Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
The Internet

EFNet on the Rocks Again 237

Dragonsbane writes: "Things just keep getting better and better on EFNet. Already down to 30-something servers, the network has been hit with a huge denial of service attack, one which seems to have targeted the major hubs and open servers on the network. Information regarding the losses (six servers have been shut down in two days, one of which will not be returning) can be found at the network's news page. Having used EFNet for the last 5 years, I held on for dear life during the last bumpy ride, but I find myself wondering if the oldest IRC network can pull out of this type of situation a second time?"
This discussion has been archived. No new comments can be posted.

EFNet on the Rocks Again

Comments Filter:
  • by Anonymous Coward
    EFNet was fun years ago before the asshole kiddies started spending all day trying to become a channel op through netsplits and such so they could kick everyone out and ban them. Bah, it was worse than the trolls on slashdot. It is really a shame to see some of the old services slowly drifting away because of a bunch of new clueless dipshits who don't have any maturity. Usenet for example is basically 75% spam, Slashdot is 50% crapflooders and trolls, IRC networks are being DDOS'd. What's the point? Go get laid kids. It'd be much more fun than sitting on your fat ass DDOS'ing a stupid IRC network.
  • by Anonymous Coward
    If they would actually take new servers into the network it would be alot more DoS resistant. Rather then 30 servers with 5 of them supporting 75% of the load.....
  • by Anonymous Coward
    Hmm...a simple research kinda solves all of this although I don't know why I'm spending the time writing this...I guess I'm bored.

    A simple nslookup:


    That Class belongs to Relcom in Moscow (Russia)

    The only Russian IRC server connected at the moment (which can easily be found via /link) is which resolves as which is a Class that belongs to Rostelecom Internet Center
    So even the website isn't on the same network as the only IRC server in the same country.

    Doesn't anyone use nslookup and ARIN/RIPE/etc anymore?
  • "Then why did it have them long before my channel came to the net? Perhaps it's because others there share my opinion about their necessity?"

    Not really. Mostly it was because I'd found a perl OperServ script and decided to run that for the hell of it, then discovered Andy Church's services clone and decided to hack around on it. Most people at the time were ambivalent to the concept of services on WTnet and we made do with channel bots like we did on EFnet. (The bots worked well, for what it's worth.)

    The only thing services offers, in my opinion, is the convenience of not having to type "/msg __Ralph op #watertower blah". The other niceties are largely unused (for instance, nobody bothers to /msg nickserv SET URL, or SET EMAIL, trust me. Hell, even our MemoServ database is only 124k) and go unnoticed by most users. Hell, when it was down last year for 3 or 4 days after a lightning strike, nobody even noticed save a handful of whiners who still snarl about netsplits after 6 years on IRC.

    The only thing services is really used for on our network is keeping people out of certain channels, just like any other network. Only I keep having to re-code the AKICK handling routines.

    - A.P.


  • So how do you find out about these channels then if they're kept so secret?
  • While that was some of the degeneration, I think that even in the days of mIRC and pingfloods/winnuke it was still better than now. True, any means available were used to attack individuals, but still nobody would actually attack the servers. I'm not sure if this was due to actual logic (i.e. "i want to take over this channel, but i can't do that if i kill the server") or just due to the fact that DDoS wasn't prevalent enough, and while a T1 could flatten modem users, it couldn't take down a sizable network like EFNet.
  • Of the solutions listed above, I think only nickserve and chanserve would be actual significant improvements. It would also be nice if there was better enforcement of all the servers running the same software, or at least software that follows the same rules (there have been glaring exceptions to this in the past, dunno if it still holds).

    I think there's one thing above all else about EFNet (and afaik, all IRC networks) which desperately needs to be fixed: it's designed with the most retarded possible network topology, a tree. A few simple redundant links and an improved inter-server protocol would result in it being many times less useful (and hopefully less tempting) to packet a server. But I've never seen anyone discuss actually implementing this.

  • You become 31337 by DDoSing another server and taking over that channel to see that you worthy of the password to talk about the design of the zippers on the new Enterprise series.
  • typically the servers that have this implimented have intercept DCC requests and then prompt the user to allow them to happen. It can still be done, but you open yourslef up to the same old garbage that way.

  • ...unless your a script kiddie who has to get in a pissing contest with someone else to make up for lack of large penis.

  • "Someone coming into YOUR channel and doing things you don't like? Deal with it. It's not for you to tell everyone else on the channel that they can't listen to this person (by kicking them)." Yes it is for you, that's the whole reason you're an op. Chances are the people there want you be kicking the people you are. The basic difference between dalnet and efnet is my friends and I don't have to listen to you just because you downloaded a l33t newer version of some script that I don't have.

  • Hello, You're not forcing anything on them, there is no basic right to join any channel you want. Further, disrupting networks to get around this is illegal (but on two small a scale to prosecute)

    The whole point is you don't have a 'right' (although you seem to think you do) to be on my friends and my channel (EFNET or otherwise) the only difference is on DALNET you can't turn into a baby and DOS me to get channel ops.

    The whole first person to create a channel is a lame argument. Start another channel, that should be the answer on EFNET or DALNET or any irc network for that matter.


  • a) I don't have ops anywhere

    b) I see no problem with the system except a bunch of whiney people going "WAAHH!!! we can't have the channel/nick we want"

    So if a person buys the house you want before you can make an offer, do you get the right to set fire to it?


  • A) Continue to waste company bandwidth from the inevitable DoS attacks to come... Continue to waste company time and money fighting the 13 year old kids who do this kind of thing (most of whom will receive no more than a spanking from their dad, anyway)... Continue to cause agony for your customers (your real customers, not your IRC clients) and potentially lose their business altogether


    B) Say "Later." to EFNet and, in all likelyhood, never face an irc-related DoS attack again.

  • Most of the servers on EFnet that I used to use patched their IRCd's so that getting ops on a split was impossible. Guess that either there are enough servers out there that havent been patched like this or there are just enough stupid script kiddies out there that just don't understand this...

  • > All you really need on a system like IRC is /ignore that works at the server level.

    IRC isn't a MUD. They just change nicks and connection origin. In light of the fact that nicks aren't registered and there's no guest/registered distinction on any IRC network in common use, you tell me how to implement a server-based /ignore that doesn't block legitimate clients... see, blocking out all of isn't really an option, is it?

    Yeah, "all you need" is PFM. All I need is not to use the hopelessly lame IRC except on small private networks. It's the same thing that happened to CB, internet style.
  • FYI, one of the reasons that EFnet is the way it is ( and has been for many a long year ) is because it DOESNT have those features. While I must agree with the invisible hub's, hostmask mirroring/masking and NickServ/ChanServ are 2 things that has distinguished EFnet apart from the rest.

    As an Australian, I think the visable effects of EFnet being hit are compounded: the fact that being an Australian automatically removes 70% of possible servers away to connect to - we're just not allowed to connect. I know this must sound like a whine ( and i'll get modded down for it ) but stop and think that its not all rosey and peachy for everyone ALL of the time.

    I am saddend to see that this type of activity is still occuring. DDOS on IRC networks just because you dont like someone ( or some group ), hacking of IRC networks just to let off steam and to teach "lessons" - its going to be the ruin of EFnet. It already is well on its way to being so. I've been on EFnet for a good 8 years, part of the massive exodus of Australians from AustNet to EFnet, the growth of EFnet as a small infant, to the glorious network that it was, and now I bare witness to its slow death.

