EFNet on the Rocks Again

Dragonsbane writes: "Things just keep getting better and better on EFNet. Already down to 30-something servers, the network has been hit with a huge denial of service attack, one which seems to have targeted the major hubs and open servers on the network. Information regarding the losses (six servers have been shut down in two days, one of which will not be returning) can be found at the network's news page. Having used EFNet for the last 5 years, I held on for dear life during the last bumpy ride, but I find myself wondering if the oldest IRC network can pull out of this type of situation a second time?"

Sad to see it dying.

EFNet was fun years ago before the asshole kiddies started spending all day trying to become a channel op through netsplits and such so they could kick everyone out and ban them. Bah, it was worse than the trolls on slashdot. It is really a shame to see some of the old services slowly drifting away because of a bunch of new clueless dipshits who don't have any maturity. Usenet for example is basically 75% spam, Slashdot is 50% crapflooders and trolls, IRC networks are being DDOS'd. What's the point? Go get laid kids. It'd be much more fun than sitting on your fat ass DDOS'ing a stupid IRC network.

Re:Sad to see it dying.

[Purple_Walrus]

This is a very good point. At one point even Cyberarmy was a cool place to visit but now it is a hell-hole. Is it because the internet is more popular now that more lamers are getting on and ruining it for everyone else?
---

Re:Sad to see it dying.

[Purple_Walrus]

The "All Your Base" sig is a joke. Seriously, do you judge all people by what their .sig says? (And yes it is misquoted on purpouse.)
---

The Obvious Answer, Let more Servers Link

If they would actually take new servers into the network it would be alot more DoS resistant. Rather then 30 servers with 5 of them supporting 75% of the load.....

Re:The Obvious Answer, Let more Servers Link

[xenocide2]

Of course, you have to trust that server. I have to admit that not many people would offer to run a server in the goodness of their own heart, especially EFnet, DDoS HQ.

Re:Stopping DoS attacks

The recurring theme throughout these posts is "kids", doesn't that tell you anything?

WHERE ARE THEIR PARENTS?

Blame the parents that can't/don't supervise their children while on the Internet.

Re:The downfall of the EFNet

Don't worry #ansi is still here (well, maybe not atm due to the ddos attacks).. but it'll never die.. its like old people with their cars.. us doodles never leave! napalm death [ex-acid, twilight, blade, cia] HAVOK

Re:Humor me will you?

Bad. You lose again. Servers. Many. Located all over. They _might_ have ONE server located where the web server is, but that's only part of a MUCH LARGER NETWORK. En Ee Tee Double-You Oh Are Kay.

Re:IRC warrioring out of hand.

Imagine going somewhere and having the leaders not elected... That leader will most likely be a blundering idiot.

HAHAHAHAHAHAHA but seriously, hahahaha, two words for you:

George W Bush

.

.

.

Re:IRC warrioring out of hand.

> I used to be a fearsome IRC warrior

Don't think your shit don't stink.

You were an asshole. You (slightly) grown up. Current kiddies are exactly similar to you. If you were, say 5 years younger, you would be proud of all your DoS attacks.

In 5 years, next generation of kiddies will be bringing down non-IRC services, top-level name servers, etc, etc. Current DoSers will proudly explain that, when they were warriors, their attacks were limited to IRC, and that they are now 'disgusted with mankind'.

Cheers,

--fred

Re:Humor me will you?

Hmm...a simple research kinda solves all of this although I don't know why I'm spending the time writing this...I guess I'm bored.

A simple nslookup:

Name: www.efnet.org
Address: 193.125.190.214

That Class belongs to Relcom in Moscow (Russia)

The only Russian IRC server connected at the moment (which can easily be found via /link) is irc.rt.ru which resolves as 195.161.0.254 which is a Class that belongs to Rostelecom Internet Center
So even the website isn't on the same network as the only IRC server in the same country.

Doesn't anyone use nslookup and ARIN/RIPE/etc anymore?

Re:IRC warrioring out of hand.

[alexandre]

Heh right on, i know that IRC warrior would use all they can to destroy a person's connection...

---

What a shock?

[mosch]

What is this world coming to? Kiddies DoS'ing IRC networks? What's next, will people go around owning random NT webservers?

Seriously though, why on earth would anybody want to run an IRC server on a major network? Is it for the money, or is it just for the women?

--

Re:What a shock?

