh* And again, what's the purpose of this? We lose something in exchange for nothing. We should pursue these people more agressively, since we're really losing one of our best communication resources out there... cause I mean, when they're done with IRC, they'll go after whatever else looks ripe... AIM servers, ICQ servers... even Slashdot.
This is a good cause for the EFF to take up... prosecution of these script kiddies. I'll donate to that cause...
Echelon does not deal primarily with Europe (Score:2)
Re:Only EFNet Users Will Get This (Score:2)
Re:Efnet (Score:2)
You lost your nick? So what use a deviation.
These two lines, all by themselves, show why EFnet's been going downhill for years. Simply put, they ignore the social aspects of IRC. People don't want to change their name, or their street address, just because some script kiddie managed to kick them off and steal theirs.
I got off EFnet when DALnet first came up with a real solution to these problems (I held founder status on #watertower when it was the biggest channel on DALnet, way back when), and never looked back. I'm not surprised that EFnet has been in a long slow decline ever since.
--
Re:What's the point? (Score:2)
Undernet went through a large dossing phase a few months ago (now there are only half a dozen or so American servers left from the 25 or so there were before). They've since been implementing measures to protect from DOS:
- hide the server names in
- disable
- hide the server names in netsplits
- disable umode +s
Perhaps EFnet could learn from history
Do we really know who is DDOSing? (Score:2)
I pose a different theory. There is not much to back it up, but it's a possibility that should be considered. First, in addition to chatrooms involving help with coding or project collaboration, the two largest groups that use IRC are "pirates" and pr0n freaks. Big business hates the IRC because it's the epicenter for trading of movies, music, and software, and some software and movie distributers even start with the IRC. The Government hates the IRC because they seem to think that it's the hotbed for perverts to meet children, hence all the FBI agents posing as little girls.
The IRC is somewhat immune to legal attack, since it is decentralised, and like the newsgroups, the content is user-based, thus the hosts don't take responsibility for illegal activity. So what can Big Business and the Government do to stop this menace? Hmmm....
just fixed it and added more info (Score:2)
are you kidding (Score:4)
Many people still use IRC for many things trading coding tips in C++, developing OS's (#freebsd, #openbsd, etc.), assisting newer users of the OS (#linuxhelp, #freebsdhelp). Many friends also use it as a means to communicate, and it's sad you do have some shitty channels but you shouldn't generalize everyone on IRC as being warez kiddies.
Stopping DoS attacks (Score:5)
Some of these idiots should check into a local clinic for psychiatric assistance, and stop ruining things for people who just want to chat.
Efnet (Score:5)
EFNet has been my sole IRC network for years now, its plagued by many things that draw the wrong crowds. However this doesnt make it a bad place, its just not one where you can go telling off some 13 year old that has as they say "500 b0x3n". I dont understand the mentality of attacking a non-profit irc network for any reason.
You lost your channel? So what, go make a new one.
You lost your nick? So what use a deviation.
They wont let you be an oper? So what start your own network.
I mean come on.. this is rediculous.. So what if your upset with efnet, there are so many other alternatives out there that you cant begin to list them. Use one of them.
As far as the attack that efnet is facing, its not just the DDoS, its also the attack of its users. Just like this post on slashdot about efnet... "but I find myself wondering if the oldest IRC network can pull out of this type of situation a second time?" If youve used a network for 5 plus years, and its been through this before, then odds are it will make it though it again, dont show a lack of faith or support like that. You are giving this kids or immature adults exactly what they want. The truth is this, we are giving them exactly what they want, thus they wont quit. If we quit complaining, then what they are doing isnt working any more, or they are not going to get their desired results, thus they will probably quit attacking efnet.
One of the most redundant things you will see on the efnet.org forums is the posts regarding the problems efnet is facing where people are whining and complaining about not being able to get on efnet. Instead of that, shut up and move on. So what if you cant get on efnet for a few days, its not like theres not 100 other irc networks that you can use until EFNet gets back up, heck have your buddy on a cable modem load up ircd to support your friends until efnet is back online.
In short, stop making a big deal out of it. In the end your forgetting the people who are really suffering and whining about stuff that dont matter, imagine how much these attacks are costing the hosts of the servers we love, they are doing this for free, and paying out the rear end to keep this thing going. Thats where we come to the poing of loosing efnet, is when it hits the sponsors (servers) in the pocket.