    EFnet was ( and in some ways, still is ) the creme of the crop of IRC networks. Everyone who was anyone could be found there. I'd wager that some could credit some of their work due to conversations on it. And to be sappy, the amount of close relationships ( or even more - IRC marraiges! ) that have been forged, EFnet proves itself to be a valuable resource, despite its pitfalls.

    It's one matter to just say 'move to another network', but its another to manage to find somewhere as central as EFnet is.

    Hail Eris!
  • Sorry, I don't speak that lingo.
    What does 133t mean?
    The only possibilities that have occured to me are:
    1) stupid
    2) obnoxious
    3) silly
    4) sanguine
    5) repulsive
    6) juvenile
    7) bait
    8) neat
    9) light
    10) ... well, at this point I'm just adding words that end in t.

    Caution: Now approaching the (technological) singularity.
  • I remember when went offline because of DoS attacks. They had the ability to serve up to 7000 IRC clients. One of the main reasons for killing the server, IIRC, was because of an evening where a bunch of idiots threw tons of garbage down blackened's pipes, causing the entire state of (arizona?) to be deprived of internet access. Although I cannot find Matt's original letter, I did find the config of AMD K6-2 @ 333mhz, 128M of ram, 18G-10k rpm scsi primary, 9G secondary. This server houses the origional EFnet server, the largest EFnet server in the world before it de-linked. Still running with the origional IRCD, I, O, C/N lines and TCM.

    It's a pity that, in blackened's case, volunteer workers such as mjr are forced to abandon what they love to do, because of immature kiddies flooding the network with useless garbage.

  • I wrote Arizona this way: (Arizona?)

    There was a reason for that.

  • You know, the facist attitude of most IRCers is exactly the opposite of what is required.

    Ops, nick protection, and channel protection. All worthless. All designed to beef up the ego of people who have to prove that they're on the bot and can k1x0r your ass. Wow, so l33t. The hackers are preferable to that.

    All you really need on a system like IRC is /ignore that works at the server level. Someone bothering you? Ignore them.

    Someone coming into YOUR channel and doing things you don't like? Deal with it. It's not for you to tell everyone else on the channel that they can't listen to this person (by kicking them). They can make that decision on their own. It's for you to ignore them and get on with your life.

    But, I'm sure you don't want to hear any of this. Most IRCers I know all live for ops, it's all about sucking up until they're added to the ops list, so that they get to kick people, etc. They're just like the script kiddies but without the ability to use back orifice or sub-seven.

    As far as I'm concerned, you can have Dalnet. It's sole use is collecting gits like you and keeping them far away from someone who just wants to use a chat system and doesn't want a life based around a little '@'.
  • Because people who prefer Undernet and DALnet tend to prefer them because of channel/nick protection.

    That means that if they got there first and made a channel with a popular name (#quake, #perl, #pokemon, etc) that they will control it until the end of time. Alternatively, if they suck up to one of these people, they can get ops. With the @X or @W 'bots', they can log in any time of the day and get ops. Then they be an op. With ops. Did I mention they tend to be op-happy?

    They also rarely tend to be happy with just having ops. They tend to use it... Kick anyone who disagrees with them, or the party line. Offer ops to people who will kiss their ass, etc.

    Regular (EFNet) IRC has a bit of this, but with the complete channel ownership it gets worse.
  • If you didn't ban people, you wouldn't have to worry about designing a whole system just to allow banning.

    Implement /ignore at the server level (like on some networks) so that when you ignore someone it doesn't even send you anything anymore. That remove the personal-level DoS attacks. (Well, that and not displaying the user's address.)

    Get rid of ops at the same time. Let people deal with anyone they dislike by simply ignoring them.

    The problem?

    It'll never be done. The lusers who crave ops don't just want to ignore someone, it irks them that this person should be allowed to say something that they don't like. They want to kick these people off of a channel just to keep them from saying whatever it is they say.

    Which is why most people play with IRC for a while but then quit using it, they get fed up with the bullshit politicing you have to go through.
  • I don't think invite-only channel are a bad idea, if they don't have names...

    The problem with someone +s or +i'ing a channel is that they take a name someone else might want to use (because, face it, #perl is an obvious channel to talk to perl programmers, etc) and make it off-limits.

    I think people should be able to make private channels that are assigned some unique identifier (ie, random characters) and be able to control that. Other channels, with names that attract others? No. Why is your claim to #starwars any better than anyone else's? Why do you have to right to kick/silence someone? Chances are from the viewpoint of an outsider, you were as big an ass to the guy you want to kick as he was to you.

    Having the server do a few regexps isn't going to take a lot of CPU and it'd save sending a message through a web of servers, DoSing the receiver, who was just going to throw it away anyways.

    If people just acted like grown-ups and ignored jerks, those jerks would go away. However, if people rely of ops or irc-ops to kick someone off, that person will be justifiably annoyed. And it also gives them attention.

    A /ignore that actually worked would be best. It'd take away all attention and it wouldn't censor people who just have a different view. I've often been kicked off of channels for not toeing the party line. I mentioned on #c once (after fighting with a half-assed regexp library) that I really wished there was a regexp library as powerful and integrated as in perl. I got banned for that. Not a biggy, I didn't IRC much, but it annoyed me that instead of talking someone just relied on ops. The last refuge of the idiot.

    Later I mentioned an idea of getting rid of ops and the only objections I heard were that people wouldn't be able to give friends ops. Nobody had any serious concerns about how the system would work, just that they wouldn't be able to give ops to people they liked. (And ban people they didn't.) Wow, that opened my eyes to the type of people who tend to hang out in that environment.
  • And if the people aren't mature, it ends up with the op kicking the non-op over whatever disagreement they have.

    Nick protection is just plain silly. It's like ranting that should have to change his email address. If you want to see who you're talking to, look at their hostname.

    Just another example of people wanting control...
  • Yup, you're an op on some channel.

    It's easy to tell. People who resort to person insults over the issue are people whose social standing rests completely on the '@'.

    Tell you what. Get a tattoo of an @ sign on your face. That'll let people know you're to be respected.

    If channels had random names, cybersquatting wouldn't be a problem. But if someone wants to talk Counterstrike (for example), which channel do you think they'll try. Starting another channel by another name isn't going to do any good because nobody would ever go there.

    Thus, the first person to start a channel (and thus get ops) gets to lord it over everyone who goes there after that.

    The only people who like the ops system are those who've kissed enough ass to get ops and thus are waiting their turn, for some sycophant to latch onto their sphincter.
  • Oh wow, without your sage wisdom, nobody would ever be able to properly converse. I mean, you're an op, not just because you were the first person to create a certain channel, but because you are somehow a wise arbiter of what should and should not be said. I bow to your mighty wisdom.

    If you didn't have ops and instead had to rely on /ignore, you still wouldn't have to listen to anyone you didn't like. The only difference is that you couldn't force your will on them.
  • I'd be devestated by your comments if I'd spent more than an hour on IRC in the last few years.

    I realized it was just a political game for people and left when IMs became a decent alternative to IRC for coordinating with a group of net friends in realtime.

    I just happen to be able to see that the problem is people like you. Op lovers who'll do anything to defend their little habit.

    Say it with me, "I'm not a control freak! I never kick anyone... unless they mouth me off."

    It's people with your attitude who resist having an op-free network where nobody can lord their power over anyone else. If you'd step back and look at it from the perspective of someone who doesn't want to have to play nice to some teenage kid with ops just because he wants to chat, you'd see the inherent problems in the system.