[TWX_the_Linux_Zealot]

"Seriously though, why on earth would anybody want to run an IRC server on a major network? Is it for the money, or is it just for the women?"

Hey, don't knock "for the women"... I knew of a guy who was the SysOp of one of the largest BBSes in Phoenix, something like 50 lines when it finally just ended, and he used his "cool bbs" routine to get laid...

Of course, I've got to wonder about the girls who'd screw a guy whose claim to fame is a computer with a lot of modems plugged into it (or even an array of them)


IBM had PL/1, with syntax worse than JOSS,

Re:What a shock?

[Anomolous+Cow+Herd]

Seriously though, why on earth would anybody want to run an IRC server on a major network? Is it for the money, or is it just for the women?

Although we may never determine the reasons behind the decisions made to run a public IRC server, I can tell you that these are the primary motivations that drive people to make "first post".

Re:Uh....

[Wakko+Warner]

"Then why did it have them long before my channel came to the net? Perhaps it's because others there share my opinion about their necessity?"

Not really. Mostly it was because I'd found a perl OperServ script and decided to run that for the hell of it, then discovered Andy Church's services clone and decided to hack around on it. Most people at the time were ambivalent to the concept of services on WTnet and we made do with channel bots like we did on EFnet. (The bots worked well, for what it's worth.)

The only thing services offers, in my opinion, is the convenience of not having to type "/msg __Ralph op #watertower blah". The other niceties are largely unused (for instance, nobody bothers to /msg nickserv SET URL, or SET EMAIL, trust me. Hell, even our MemoServ database is only 124k) and go unnoticed by most users. Hell, when it was down last year for 3 or 4 days after a lightning strike, nobody even noticed save a handful of whiners who still snarl about netsplits after 6 years on IRC.

The only thing services is really used for on our network is keeping people out of certain channels, just like any other network. Only I keep having to re-code the AKICK handling routines.

- A.P.

--

Re:Do people still use IRC?

[torpor]

So how do you find out about these channels then if they're kept so secret?

Re:IRC warrioring out of hand.

[Trepidity]

While that was some of the degeneration, I think that even in the days of mIRC and pingfloods/winnuke it was still better than now. True, any means available were used to attack individuals, but still nobody would actually attack the servers. I'm not sure if this was due to actual logic (i.e. "i want to take over this channel, but i can't do that if i kill the server") or just due to the fact that DDoS wasn't prevalent enough, and while a T1 could flatten modem users, it couldn't take down a sizable network like EFNet.

Re:What it will take to save EFNet

[Herbmaster]

Of the solutions listed above, I think only nickserve and chanserve would be actual significant improvements. It would also be nice if there was better enforcement of all the servers running the same software, or at least software that follows the same rules (there have been glaring exceptions to this in the past, dunno if it still holds).

I think there's one thing above all else about EFNet (and afaik, all IRC networks) which desperately needs to be fixed: it's designed with the most retarded possible network topology, a tree. A few simple redundant links and an improved inter-server protocol would result in it being many times less useful (and hopefully less tempting) to packet a server. But I've never seen anyone discuss actually implementing this.

-Hreb

Re:Do people still use IRC?

[Sabalon]

You become 31337 by DDoSing another server and taking over that channel to see that you worthy of the password to talk about the design of the zippers on the new Enterprise series.

Re:Uh....

[Vermifax]

Of course the difference is you get to go make your own channel on undernet and dalnet, and kick people vs having to defend yourself on EFnet.

Vermifax

Re:How do you DCC?

[Vermifax]

typically the servers that have this implimented have intercept DCC requests and then prompt the user to allow them to happen. It can still be done, but you open yourslef up to the same old garbage that way.

Vermifax

Nothing wrong with dalnet....

[Vermifax]

...unless your a script kiddie who has to get in a pissing contest with someone else to make up for lack of large penis.

Vermifax

Load of bitter tripe.

[Vermifax]

"Someone coming into YOUR channel and doing things you don't like? Deal with it. It's not for you to tell everyone else on the channel that they can't listen to this person (by kicking them)." Yes it is for you, that's the whole reason you're an op. Chances are the people there want you be kicking the people you are. The basic difference between dalnet and efnet is my friends and I don't have to listen to you just because you downloaded a l33t newer version of some script that I don't have.

Vermifax

Re:Load of bitter tripe.