Regards,
Ret
Other good public IRC servers beside emory.edu? (Score:2)
IPv6 (Score:2)
IRCnet has quite a few ipv6 server running, but as they are also quite limited to their surrounding univs etc due to beeing ipv6 only, where people tend to be clued, and not scriptkiddies, I don't think they've been put to any serious tests... well.. some minor incidents where the ipv6 tunnels have been cracked and DoS attacks against ipv6 hosts have been performed..
The most ipv6 abuse I've seen are funny ip-ending like
If someone is clued in on ipv6, please brief us on DoS controlling if I'm totally off here.
Re:What's the point? (Score:2)
Re:What's the point? (Score:3)
To get ops. Timestamping makes this more difficult, it does not make this impossible. Consider the case where everyone in the channel is disconnected because their server is flooded off. Now that there are no ops, you can get ops on a split. And of course, you can cause a split by flooding one or more servers. As a bonus, you get to steal the nicks of your enemies.
Re:IRC warrioring out of hand. (Score:3)
How is that? When IRC wars moved out of IRC, I stopped. More than that, I vowed to never fight again. I have let the channel I hung out in for 8 years be taken over for months, because I refused to engage in any IRC wars.
Pingflooding had been considered lame for a long time. It hurts noncombatants. It hurts combatants in ways unrelated to IRC. It is unfair to those who have less bandwidth. It creates wars that escalate only through use of more bandwidth, which means hacking hundreds or thousands of machines. Then a new crowd moved in (along with Windows, WSIRC, and mIRC) that didn't see a problem with it. The collective morality changed. It wasn't individuals who's morality changed, it was a new group of people who did not have any respect for anything.
IRC warrioring out of hand. (Score:5)
I never did anything to harm an IRC server. Nobody did. #warez learned to fear my army of clonebots, and in fact clonebots were the only thing I ever did that upset IRCops.
Now, people don't care about IRC when they are involved in their IRC wars. Just like using nuclear/biological/chemical weapons in real-life wars, DoS attacks against servers harm innocent noncombatants. This is unconscionable.
DoS attacks against servers is destroying, and will ultimately destroy, EFNet. These people surely know this. They just don't care.
I have never been so disgusted with mankind.
Re:and more DOS (Score:2)
Re:Here he is.... WAS Re::( ... God! I wish (Score:2)
The downfall of the EFNet (Score:2)
I've been on the EFNet since 1991 (#iCE and #ANSi back in the day ;) and it's been a shame to see it steadily decline in the last few years. I used to frequent it all the time but about three years ago it just started getting ridiculous: netplits all the time, lamers taking over the channels, and very difficult to have any decent conversation. It used to be fun to have it on in the background at work but now it's just not worth it.
This year has definitely been the worst however. I've seen every single channel I've ever frequented move to other networks. #iCE was the last to go (they're very nostalgic) and while they've tried to keep a relay bot up on EFNet to keep the conversation on both servers it just isn't working: EFNet has officially gone to hell.
I hate to see it go. Now I can't find any two interesting channels on the same network and everybody I used to talk to is fragmented on different nets. It's really too bad that a few immature individuals can ruin it for the rest of us.
- j
Re:Possible Solutions (Score:2)
Possible Solutions (Score:4)
1) Mandate that ISPs filter outgoing traffic from outside their address range. A lot of these attacks won't work or won't work as well due to address forgeries.
1a) Hold ISPs responsible for damages stemming from attacks originating from inside their IP ranges. Allow them to recoup those costs from the users whose hosts are involved in the attack.
A lot of people are gearing up to flame at this point going "But but but you can't hold a user responsible for the security of his machine!" Bullshit. If you want to connect to a public network, you should damn well make sure your system is secure. And security would improve, because someone's money would be directly involved and therefore law enforcement would be much more inclined to pay attention.
2) Give a government organization draconian powers over the net and passwords to all the routers irrespective of what company owns them. "Oh... That DOS is originating from foo.net. Lets just turn down their router until they sort it out." That'd damn well get attention real fast.
Re:IPv6 (Score:2)
But, honestly, IPv6 might be able to help against certain types of attacks, like smurf attacks, but it doesn't help as much against DDoS. But at least QoS(Quality of Service) it would help some, unless your router is swamped....
Re:news page already ./ed (Score:3)
You can read the news at this mirror [phule.net] too:
http://www.phule.net/mirrors/efnet-news.html
- JoeShmoe
Re:Here is what i don't understand... (Score:3)
Um, if you don't think the government is already on EFNet (actually, any IRC networks) then you are living in a fairy tale. Think back to the mafiaboy fiasco...he bragged in an irc channel and the next day he was arrested.