    I guess from the position of that young kid with their first taste of power, it's pretty cool though.

    Come back to this conversation in ten years, if you've got any friends in real life, you'll see it a bit differently. If you're still on IRC all the time, well, you won't have aged much.
  • Why does the first person into a channel have a right to keep it forever? Just because that's the way the system is? Why does the system have to be that way? Because you're one of those ops and like the power??

    The "first person" argument is valid, about nicks and about channels.

    Why should one person have the ability to control what nick you can use, or what channel you can use?

    Look at how ICQ does names, you can pick any name, even if anyone else uses it. The UIN is the only unique bit. When you want to message 'Batman' or any other common nick you look at the email (or in IRC terms, the hostname) and pick the right one. From then on, you can just use the common name.

    That system gets by perfectly without anyone having sole rights to the name. So why couldn't IRC work that way?

    Simply because people aren't happy unless they control something. They think their spark of creative genius ("Hey, I'll name myself after a comic-book character!") deserves some special recognition... ("Hey, I'll keep anyone else from doing it!")

    The same goes for channels. Why do you need someone to "maintain order" in a channel? If you could just ignore someone and they'd never bug you again, what is really gained from kicking them?

    "But I want a private channel!"

    Then choose one with a name nobody else will ever want to go into. There's no reason you need to make #marvel, #windows, #quake, or any other commonly-named channel your private one. Create #MyChan348234, +s+i it, and invite your friends (off of one of the commonly-named channels) into it for anything private.

    It also makes the system a lot easier. There's no need for the complication of a nick-serv and a chan-serv. If nobody can own anything, you don't need to keep track of ownership.

    The system becomes less complex, people stop attacking each other for control because there is no control, etc.

    Can you see a problem with this system, or are you just upset at the idea of losing ops?
  • Gah, why do people insist on using lame metaphors when discussing something?

    b) I'm saying people should just cope with it. Scratch these annoyingly complex systems which exist JUST to give people exclusive power over a nick or a channel.

    The nick/chan serv elements are more of a problem than they're worth. The only reason I've ever got for keeping them when I've proposed a new, simpler, IRC model, is that people want ops.

    My sole problem with ops is people who won't give it up, wanting to damn the system just so they get their power.

    If IRC was FIXED, it wouldn't have people trying to DoS servers to split channels, or kick people to get nicks. It also wouldn't need complex and easily broken system for preventing this. People would still try to attack each other, but a /IGNORE that was properly implemented, and hostnames that were properly obfuscated (to prevent people doing a direct DoS) would prevent these problems too.

    I've tried to work with IRC developers, I've proposed this idea to hundreds of people. The *ONLY* argument I've ever heard against it is that it doesn't have ops, and people wouldn't be able to kick people, or give ops to their friends.

    They say this in various ways "what if someone came into my channel and started..." or such. But /ignore would deal with this. These people don't want to avoid seeing someone who's bugging them, they want to prevent that person from saying anything. If all they cared about was keeping from seeing floods or offensive comments, they'd realize that I proposed a mechanism to prevent that.

    To me, this as good as proves that most IRC users are ass-kissing op-wannabees, or power-tripping ops.
  • Echelon is run by the NSA, not the FBI. And it deals primarily with Europe.

    And the FBI probably has bigger problems to deal with then IRC servers going down due to poor design.
  • IRC is not a part of the web, it has no place in 'web' history. The web is only a subset of the internet. And not the subset that contains IRC.
  • And how the fuck are they supposed to do that?

    Hi, we really need more open servers. Would you mind hosting our network and reciving hundreds of Distributed Denial of service attacks a day?

  • by delmoi ( 26744 ) on Wednesday July 11, 2001 @10:51PM (#90771) Homepage
    I think you're missunderstanding the point of the EEF...
  • never ceases to amaze me that people think that blocking a few IP's or killing all ICMP at the router is gonna protect them from a large-scale flood. Even blocking by the provider a few levels up from the target isn't a perfect solution. One of the servers was getting about 3gb/s during one of the attacks...I don't care who the upstream provider is, that much load in addition to all the regular traffic is going to make things damn horrible. Not to mention that the more things you block, the more you risk killing legitimate traffic.

  • Wow. While I've not been using EFNet in the recent past, it was my first exposure to the internet and all it's glory, way back in 1992. I remember it not being very big back then, few rooms had more than 20 people in them, and you often had to search for a while to find anybody who was actually up and awake. I watched it grown and expand until it finally took up so much of my time I had to leave it.

    I also remember it being kind of the "outlaw frontier", where almost anything went, and hacking was somewhat encouraged. Moderators took a real hands-off approach unless you were being blatently over the top. Perhaps this rogue spirit is what is killing it today. If you encourage (or don't discourage) hackers and crackers and script kiddies, perhaps you reap what you sow. I just don't understand why, if someone gives you a really nice sandbox to play in and hack in, why you'd feel the need to take a big huge shit in it. Have fun raising hell in EFNet, but attacking the servers themselves is crossing the line.

    Maybe they just want to be known as the people who took down EFNet. Likely, they'll be known as someone who spoiled a good thing.

    Good bye, old friend, you'll be missed.

  • by cje ( 33931 ) on Wednesday July 11, 2001 @06:50PM (#90777) Homepage
    I never did anything to harm an IRC server. Nobody did. #warez learned to fear my army of clonebots, and in fact clonebots were the only thing I ever did that upset IRCops.

    You "never did anything to harm an IRC server", yet you had an "army of clonebots?" Were these magical clonebots? You know, the kind that can connect to the network without using up connections that would have otherwise been used by legitimate clients? Were they the kind of clonebots that could send nickfloods and tsunamis to #warez directly, without interacting with (or consuming the resources of) the servers?

    IMHO, the DDoSers of today are the clonebotters of 6 years ago. The technology is different, but the mentality is the same. 6 years ago, people didn't have the big, fat network pipes that they've got today, and there weren't as many fools running networked, compromised boxes 24/7. 6 years ago, the DDoS attacks of today weren't technically possible. If they were possible, they would have been used.

    You sound like you've outgrown the phase, which is good, but I suspect that if you were six years younger, you would be right alongside of the group that is responsible for this.
  • by cje ( 33931 ) on Wednesday July 11, 2001 @08:19PM (#90778) Homepage
    A clonebot uses no more resources than a single legitimate client.

    Legitimate clients don't change their nicks ten times a second, nor do they use TextBox/PhoEniX-style tsunamis (large amounts of text) against users and channels. Unless your clonebots joined the target channel and said "hehehe" and "LOL" every ten seconds or so, I think it's a safe assumption that they used well more than their fair share of resources. I can certainly say that in my years as an oper, I never encountered such benign clonebots.

    I disagree strongly. They were more difficult, available to a smaller group of people.

    Well, certainly the ability to do a distributed flood existed, but nowhere near to the extent that it exists today. The IRC "floodnets" that were the precursor to the modern DDoS didn't appear until a few years later. The modern DDoS would be an impossibility were it not for the large number of unprotected cable modem/DSL users and wide-open corporate networks, most of which didn't exist at that time.
  • IMHO, the DDoSers of today are the clonebotters of 6 years ago.

    And, even though I'm going to get flamed for this, the argument exists that if the opers in their very-finite wisdom didn't do everything in their power to protect the sheep from themselves the kiddies would still be perfectly content to do simple text floods, nick collides and split riding instead of DDoSing full servers.