[Vermifax]

Hello, You're not forcing anything on them, there is no basic right to join any channel you want. Further, disrupting networks to get around this is illegal (but on two small a scale to prosecute)

The whole point is you don't have a 'right' (although you seem to think you do) to be on my friends and my channel (EFNET or otherwise) the only difference is on DALNET you can't turn into a baby and DOS me to get channel ops.

The whole first person to create a channel is a lame argument. Start another channel, that should be the answer on EFNET or DALNET or any irc network for that matter.

Vermifax

Re:Load of bitter tripe.

[Vermifax]

a) I don't have ops anywhere

b) I see no problem with the system except a bunch of whiney people going "WAAHH!!! we can't have the channel/nick we want"

So if a person buys the house you want before you can make an offer, do you get the right to set fire to it?

Vermifax

Re:Load of bitter tripe.

[WNight]

Oh wow, without your sage wisdom, nobody would ever be able to properly converse. I mean, you're an op, not just because you were the first person to create a certain channel, but because you are somehow a wise arbiter of what should and should not be said. I bow to your mighty wisdom.

If you didn't have ops and instead had to rely on /ignore, you still wouldn't have to listen to anyone you didn't like. The only difference is that you couldn't force your will on them.

Re:Load of bitter tripe.

[WNight]

Why does the first person into a channel have a right to keep it forever? Just because that's the way the system is? Why does the system have to be that way? Because you're one of those ops and like the power??

The "first person" argument is valid, about nicks and about channels.

Why should one person have the ability to control what nick you can use, or what channel you can use?

Look at how ICQ does names, you can pick any name, even if anyone else uses it. The UIN is the only unique bit. When you want to message 'Batman' or any other common nick you look at the email (or in IRC terms, the hostname) and pick the right one. From then on, you can just use the common name.

That system gets by perfectly without anyone having sole rights to the name. So why couldn't IRC work that way?

Simply because people aren't happy unless they control something. They think their spark of creative genius ("Hey, I'll name myself after a comic-book character!") deserves some special recognition... ("Hey, I'll keep anyone else from doing it!")

The same goes for channels. Why do you need someone to "maintain order" in a channel? If you could just ignore someone and they'd never bug you again, what is really gained from kicking them?

"But I want a private channel!"

Then choose one with a name nobody else will ever want to go into. There's no reason you need to make #marvel, #windows, #quake, or any other commonly-named channel your private one. Create #MyChan348234, +s+i it, and invite your friends (off of one of the commonly-named channels) into it for anything private.

It also makes the system a lot easier. There's no need for the complication of a nick-serv and a chan-serv. If nobody can own anything, you don't need to keep track of ownership.

The system becomes less complex, people stop attacking each other for control because there is no control, etc.

Can you see a problem with this system, or are you just upset at the idea of losing ops?

Re:Load of bitter tripe.

[WNight]

Gah, why do people insist on using lame metaphors when discussing something?

b) I'm saying people should just cope with it. Scratch these annoyingly complex systems which exist JUST to give people exclusive power over a nick or a channel.

The nick/chan serv elements are more of a problem than they're worth. The only reason I've ever got for keeping them when I've proposed a new, simpler, IRC model, is that people want ops.

My sole problem with ops is people who won't give it up, wanting to damn the system just so they get their power.

If IRC was FIXED, it wouldn't have people trying to DoS servers to split channels, or kick people to get nicks. It also wouldn't need complex and easily broken system for preventing this. People would still try to attack each other, but a /IGNORE that was properly implemented, and hostnames that were properly obfuscated (to prevent people doing a direct DoS) would prevent these problems too.

I've tried to work with IRC developers, I've proposed this idea to hundreds of people. The *ONLY* argument I've ever heard against it is that it doesn't have ops, and people wouldn't be able to kick people, or give ops to their friends.

They say this in various ways "what if someone came into my channel and started..." or such. But /ignore would deal with this. These people don't want to avoid seeing someone who's bugging them, they want to prevent that person from saying anything. If all they cared about was keeping from seeing floods or offensive comments, they'd realize that I proposed a mechanism to prevent that.

To me, this as good as proves that most IRC users are ass-kissing op-wannabees, or power-tripping ops.

EFNet Woes

[Fogie]

Poor little EFNet has been in sorry shape for a couple years now. I remember back in 96 when things were simpler and easier. Nowadays the channel I frequented has been wracked by immature politics and the like.