Not to mention all the undercover cops in channels like #dadanddaughtersex hoping to catch some kiddie porners.
Since the government can get their hands on any information with a sealed subpoena there is no more or less protection than just everyone using a server like irc.fbi.gov!
The whole EFNet piract scene is a few thousand people at best. There are far larger targets (although they have gone after FTP sites, which in a sense could count as an IRC bust since most siteops are on IRC).
Regarding proof, they don't need prove to make an arrest. That's what a trial is for. Kevin Mitnick was arrested because companies like Sun claimed his copying of source code cost them millions. This was enough to make him guilty of grand-theft computer and get him arrested, even if Sun couldn't prove a single cent of damages resulting from the download. It was just a theory but that's all that matters for an arrest.
I admit that a bunch of WAREZ DOODS don't make a very sympathetic victim, but think about the major ISPs like @Home, C&W, Mindspring, etc that are subjected to constant attacks. If just one of these companies would grow a pair of balls and try to get enforcement instead of pulling the plug then it would send a message.
After mafiaboy I sincerely doubt that anyone would try a major attack against our precious, precious e-commerce sites. So if the same kind of example was made of one of these script kiddies then maybe the rest would think about whether taking that channel was worth years in jail.
- JoeShmoe
Here is what i don't understand... (Score:5)
No monetary losses? How about bandwidth cost? How about admin time to repair/fix hacked IRC servers?
What I fail to understand is how some Canadian teen ping floods Yahoo! and has the entire wrath of the FBI, NSA, CIA, DIA and Canadian Monties on his ass...meanwhile EFNet servers are subjected to coordinated 3Gbps attacks and the only solutions seems to be give up?
What the hell kind of logic is that? Okay, give up because it is easier. If you ask me, every EFNet server should lodge a formal complain, claiming $10million in monetary losses. If we learned anything from Mitnick, it's that companies can claim any bogus amount of losses and get results.
Or maybe the FBI/CIA should just host an EFNet server themselves. We all know they are caching the whole damn thing anyway to run through Echelon. If EFNet goes down then were are news organizations going to go for their pithy quotes?
- JoeShmoe
Re:Efnet (Score:2)
So yes, EFnet may not be the largest network anymore, and its population may be going down, but the level of clue hasn't gone down and seems to be rising for the most part.
Yeah, I've actually noticed this. As it becomes harder for people to get on EFnet the amount of annoying "a/s/l"-type kids has really declined.
What sort of fools build a spanning tree anyway? (Score:2)
IMHO, IRC networks should be set up to look more like usenet does: Each server should peer with several others, forwarding data about using basic flooding algorithms. Sure it would be a bit more complicated, and it would use more bandwidth (because you need to work out which data has already reached your peer and avoid resending it), but it would practically eliminate these problems.
Why can't people design computer systems with a bit of attention to redundancy and security in the first place?
Re:Possible Solutions (Score:2)
Personally, I'm all for splitting the blame between the ISP and the user. When the Comcast (or whoever) representative comes out and installs your cable, they should have you sign some sort of statement of security, peform a few basic checks on your machine, and leave a card telling you basic ways to keep your machine secure. These would be something like:
1. At least once per week, preferably more often, use the update feature of your OS. Win32 has Windows Update, MacOS has a control panel, Debian has apt-get. This alone would prevent much of the successful attacks going on today.
2. If possible, leave file and print sharing off. Use a password, if you must turn them on. (for *nix machines, this could be extended to "don't run things like r-services, telnet, etc.)
3. Buy one of those nifty little $100 routers, or use one of (list of approved software).
After that, it's all upon the user. If someone can pay for access which is fast enough to make them a target, they can certainly take a few minutes every week to keep things up to date. If not, then they get to pay $$. It's the same with people who can't bother to cook for themselves, or who have to have designer blue jeans. You pay, I don't. What a wonderful life.
Will this work? Ha! This will probably work at about the same time people check the fluids in their car once per week like they're supposed to do. However, if their computer gets 0wn3d, and they have to pay $$ for it, that might be a pretty good motivator.
Sotto la panca, la capra crepa
Re:What it will take to save EFNet (Score:2)
The first come, first serve status of IRC may be prone to abuse, but more abuse occurs without anyone there to take quick and decisive action. In an ideal world, users would elect ops and confirm their decisions, but that's far too much to expect from a chat room.