    Infact, the many ircd "enhancements" currently make irc almost unusable for those who DON'T break the rules. No ops on split, no join on split, hell, there is even atleast one server which won't even allow you to chanop no matter what the server state. I mean wtf is this? No (ops|join) on split with a perfectly working TS is redundant, it just makes it harder to recover opless channels. Not allowing anyone to chanop is just fucking stupid, period.

    EFNet, even for those who do follow the rules, is becoming unusable, not to mention that there are assholish and apathetic opers who just don't give a shit. Unless you're their friend you're fucked about getting help from one. I can see the frustration the kiddies are exhibiting.

    -- iCEBaLM: 5+ years of EFNet usage.
  • Gee, it's just so simple isn't it?

    Hostmask mirroring leads to endless problems in an IRC environment. How do you tell one person from another? Force nick registration? Nobody wants to sign up just to use IRC, that's one of the best things keeping it separate from instant messaging. Really it's much easier the way it is, with opers mostly hiding their real hosts not so they're not DoS'd, but so that it's at least more difficult to find/hack them and gain control over their server.

    Nickserv/Chanserv don't help. DALnet/Undernet have services, they get hit. Not as much or nearly as hard as EFNet, but they do. Also, services have been known to be hacked(not that EFNet hasn't, but at least there isn't a service in place that makes it a 1 step process to 0w|\| every single channel)

    Invisible hubs might sound nice in theory, and in fact were at least at one point scheduled for the next version of the EFnet ircd. However, this alone won't do a fucking thing. Because only a few servers have the balls to let many clients on anymore(,, taking down just those two servers takes out something like 1/2 of all EFNet users. Maybe you can't take channels so easily(like you can now?) but it'll still fuck with everyone trying to chat, and make the servers question why the hell they bother(which I don't understand myself. I have a friend who's an EFNet server admin, and I still don't get why.)
  • Don't you think that supporting a cause to help eliminate a problem that threatens the existance of IRC on the Internet is appropriate for such an advocacy group? They do help with legal defense in a lot of cases dealing with the Internet and freedom... I think that freedom also involves the rights to life, liberty, and the pursuit of happiness. I know it sounds kinda like patriotic bullshit, but these script kiddies are clearly ruining a valuable resource on the web, and are threatening its existance. I can't think of any other group besides the EFF that would take on such a cause. Maybe they could have a spinoff organization...
  • by brianvan ( 42539 ) on Wednesday July 11, 2001 @02:38PM (#90785)
    My favorite IRC server is gone for good cause of these little f*ckers... who can I strangle now?

    *sigh* And again, what's the purpose of this? We lose something in exchange for nothing. We should pursue these people more agressively, since we're really losing one of our best communication resources out there... cause I mean, when they're done with IRC, they'll go after whatever else looks ripe... AIM servers, ICQ servers... even Slashdot.

    This is a good cause for the EFF to take up... prosecution of these script kiddies. I'll donate to that cause...
  • Just because the EU is investigating Echelon, it does not mean that it is primarily targetted at Europe. Echelon sucks in everything in North America too. It was started here and they have much more control and access here...
  • Interesting you mention * seemed to be quite the popular ban mask for LOTS of EFnet channels. Gah. I remember whe #warez(or #warez2-300, #warez5 had a limit on x users on) wasn't +i.
  • You lost your channel? So what, go make a new one.

    You lost your nick? So what use a deviation.

    These two lines, all by themselves, show why EFnet's been going downhill for years. Simply put, they ignore the social aspects of IRC. People don't want to change their name, or their street address, just because some script kiddie managed to kick them off and steal theirs.

    I got off EFnet when DALnet first came up with a real solution to these problems (I held founder status on #watertower when it was the biggest channel on DALnet, way back when), and never looked back. I'm not surprised that EFnet has been in a long slow decline ever since.

  • Main point is to annoy specific users or opers of the network.

    Undernet went through a large dossing phase a few months ago (now there are only half a dozen or so American servers left from the 25 or so there were before). They've since been implementing measures to protect from DOS:
    - hide the server names in /whois
    - disable /map and /links
    - hide the server names in netsplits
    - disable umode +s

    Perhaps EFnet could learn from history :)
  • The posts on slashdot indicate that most of you think that the DOS attacks are the responsibility of a 13 year who has too much time on his hands and hasn't yet understood the stupidity of attacking a nonprofit service.

    I pose a different theory. There is not much to back it up, but it's a possibility that should be considered. First, in addition to chatrooms involving help with coding or project collaboration, the two largest groups that use IRC are "pirates" and pr0n freaks. Big business hates the IRC because it's the epicenter for trading of movies, music, and software, and some software and movie distributers even start with the IRC. The Government hates the IRC because they seem to think that it's the hotbed for perverts to meet children, hence all the FBI agents posing as little girls.

    The IRC is somewhat immune to legal attack, since it is decentralised, and like the newsgroups, the content is user-based, thus the hosts don't take responsibility for illegal activity. So what can Big Business and the Government do to stop this menace? Hmmm....
  • Thanks I didn't even check to see if the link was broken. It was a typo so I moved it over, and added a TCP/IP stack tuning guide to the original document.
  • by joq ( 63625 ) on Wednesday July 11, 2001 @02:33PM (#90804) Homepage Journal

    Many people still use IRC for many things trading coding tips in C++, developing OS's (#freebsd, #openbsd, etc.), assisting newer users of the OS (#linuxhelp, #freebsdhelp). Many friends also use it as a means to communicate, and it's sad you do have some shitty channels but you shouldn't generalize everyone on IRC as being warez kiddies.
  • by joq ( 63625 ) on Wednesday July 11, 2001 @02:29PM (#90805) Homepage Journal
    I noticed most of these attacks happening in the summer time which can be attributed to kids being out of school and having too much time on their hands. I've written a paper on stopping DoS attacks which can be found here [], which deals with network based (router level), firewall, and kernel tweaks, to minimize a DoS attack.

    Some of these idiots should check into a local clinic for psychiatric assistance, and stop ruining things for people who just want to chat.
  • by Retalin ( 68942 ) on Wednesday July 11, 2001 @02:37PM (#90809) Homepage
    I usually refrain from posting opinions but I feel on this one I must.

    EFNet has been my sole IRC network for years now, its plagued by many things that draw the wrong crowds. However this doesnt make it a bad place, its just not one where you can go telling off some 13 year old that has as they say "500 b0x3n". I dont understand the mentality of attacking a non-profit irc network for any reason.

    You lost your channel? So what, go make a new one.
    You lost your nick? So what use a deviation.
    They wont let you be an oper? So what start your own network.

    I mean come on.. this is rediculous.. So what if your upset with efnet, there are so many other alternatives out there that you cant begin to list them. Use one of them.

    As far as the attack that efnet is facing, its not just the DDoS, its also the attack of its users. Just like this post on slashdot about efnet... "but I find myself wondering if the oldest IRC network can pull out of this type of situation a second time?" If youve used a network for 5 plus years, and its been through this before, then odds are it will make it though it again, dont show a lack of faith or support like that. You are giving this kids or immature adults exactly what they want. The truth is this, we are giving them exactly what they want, thus they wont quit. If we quit complaining, then what they are doing isnt working any more, or they are not going to get their desired results, thus they will probably quit attacking efnet.

    One of the most redundant things you will see on the forums is the posts regarding the problems efnet is facing where people are whining and complaining about not being able to get on efnet. Instead of that, shut up and move on. So what if you cant get on efnet for a few days, its not like theres not 100 other irc networks that you can use until EFNet gets back up, heck have your buddy on a cable modem load up ircd to support your friends until efnet is back online.

    In short, stop making a big deal out of it. In the end your forgetting the people who are really suffering and whining about stuff that dont matter, imagine how much these attacks are costing the hosts of the servers we love, they are doing this for free, and paying out the rear end to keep this thing going. Thats where we come to the poing of loosing efnet, is when it hits the sponsors (servers) in the pocket.


  • Since is delinked, any other good public Efnet IRC servers to use? Thanks!

  • by _GNU_ ( 81313 )
    From what I've heard about IPv6, DoS attacks are alot easier to control there...

    IRCnet has quite a few ipv6 server running, but as they are also quite limited to their surrounding univs etc due to beeing ipv6 only, where people tend to be clued, and not scriptkiddies, I don't think they've been put to any serious tests... well.. some minor incidents where the ipv6 tunnels have been cracked and DoS attacks against ipv6 hosts have been performed..

    The most ipv6 abuse I've seen are funny ip-ending like :dead:fed and such.. ;)

    If someone is clued in on ipv6, please brief us on DoS controlling if I'm totally off here.
  • Speaking from experience, they are probably pissed off at Dianora.
  • by treat ( 84622 ) on Wednesday July 11, 2001 @02:32PM (#90820)
    What is the point of attacking an IRC network with a DOS attack anyway?

    To get ops. Timestamping makes this more difficult, it does not make this impossible. Consider the case where everyone in the channel is disconnected because their server is flooded off. Now that there are no ops, you can get ops on a split. And of course, you can cause a split by flooding one or more servers. As a bonus, you get to steal the nicks of your enemies.

  • by treat ( 84622 ) on Wednesday July 11, 2001 @03:04PM (#90821)
    Well I hope your equally disgusted with yourself. Its shitheads like yourself who's antics set the stage for this sort of thing.

    How is that? When IRC wars moved out of IRC, I stopped. More than that, I vowed to never fight again. I have let the channel I hung out in for 8 years be taken over for months, because I refused to engage in any IRC wars.

    Pingflooding had been considered lame for a long time. It hurts noncombatants. It hurts combatants in ways unrelated to IRC. It is unfair to those who have less bandwidth. It creates wars that escalate only through use of more bandwidth, which means hacking hundreds or thousands of machines. Then a new crowd moved in (along with Windows, WSIRC, and mIRC) that didn't see a problem with it. The collective morality changed. It wasn't individuals who's morality changed, it was a new group of people who did not have any respect for anything.

  • by treat ( 84622 ) on Wednesday July 11, 2001 @02:27PM (#90822)
    I used to be a fearsome IRC warrior, in the days of nuke and flash. Not winnuke, mind you. Nobody on IRC used Windows then. Nobody at all.

    I never did anything to harm an IRC server. Nobody did. #warez learned to fear my army of clonebots, and in fact clonebots were the only thing I ever did that upset IRCops.

    Now, people don't care about IRC when they are involved in their IRC wars. Just like using nuclear/biological/chemical weapons in real-life wars, DoS attacks against servers harm innocent noncombatants. This is unconscionable.

    DoS attacks against servers is destroying, and will ultimately destroy, EFNet. These people surely know this. They just don't care.

    I have never been so disgusted with mankind.

  • Why is this moderated up? Efnet's website is now slashdoted and has nothing to with the efnet irc servers... think before you post.. specially since yer a doctor..

  • if he's the one who is doing this, I hope he drinks some bad vodka with methanol in it and dies a horrible screeching vomiting death.
  • I've been on the EFNet since 1991 (#iCE and #ANSi back in the day ;) and it's been a shame to see it steadily decline in the last few years. I used to frequent it all the time but about three years ago it just started getting ridiculous: netplits all the time, lamers taking over the channels, and very difficult to have any decent conversation. It used to be fun to have it on in the background at work but now it's just not worth it.

    This year has definitely been the worst however. I've seen every single channel I've ever frequented move to other networks. #iCE was the last to go (they're very nostalgic) and while they've tried to keep a relay bot up on EFNet to keep the conversation on both servers it just isn't working: EFNet has officially gone to hell.

    I hate to see it go. Now I can't find any two interesting channels on the same network and everybody I used to talk to is fragmented on different nets. It's really too bad that a few immature individuals can ruin it for the rest of us.

    - j

  • Another possible solution WOULD be to license net use. Sounds kind of silly until you think about the requirements to broadcast radio over the public air waves. Any citizen can be authorized to broadcast "Allowed" traffic by studying for the test and getting a ham license. Unlicensed bands (CB) is much more leet kiddies running illegal amplifiers and effectively DOSing each other. Ham people call CB "Children's Band." AOL could be the internet's "Children's Band."
  • by Greyfox ( 87712 ) on Wednesday July 11, 2001 @04:16PM (#90832) Homepage Journal
    A couple of possible solutions present themselves to DOS attacks:

    1) Mandate that ISPs filter outgoing traffic from outside their address range. A lot of these attacks won't work or won't work as well due to address forgeries.

    1a) Hold ISPs responsible for damages stemming from attacks originating from inside their IP ranges. Allow them to recoup those costs from the users whose hosts are involved in the attack.

    A lot of people are gearing up to flame at this point going "But but but you can't hold a user responsible for the security of his machine!" Bullshit. If you want to connect to a public network, you should damn well make sure your system is secure. And security would improve, because someone's money would be directly involved and therefore law enforcement would be much more inclined to pay attention.

    2) Give a government organization draconian powers over the net and passwords to all the routers irrespective of what company owns them. "Oh... That DOS is originating from Lets just turn down their router until they sort it out." That'd damn well get attention real fast.

  • Hybrid 7 has support for IPv6, but alas, its not quite finished yet, and with all this stupid shit going on it, it still might be a while longer, especially with one of our best coders around. But the IPv6 support seems mature enough(I should know if anybody, I wrote most of it).

    But, honestly, IPv6 might be able to help against certain types of attacks, like smurf attacks, but it doesn't help as much against DDoS. But at least QoS(Quality of Service) it would help some, unless your router is swamped....

  • by JoeShmoe ( 90109 ) <> on Wednesday July 11, 2001 @03:13PM (#90837)
    It's not the slashdotting (well, it probably is now) its that everyone on irc has been trying to get an update since yesterday.

    You can read the news at this mirror [] too:

    - JoeShmoe
  • by JoeShmoe ( 90109 ) <> on Wednesday July 11, 2001 @05:23PM (#90838)
    I don't think that the users and admins of EFNet would like the thought of having the government actually being part of their network.

    Um, if you don't think the government is already on EFNet (actually, any IRC networks) then you are living in a fairy tale. Think back to the mafiaboy fiasco...he bragged in an irc channel and the next day he was arrested.

    Not to mention all the undercover cops in channels like #dadanddaughtersex hoping to catch some kiddie porners.

    Since the government can get their hands on any information with a sealed subpoena there is no more or less protection than just everyone using a server like!

    The whole EFNet piract scene is a few thousand people at best. There are far larger targets (although they have gone after FTP sites, which in a sense could count as an IRC bust since most siteops are on IRC).

    Regarding proof, they don't need prove to make an arrest. That's what a trial is for. Kevin Mitnick was arrested because companies like Sun claimed his copying of source code cost them millions. This was enough to make him guilty of grand-theft computer and get him arrested, even if Sun couldn't prove a single cent of damages resulting from the download. It was just a theory but that's all that matters for an arrest.