--
Re:and more DOS (Score:2)
BAH! (Score:5)
First a DOS on their irc network, now a slashdot on their web server....
We should ALL send out our support though LOADS of email to let me know we care... err wait
There are no face. (Score:4)
We find great comfort in chatting with eachother and are happy that the various IRC-networks gives us this upportunity.
But when this kind of childish behavior sets in, it's not just the various networkoperators and sponsors who pays.
There are real people behind all those nicks. People who have come to depend on it. And suddenly find themselves alone, again. Alone to deal with their pain.
Once we have relocated to yet a new network, next step is at get contact to all the users. Mostly impossible, few trust others to get close enough to give out personal datas (like email).
Third step is to get people to change their client. Almost as impossible, many of the users aren't your run-of-the-mill powerusers.
Bottom line is that every time this pre-teen-kidz feel an urge to show off their l337-status, *real* people with *real* life and *real* problem.
But those script-kiddies doesn't care, to them we are just faceless nicks.
My wish is, that once those kids grow up they will learn of the harm they had done. Know that when they trashed a network, someone was left alone... crying in the dark...
... and know *they* are to blame for nonexistance of IRC and free chats.
Bjarne
Only EFNet Users Will Get This (Score:2)
*** no such channel "#warez" (irc.umn.edu)
Later,
Re:Open servers (Score:2)
Take a look at DALnet, for instance. Their servers are DoSed too, but not nearly to the same level as EFnet's servers. And look -- most DALnet servers are open!
---
DOOR!!
Open servers (Score:3)
Like it or not, EFnet is pissing off its user base. Not that this warrants DDoS attacks, but the basic principle is that if you treat your users well, they'll treat you well. Likewise, if you piss them off, they're not going to be so likely to be friendly towards you.
---
DOOR!!
Re:How is this just "an IRC thing"? (Score:2)
Yes and no. Providers of root servers usually won't stop hosting root servers because of a DDOS attack. The root servers aren't going away. The whole point about EFNet is that most of these servers are optional, run because some provider felt like doing a good turn for the community. When these providers get hit, they drop their IRC servers pretty fast. The same thing will not happen to the root servers, at least in terms of getting dropped.
Also, there is much more redundancy in DNS than IRC. If several/most/all root servers die, caching should continue to provide some level of service. Generally speaking, end users don't send DNS queries directly to the root servers, (unless they're running djbdns, like me).
Re:Possible Solutions (Score:2)
Now, imagine these LARGE NSPs that host IRC servers on EFnet with multiply redundant BGP-4 routed DS3 and ATM circuits placing these access lists on their core routers. It wouldn't work. It would cripple them worse then the DDoS's will.
You could use a Firewall as a solution, but they are cost prohibitive to pay per connection for every IRC client. This is why it is hard to "just filter" attackers on core routers.
And as far as holding ISPs accountable goes, that is a can of worms that won't be opened. Other then our DMCA and other laws.. I can't imagine this happening.
-Pat
:( ... God! I wish (Score:3)
These idiots would never stop, until someone hit them with a baseball bat over their head. And its time someone did.
How is this just "an IRC thing"? (Score:3)
The root DNS servers at [a-l].root-servers.net are just as vulnerable to this stuff.
What it will take to save EFNet (Score:5)
Hostmask mirroringthat would at the irc server level protect you from hostile users out there, making it virtually impossible for them to gain your IP address via IRC.
Nickserv/Chanserv allows you to reserve your own nickname and reserve your own channels for personal use.
Invisible hub servers, these invisble hubs means it is possible for one or two servers to be taken down but it will be individual servers on instead of entire branches
By implementing these features you will see the irc wars lessen and eventually die out for the most part. The nick and channel services would protect the channels reguardless of the warbots and denial of service attacks. The masked ip's would mean you could not attack other users of the network unless they did something stupid like accept a dcc connection. EFNet may have the invisible hubs already however the rest of the possible solutions they do not have and seriously need to consider.
--
When I'm good I'm very good, when I'm bad I'm better, But when I'm evil you better run
Re:What sort of fools build a spanning tree anyway (Score:2)
I've got a proposal for a new IRC protocol [achurch.org] (very much a work in progress) sitting around, if you're interested; among other things, it allows redundant connections between servers. Comments are welcome (but "we-don't-need-another-IRC-protocol" flames are not).