    I admit that a bunch of WAREZ DOODS don't make a very sympathetic victim, but think about the major ISPs like @Home, C&W, Mindspring, etc that are subjected to constant attacks. If just one of these companies would grow a pair of balls and try to get enforcement instead of pulling the plug then it would send a message.

    After mafiaboy I sincerely doubt that anyone would try a major attack against our precious, precious e-commerce sites. So if the same kind of example was made of one of these script kiddies then maybe the rest would think about whether taking that channel was worth years in jail.

    - JoeShmoe
  • by JoeShmoe ( 90109 ) <> on Wednesday July 11, 2001 @03:02PM (#90839)
    This is a crime. Where is law enforcement?

    No monetary losses? How about bandwidth cost? How about admin time to repair/fix hacked IRC servers?

    What I fail to understand is how some Canadian teen ping floods Yahoo! and has the entire wrath of the FBI, NSA, CIA, DIA and Canadian Monties on his ass...meanwhile EFNet servers are subjected to coordinated 3Gbps attacks and the only solutions seems to be give up?

    What the hell kind of logic is that? Okay, give up because it is easier. If you ask me, every EFNet server should lodge a formal complain, claiming $10million in monetary losses. If we learned anything from Mitnick, it's that companies can claim any bogus amount of losses and get results.

    Or maybe the FBI/CIA should just host an EFNet server themselves. We all know they are caching the whole damn thing anyway to run through Echelon. If EFNet goes down then were are news organizations going to go for their pithy quotes?

    - JoeShmoe
  • So yes, EFnet may not be the largest network anymore, and its population may be going down, but the level of clue hasn't gone down and seems to be rising for the most part.

    Yeah, I've actually noticed this. As it becomes harder for people to get on EFnet the amount of annoying "a/s/l"-type kids has really declined.

  • I really have to wonder at these IRC people: They build a spanning tree, and then complain about netsplits. Come on, you want to avoid having *any* single point of faliure... not maximize the number of such points.

    IMHO, IRC networks should be set up to look more like usenet does: Each server should peer with several others, forwarding data about using basic flooding algorithms. Sure it would be a bit more complicated, and it would use more bandwidth (because you need to work out which data has already reached your peer and avoid resending it), but it would practically eliminate these problems.

    Why can't people design computer systems with a bit of attention to redundancy and security in the first place?
  • Re: security:

    Personally, I'm all for splitting the blame between the ISP and the user. When the Comcast (or whoever) representative comes out and installs your cable, they should have you sign some sort of statement of security, peform a few basic checks on your machine, and leave a card telling you basic ways to keep your machine secure. These would be something like:

    1. At least once per week, preferably more often, use the update feature of your OS. Win32 has Windows Update, MacOS has a control panel, Debian has apt-get. This alone would prevent much of the successful attacks going on today.

    2. If possible, leave file and print sharing off. Use a password, if you must turn them on. (for *nix machines, this could be extended to "don't run things like r-services, telnet, etc.)

    3. Buy one of those nifty little $100 routers, or use one of (list of approved software).

    After that, it's all upon the user. If someone can pay for access which is fast enough to make them a target, they can certainly take a few minutes every week to keep things up to date. If not, then they get to pay $$. It's the same with people who can't bother to cook for themselves, or who have to have designer blue jeans. You pay, I don't. What a wonderful life.

    Will this work? Ha! This will probably work at about the same time people check the fluids in their car once per week like they're supposed to do. However, if their computer gets 0wn3d, and they have to pay $$ for it, that might be a pretty good motivator.

    Sotto la panca, la capra crepa
  • In a channel without ops, and even with a real /ignore, spambots become a real problem. New people to the channel who haven't ignored the 20 resident on-join spammers will be targeted. People with massive clonebot nets can still DoS those who aren't quick enough to block 240 different IPs. Opers become the policemen of IRC, spending much more time dealing with smaller problems.

    The first come, first serve status of IRC may be prone to abuse, but more abuse occurs without anyone there to take quick and decisive action. In an ideal world, users would elect ops and confirm their decisions, but that's far too much to expect from a chat room.

  • You said the same thing 3 times, using different words. Are you a journalist?
  • by jbarnett ( 127033 ) on Wednesday July 11, 2001 @02:35PM (#90854) Homepage

    First a DOS on their irc network, now a slashdot on their web server....

    We should ALL send out our support though LOADS of email to let me know we care... err wait

  • by Mekanix ( 127309 ) on Wednesday July 11, 2001 @03:57PM (#90856)
    I run a chat for people with depression and similar disorders.

    We find great comfort in chatting with eachother and are happy that the various IRC-networks gives us this upportunity.

    But when this kind of childish behavior sets in, it's not just the various networkoperators and sponsors who pays.

    There are real people behind all those nicks. People who have come to depend on it. And suddenly find themselves alone, again. Alone to deal with their pain.

    Once we have relocated to yet a new network, next step is at get contact to all the users. Mostly impossible, few trust others to get close enough to give out personal datas (like email).

    Third step is to get people to change their client. Almost as impossible, many of the users aren't your run-of-the-mill powerusers.

    Bottom line is that every time this pre-teen-kidz feel an urge to show off their l337-status, *real* people with *real* life and *real* problem.

    But those script-kiddies doesn't care, to them we are just faceless nicks.

    My wish is, that once those kids grow up they will learn of the harm they had done. Know that when they trashed a network, someone was left alone... crying in the dark...

    ... and know *they* are to blame for nonexistance of IRC and free chats.

  • When you know things are really bad:

    *** no such channel "#warez" (


  • And how the fuck are they supposed to do that? - Hi, we really need more open servers. Would you mind hosting our network and reciving hundreds of Distributed Denial of service attacks a day?

    Take a look at DALnet, for instance. Their servers are DoSed too, but not nearly to the same level as EFnet's servers. And look -- most DALnet servers are open!

  • by AntiNorm ( 155641 ) on Wednesday July 11, 2001 @03:27PM (#90866)
    Believe it or not, EFnet would vastly improve its situation with more open servers. Having to spend a considerable amount of time searching for a server that will let you connect is VERY annoying. I have spoken with a number of other people who agree with me on this. People don't want to have to do this, and I find it impossible to blame them.

    Like it or not, EFnet is pissing off its user base. Not that this warrants DDoS attacks, but the basic principle is that if you treat your users well, they'll treat you well. Likewise, if you piss them off, they're not going to be so likely to be friendly towards you.

  • The root DNS servers at [a-l] are just as vulnerable to this stuff.

    Yes and no. Providers of root servers usually won't stop hosting root servers because of a DDOS attack. The root servers aren't going away. The whole point about EFNet is that most of these servers are optional, run because some provider felt like doing a good turn for the community. When these providers get hit, they drop their IRC servers pretty fast. The same thing will not happen to the root servers, at least in terms of getting dropped.

    Also, there is much more redundancy in DNS than IRC. If several/most/all root servers die, caching should continue to provide some level of service. Generally speaking, end users don't send DNS queries directly to the root servers, (unless they're running djbdns, like me).

  • While these are good conceptual ideas, once a packet filter is implemented on a router, it consumes a huge amount of processing power and memory to then process every individual packet through that filter. This will lower an ISPs throughput significantly as each packet hits the filter.

    Now, imagine these LARGE NSPs that host IRC servers on EFnet with multiply redundant BGP-4 routed DS3 and ATM circuits placing these access lists on their core routers. It wouldn't work. It would cripple them worse then the DDoS's will.

    You could use a Firewall as a solution, but they are cost prohibitive to pay per connection for every IRC client. This is why it is hard to "just filter" attackers on core routers.

    And as far as holding ISPs accountable goes, that is a can of worms that won't be opened. Other then our DMCA and other laws.. I can't imagine this happening.


  • by cOdEgUru ( 181536 ) on Wednesday July 11, 2001 @02:26PM (#90873) Homepage Journal
    that I could lay my hands on that 13 yr old freak whos behind this. To hell with Non-violence, I would bash his head open.

    These idiots would never stop, until someone hit them with a baseball bat over their head. And its time someone did.

  • by SlushDot ( 182874 ) on Wednesday July 11, 2001 @06:29PM (#90877)
    There seems to be an attitude here that most of IRC is lamers, and who cares if they're DDOSed into oblivion. However, I fail to see what makes this unique.

    The root DNS servers at [a-l] are just as vulnerable to this stuff.

  • by bl968 ( 190792 ) on Wednesday July 11, 2001 @02:45PM (#90881) Journal
    It will take a number of the following measures to limit and reduce the number of attacks EFNet faces.

    Hostmask mirroringthat would at the irc server level protect you from hostile users out there, making it virtually impossible for them to gain your IP address via IRC.

    Nickserv/Chanserv allows you to reserve your own nickname and reserve your own channels for personal use.

    Invisible hub servers, these invisble hubs means it is possible for one or two servers to be taken down but it will be individual servers on instead of entire branches

    By implementing these features you will see the irc wars lessen and eventually die out for the most part. The nick and channel services would protect the channels reguardless of the warbots and denial of service attacks. The masked ip's would mean you could not attack other users of the network unless they did something stupid like accept a dcc connection. EFNet may have the invisible hubs already however the rest of the possible solutions they do not have and seriously need to consider.

    When I'm good I'm very good, when I'm bad I'm better, But when I'm evil you better run :P
  • I've got a proposal for a new IRC protocol [] (very much a work in progress) sitting around, if you're interested; among other things, it allows redundant connections between servers. Comments are welcome (but "we-don't-need-another-IRC-protocol" flames are not).


  • madmax @ 2001/07/11 21.16 / dianora
    Just incase the rumours are true and somebody's attacked all the servers dianora opers on, can I point out that Diane hasnt been opered on for about a week... If you're going to DOS servers because you dont like their opers, at least /stats o first ;P

    Since a lot of people seem to be up on this situation -- what's the story?

    I know, this is pure gossip with no redeeming News For Nerds value and almost certainly involves a lot of dweebs with too much time on their hands and no sense of perspective. But since we've pretty much exhausted the community discussion possibilities of "Destructive script kiddiez are idiots!" let's get to the dirt!

    Unsettling MOTD at my ISP.

  • by Traicovn ( 226034 ) on Wednesday July 11, 2001 @02:26PM (#90891) Homepage
    What is the point of attacking an IRC network with a DOS attack anyway?

    It's not going to give you ops, your not going to achieve anything besides slowing down the network.

    I have to wonder what the script kiddies problem is with EFNET, what's their beef with them? I'd like to see that posted here, or are they just doing it because they can.

    I've seen some severs disappear off efnet and go private or join other networks too. People don't want to be associated with the unstable network, and they can't pay the bandwidth bills of a DOS atack. Remember, DOS sends a whole lot of information, which translates to bandwidth, which on servers, costs a pretty penny. And unless you own a telecom, that's money that your never going to see.

    Whoever is doing this, just quit it. Attacking an IRC network (Which is free for people to connect to and use by the way) is just lame and stupid.

    [Something witty and intelligent should have appeared here.]
  • by TWX_the_Linux_Zealot ( 227666 ) on Wednesday July 11, 2001 @02:44PM (#90893) Journal
    "Seriously though, why on earth would anybody want to run an IRC server on a major network? Is it for the money, or is it just for the women?"

    Hey, don't knock "for the women"... I knew of a guy who was the SysOp of one of the largest BBSes in Phoenix, something like 50 lines when it finally just ended, and he used his "cool bbs" routine to get laid...

    Of course, I've got to wonder about the girls who'd screw a guy whose claim to fame is a computer with a lot of modems plugged into it (or even an array of them)

    IBM had PL/1, with syntax worse than JOSS,
  • by Kasreyn ( 233624 ) on Wednesday July 11, 2001 @02:44PM (#90899) Homepage
    Why do schoolyard bullies put a nerd's head in the toilet? They don't get anything for it. It doesn't make them any money, it can't improve their lot in life, it teaches them nothing so it's not even a learning experience.

    Frankly, they do it because they ENJOY DOING IT. They get a cruel (I would say sick but sick is a hard word to apply to something practised by the vast majority of the human race), a cruel thrill off of beating up someone weaker than they. And then the tortured nerd goes home. And then he either torments pets, or he goes on the net and DDoS's some perfectly cool site. Because he has learned to be a bully, by example and by reaction to his own treatment.

    Why not DDoS Microshaft or whatever, while he's at it? Because he does not have any sort of economic or political goal for this attack. He's not doing it for that reason. He's doing it to piss off as MANY people as possible. DDoS'ing Microsoft pleases too many people, so he could care less about doing it. What better way to piss off a whole bunch of netters than attacking their community where it hurts?

  • Have you even been on irc before? You sure dont sound like it. EFnet is a collection of servers. Notice the s on the end of servers. And, it is also HIGHLY unlikely that the semi official webpage at is even hosted on one of the IRC servers. Please. Humor Me. True, they probably dont really want a slashdot effect right about now, but, its highly unlikely that its connected to the IRC Network.
    Call me a troll if you want but Doc here needs a sortin out.
  • by litheum ( 242650 ) on Wednesday July 11, 2001 @05:17PM (#90902)
    You guys... really... the whole idea behind the web is hypertext. Hypertext with hyperlinks. I mean good god, you're going to or something, and you'll notice that http and html are both acronyms that deal with hypertext. Hypertext with hyperlinks. Like the one that michael or whoever the hell put on the article that he posted. If efnet's servers can't handle the "/. effect" then they should take the fuckin' things offline. That's just how the world wide web works... by one hypertext page linking to another, and it makes no sense to leave out a link because the guy at the other end can't handle it.

    And one more thing... if there's anything it's not, it's not poor journalism. Journalism has nothing to do with being considerate to the other guy by not linking to his stupid website. Slashdot is making things easier for it's users by putting in a damn hyperlink, and you can't deal with it.

    VERY poor complaint, dude.
  • Yeah, well, what makes you think the script kiddies won't DoS the other networks once EFnet's gone? I've been on EFnet for 8 years now, and it's sad to see a bunch of wankers destroy it.
  • I first got on EFNet around 1993, with a VMS account of my sister's from her university and IRC 1.7.3 :) My favorite server at that time I think was, mainly because it was only an hour or so from my house.

    Anyway, the biggest problem with EFNet began when people joining from .edu's became the minority, and people from AOL and Netcom became the majority. Not to use ".edu" as an elitist symbol or anything, but when IRC access was limited to academic institutions, it did a good job of filtering out complete morons.

    In fact, my university banned IRC from running on it's VMS system. I remember a script kid wanted to take over a channel I was on and DOS'ed the entire campus; that could have one of the reasons.