--
BACKNEXTFINISHCANCEL
What happened? (Score:2)
Just incase the rumours are true and somebody's attacked all the servers dianora opers on, can I point out that Diane hasnt been opered on irc.ins.net.uk for about a week... If you're going to DOS servers because you dont like their opers, at least
Since a lot of people seem to be up on this situation -- what's the story?
I know, this is pure gossip with no redeeming News For Nerds value and almost certainly involves a lot of dweebs with too much time on their hands and no sense of perspective. But since we've pretty much exhausted the community discussion possibilities of "Destructive script kiddiez are idiots!" let's get to the dirt!
Unsettling MOTD at my ISP.
What's the point? (Score:5)
It's not going to give you ops, your not going to achieve anything besides slowing down the network.
I have to wonder what the script kiddies problem is with EFNET, what's their beef with them? I'd like to see that posted here, or are they just doing it because they can.
I've seen some severs disappear off efnet and go private or join other networks too. People don't want to be associated with the unstable network, and they can't pay the bandwidth bills of a DOS atack. Remember, DOS sends a whole lot of information, which translates to bandwidth, which on servers, costs a pretty penny. And unless you own a telecom, that's money that your never going to see.
Whoever is doing this, just quit it. Attacking an IRC network (Which is free for people to connect to and use by the way) is just lame and stupid.
[Something witty and intelligent should have appeared here.]
Re:What a shock? (Score:3)
Hey, don't knock "for the women"... I knew of a guy who was the SysOp of one of the largest BBSes in Phoenix, something like 50 lines when it finally just ended, and he used his "cool bbs" routine to get laid...
Of course, I've got to wonder about the girls who'd screw a guy whose claim to fame is a computer with a lot of modems plugged into it (or even an array of them)
IBM had PL/1, with syntax worse than JOSS,
Bullying. (Score:5)
Frankly, they do it because they ENJOY DOING IT. They get a cruel (I would say sick but sick is a hard word to apply to something practised by the vast majority of the human race), a cruel thrill off of beating up someone weaker than they. And then the tortured nerd goes home. And then he either torments pets, or he goes on the net and DDoS's some perfectly cool site. Because he has learned to be a bully, by example and by reaction to his own treatment.
Why not DDoS Microshaft or whatever, while he's at it? Because he does not have any sort of economic or political goal for this attack. He's not doing it for that reason. He's doing it to piss off as MANY people as possible. DDoS'ing Microsoft pleases too many people, so he could care less about doing it. What better way to piss off a whole bunch of netters than attacking their community where it hurts?
-Kasreyn
Humor me will you? (Score:2)
Call me a troll if you want but Doc here needs a sortin out.
Re:and more DOS (Score:3)
And one more thing... if there's anything it's not, it's not poor journalism. Journalism has nothing to do with being considerate to the other guy by not linking to his stupid website. Slashdot is making things easier for it's users by putting in a damn hyperlink, and you can't deal with it.
VERY poor complaint, dude.
Re:Still other sources for IRC fun... (Score:2)
The Problem . . . (Score:2)
Anyway, the biggest problem with EFNet began when people joining from
In fact, my university banned IRC from running on it's VMS system. I remember a script kid wanted to take over a channel I was on and DOS'ed the entire campus; that could have one of the reasons.
What bothers me about things like this, is that it could be what marks the end of a "free" Internet. There's no incentive for people to offer services like IRC for free anymore, not when it causes this much trouble.
Re:What's the point? (Score:2)
DoS doesn't mean the end of the world (Score:2)
Our security policy when we go under a DDoS attack is to analyze the attack by collecting as much information as possible, and then configure router settings at our ISP to block the attack upstream, after it gets off the fat pipe and has less ability to cause network problems.
Most of the time we are dealing with script kiddies, albeit clever, they are no match in technical knowledge and most just click blindly at programs traded on IRC (ironically).
Even if the IP's are spoofed, they can still be filtered out, because the attack patterns of most all automated DDoS software, which uses cable modems and college networks are quite regular.
You should see grc.com for a good method of handeling a DDoS attack. This is what all administrators should do, but too many are trained that DoS is completly impossible and you are at the mercy of the "hackers" and the only thing you can do is run for the big red switch. This just isn't so.
These types of antics will be around for awhile, in all types of networks. There will be people who attack because someone banned them from IRC, people who do it because they're taking their personal problems out on the world, etc. The list goes on. If services, especially public, continue to wash their hands we will only see some great communities lost when a very good solution is always very easy to come by.
Most ISPs will work with users who are under DoS quite well. Remember, this is there network which is under attack too.
Re:DoS doesn't mean the end of the world (Score:2)
Of the several "ISPs" who were hosting servers, none actually owned the wire. This is because you are using the term ISP as Internet Service Provider, which can mean anything. Slashdot provides a service on the Internet, so they could also be considerd an ISP. However, the ISPs I am talking about provide bandwidth services and have actual public networks which are either national or global.
In affect, those hosting IRC have purchased services from a real telecommunications ISPs who operate public networks.
SolidStreaming is not an ISP, and in fact a traceroute shows they are using Globix.net as their hosting provider.
irc.emory.edu is obviously not an ISP, and they obviously lease a line from a company who could easily employ filtering at the router.
Even in the case a very large ISP would come under attack, it would be trivial to configure router interfaces to other connecting networks (both at these networks and at the ISP) in a similar way to block DoS. You only pay for bandwidth if you receive it, and if you ask a network to block certain types of packets, you will have eliminated your problem.
But perhaps the best method so far is good egress filtering at all network levels, especially in the cable and DSL networks who are often the target of DoS trojans and hacks. This would eliminate spoofed IP's and provide further protection from methods DoS attacks often use.
Please, do your homework (this doesn't count your MSCE study guide) before calling someone stupid.
Re:What's the point? (Score:2)
> To get ops. Timestamping makes this more difficult, it does not make this impossible.
And there's also the "if I don't get what I want, I'll take your toys and go home" attitude. They don't care who else they screw in the process, they'll blow it up because they aren't allowed to, and feel like it.
A true lamer mentality, but it's all over the net. Just ask the slashdot trolls...
Re:and more DOS (Score:2)
Now, not only does EFNet have to deal with irresponsible skrip7 kiddi3s, but they're taking the full brunt of the Slashdot effect as well.
VERY poor journalism, guys.
Re:Stopping DoS attacks (Score:3)
At any rate, that said, your document is still a good one and can help prevent DoS attacks that deal with generating load on the server rather than trying to just flood the link out.
news page already ./ed (Score:5)
madmax @ 2001/07/11 21.16 irc.ins.net.uk / dianora
Just incase the rumours are true and somebody's attacked all the servers dianora opers on, can I point out that Diane hasnt been opered on irc.ins.net.uk for about a week... If you're going to DOS servers because you dont like their opers, at least
hardy @ 2001/07/11 16.05 ircd.solidstreaming.net / irc.solidstreaming.net
SolidStreaming's irc client and hub servers have been null routed at the moment due to a massive core router flood. Currently, there is no ETA for return.
madmax @ 2001/07/11 12.44 irc.ins.net.uk / irc.hub.uk
C&W INS has been under such a large attack that they have now null routed the irc servers. We do not know at this stage if or when they'll be returning.
madmax @ 2001/07/11 09.31 Efnet's broken
You heard it here first. To those concerned, quit with the attacks, learn not to shit where you sleep. You know who you are.
madmax @ 2001/07/11 09.25 irc.lightning.net
Lightning is disconnecting from efnet for the immediate future due to DOS attacks. They will look at the situation again as soon as possible and hopefully make a comeback.
hardy @ 2001/07/10 21.49 irc.emory.edu
irc.emory.edu has officially de-linked from EFNet as of today due to excessive Denial of Service Attacks for unknown (but most likely IRC-Related) reasons. It's a great loss for the EFNet community as Emory University's IRC server has for 5 years been a very stable, reliable, and open one. We would like to thank the irc.emory.edu staff for their time and dedication to EFNet, you will be missed.
and more DOS (Score:5)
Re:Humor me will you? (Score:2)
More of the same really (Score:5)
I moved to Austnet (as im an aussie) and all was fine but in the end i bailed from there - as an op and channell owner i spent the last 5 months of my online life in constant flame battles and fights to prevent channel takeovers.
We had numerous DOS attacks and hack attempts which succeeded in downing our service on more than one occasion and wiping out host servers, not to mention mail bombing attacks on channell mailboxes and racist bullshit on broadcasts (yes you white power fuckers know who you are).
I checked the other night when i was rebuilding my PC at home to find the logs of my last session - 2 hours online and over 100 bans - so i just hung up my gunbelt and keyboard and decided it was not worth it.
Im sorry to see this happen - IRC used to be a great place to go with intelligent talk and good fun, now all it is is lame losers and 'i owns joo' crap in many cases. Another piece of web history gone