    What bothers me about things like this, is that it could be what marks the end of a "free" Internet. There's no incentive for people to offer services like IRC for free anymore, not when it causes this much trouble.
  • Ego crisis. Alice hurts Bob's feelings. Bob gets pissed, takes his gun and shoots at servers Alice is using. Apparently there was IRCop abuse, and some paquet kiddie got pissed. 49gbps DDoS. Some people don't seem to understand that real servers are behind this and real people with real spare time that's not worth investing in a war between users.
  • Null routing a server due to DoS is just silly. Even with DDoS, it is very possible to block most all attacks, without costing bandwidth.

    Our security policy when we go under a DDoS attack is to analyze the attack by collecting as much information as possible, and then configure router settings at our ISP to block the attack upstream, after it gets off the fat pipe and has less ability to cause network problems.

    Most of the time we are dealing with script kiddies, albeit clever, they are no match in technical knowledge and most just click blindly at programs traded on IRC (ironically).

    Even if the IP's are spoofed, they can still be filtered out, because the attack patterns of most all automated DDoS software, which uses cable modems and college networks are quite regular.

    You should see for a good method of handeling a DDoS attack. This is what all administrators should do, but too many are trained that DoS is completly impossible and you are at the mercy of the "hackers" and the only thing you can do is run for the big red switch. This just isn't so.

    These types of antics will be around for awhile, in all types of networks. There will be people who attack because someone banned them from IRC, people who do it because they're taking their personal problems out on the world, etc. The list goes on. If services, especially public, continue to wash their hands we will only see some great communities lost when a very good solution is always very easy to come by.

    Most ISPs will work with users who are under DoS quite well. Remember, this is there network which is under attack too.
  • Large ISPs have a lot more bandwidth than a few gigabytes. And as I mentioned, DoS has a lot to do with your ISP.

    Of the several "ISPs" who were hosting servers, none actually owned the wire. This is because you are using the term ISP as Internet Service Provider, which can mean anything. Slashdot provides a service on the Internet, so they could also be considerd an ISP. However, the ISPs I am talking about provide bandwidth services and have actual public networks which are either national or global.

    In affect, those hosting IRC have purchased services from a real telecommunications ISPs who operate public networks.

    SolidStreaming is not an ISP, and in fact a traceroute shows they are using as their hosting provider. is obviously not an ISP, and they obviously lease a line from a company who could easily employ filtering at the router.

    Even in the case a very large ISP would come under attack, it would be trivial to configure router interfaces to other connecting networks (both at these networks and at the ISP) in a similar way to block DoS. You only pay for bandwidth if you receive it, and if you ask a network to block certain types of packets, you will have eliminated your problem.

    But perhaps the best method so far is good egress filtering at all network levels, especially in the cable and DSL networks who are often the target of DoS trojans and hacks. This would eliminate spoofed IP's and provide further protection from methods DoS attacks often use.

    Please, do your homework (this doesn't count your MSCE study guide) before calling someone stupid.
  • > > What is the point of attacking an IRC network with a DOS attack anyway?

    > To get ops. Timestamping makes this more difficult, it does not make this impossible.

    And there's also the "if I don't get what I want, I'll take your toys and go home" attitude. They don't care who else they screw in the process, they'll blow it up because they aren't allowed to, and feel like it.

    A true lamer mentality, but it's all over the net. Just ask the slashdot trolls...

  • It's a good joke, but in all reality, I think it was quite irresponsible of michael to link to a server that is CURRENTLY experiencing a debilitating DoS attack. While it's good that Slashdot is trying to make people aware of the situation, i find it to be in VERY poor taste that Slashdot should add to EFNet's trouble by directing a few thousand Slashbots to their belagured site.

    Now, not only does EFNet have to deal with irresponsible skrip7 kiddi3s, but they're taking the full brunt of the Slashdot effect as well.

    VERY poor journalism, guys.

  • by Sycraft-fu ( 314770 ) on Wednesday July 11, 2001 @02:39PM (#90922)
    Nice article with some sage adivce, however I'm not really sure it would help in EFNet's case. Blocking a DDoS at your border routers only works provided the bandwidth being used by the DDos is under your total available bandwidth. If the hax0rs have a lot of boxes involved, and particularly if some of them sit on high bandwidth networks it's not going to do much good. For example: suppose you have your own T1 line, and a nice Cisco 1600 on it. Now suppose I decided I don't like you and start DoSing you from work, which has 2 T3 lines. You figure out that I'm the moron responsible and block my IP on your router. Fine, but you're still flooded off the internet because I'm just ramming too much traffic at you. The router is blocking it, but it's no good because the link is totally saturated. To deal with that you'd have to call your upstream provider and attempt to get them to block me.

    At any rate, that said, your document is still a good one and can help prevent DoS attacks that deal with generating load on the server rather than trying to just flood the link out.

  • by thopo ( 315128 ) on Wednesday July 11, 2001 @02:34PM (#90923)
    it took me 5 minutes to get on there. take some load off their shoulders and read it here instead:

    madmax @ 2001/07/11 21.16 / dianora
    Just incase the rumours are true and somebody's attacked all the servers dianora opers on, can I point out that Diane hasnt been opered on for about a week... If you're going to DOS servers because you dont like their opers, at least /stats o first ;P

    hardy @ 2001/07/11 16.05 /
    SolidStreaming's irc client and hub servers have been null routed at the moment due to a massive core router flood. Currently, there is no ETA for return.

    madmax @ 2001/07/11 12.44 /
    C&W INS has been under such a large attack that they have now null routed the irc servers. We do not know at this stage if or when they'll be returning.

    madmax @ 2001/07/11 09.31 Efnet's broken
    You heard it here first. To those concerned, quit with the attacks, learn not to shit where you sleep. You know who you are.

    madmax @ 2001/07/11 09.25
    Lightning is disconnecting from efnet for the immediate future due to DOS attacks. They will look at the situation again as soon as possible and hopefully make a comeback.

    hardy @ 2001/07/10 21.49 has officially de-linked from EFNet as of today due to excessive Denial of Service Attacks for unknown (but most likely IRC-Related) reasons. It's a great loss for the EFNet community as Emory University's IRC server has for 5 years been a very stable, reliable, and open one. We would like to thank the staff for their time and dedication to EFNet, you will be missed.

  • by manifested2 ( 413781 ) on Wednesday July 11, 2001 @02:24PM (#90932) Homepage
    Poor EFnet, first the IRC DOS attack... their www server getting the slashdot effect...
  • Microsoft is bashing sheep now? Those bastards!
  • by q-soe ( 466472 ) on Wednesday July 11, 2001 @03:07PM (#90953) Homepage
    I read this with sadness but very little surprise. I used to be a EFNET user but left in disgust after the channell takeovers by the l33t kiddies and haxors got to the point where it was no longer worth it.

    I moved to Austnet (as im an aussie) and all was fine but in the end i bailed from there - as an op and channell owner i spent the last 5 months of my online life in constant flame battles and fights to prevent channel takeovers.

    We had numerous DOS attacks and hack attempts which succeeded in downing our service on more than one occasion and wiping out host servers, not to mention mail bombing attacks on channell mailboxes and racist bullshit on broadcasts (yes you white power fuckers know who you are).

    I checked the other night when i was rebuilding my PC at home to find the logs of my last session - 2 hours online and over 100 bans - so i just hung up my gunbelt and keyboard and decided it was not worth it.

    Im sorry to see this happen - IRC used to be a great place to go with intelligent talk and good fun, now all it is is lame losers and 'i owns joo' crap in many cases. Another piece of web history gone

The party adjourned to a hot tub, yes. Fully clothed, I might add. -- IBM employee, testifying in California State Supreme Court