EFNet was cool in the freedom you had, and that also caused most of the problems. You have a largely unregulated anarchy where kids are vying for their precious channels 24/7. Never mind server X is hosting over 1000 people, I want #warezpupz31337 back from those bastards in #warezpupz0wn31337h4h4h4 and I'll DDoS whatever server it takes to get it back!

In the end, our channel was taken over for the Nth time, and the decent folks that I liked migrated over to DALnet and we're sitting in regulated goodness. Chanserv never felt so good.

It's Pretty Simple...

[cjsnell]

A) Continue to waste company bandwidth from the inevitable DoS attacks to come... Continue to waste company time and money fighting the 13 year old kids who do this kind of thing (most of whom will receive no more than a spanking from their dad, anyway)... Continue to cause agony for your customers (your real customers, not your IRC clients) and potentially lose their business altogether

or...

B) Say "Later." to EFNet and, in all likelyhood, never face an irc-related DoS attack again.


--

Ahhh big deal...

[ZxCv]

So what?

I used EFnet for a couple years, but I also visited at least a couple of other networks. As time went on and EFnet became more and more overrun by script kiddies, I spent more time checking out those other networks. And now that EFnet is collapsing because of the high volume of feuding script kiddies, I'm not the least bit surprised or concerned. I think anyone else out there that ever used EFnet for longer than 10 mins could see this coming...

Re:What's the point?

[ZxCv]

Most of the servers on EFnet that I used to use patched their IRCd's so that getting ops on a split was impossible. Guess that either there are enough servers out there that havent been patched like this or there are just enough stupid script kiddies out there that just don't understand this...

Re:What it will take to save EFNet

[Sentry21]

Implement /ignore at the server level (like on some networks) so that when you ignore someone it doesn't even send you anything anymore. That remove the personal-level DoS attacks. (Well, that and not displaying the user's address.)

I can't help but think of this as totally useless, since flood protection came into effect. Sure, you can load a dozen clonebots and flood someone offline, but you could do that anyway. This would just put more load on the IRC server by making it check every single message that went to one of its clients.


Get rid of ops at the same time. Let people deal with anyone they dislike by simply ignoring them.

And how do you propose that people change the topic? Or should anyone be able to? What about setting +i? +s? What if you want a private channel, a private conversation, or something of the sort? What if you don't want some lamer watching everything you say?

The solution, in my mind, is (in part) services. Let people register nicks/channels, and have them enforced by services, and that'll take away a lot of the reason to flood servers offline temporarily (to get ops status).

Realistically though? I don't think the idiots doing this round of DDoS attacks are trying to get channels, and I don't think they're trying to get around channel bans, and I don't think they're trying to accomplish anything other than to give themselves something to whack off to because their lives are so sad and pathetic that they have nowhere else to turn.

Fact is, they're doign this to be assholes, and if there were services, if there were no ops, and if there was a server-side ignore, these things would still happen, because despite all of these things, flooding someone offline is still being an asshole.

--Dan

Re:Efnet

[scrytch]

> All you really need on a system like IRC is /ignore that works at the server level.

IRC isn't a MUD. They just change nicks and connection origin. In light of the fact that nicks aren't registered and there's no guest/registered distinction on any IRC network in common use, you tell me how to implement a server-based /ignore that doesn't block legitimate clients... see, blocking out all of @home.com isn't really an option, is it?

Yeah, "all you need" is PFM. All I need is not to use the hopelessly lame IRC except on small private networks. It's the same thing that happened to CB, internet style.
--

Re:What it will take to save EFNet

[GoLGY]

FYI, one of the reasons that EFnet is the way it is ( and has been for many a long year ) is because it DOESNT have those features. While I must agree with the invisible hub's, hostmask mirroring/masking and NickServ/ChanServ are 2 things that has distinguished EFnet apart from the rest.

As an Australian, I think the visable effects of EFnet being hit are compounded: the fact that being an Australian automatically removes 70% of possible servers away to connect to - we're just not allowed to connect. I know this must sound like a whine ( and i'll get modded down for it ) but stop and think that its not all rosey and peachy for everyone ALL of the time.

I am saddend to see that this type of activity is still occuring. DDOS on IRC networks just because you dont like someone ( or some group ), hacking of IRC networks just to let off steam and to teach "lessons" - its going to be the ruin of EFnet. It already is well on its way to being so. I've been on EFnet for a good 8 years, part of the massive exodus of Australians from AustNet to EFnet, the growth of EFnet as a small infant, to the glorious network that it was, and now I bare witness to its slow death.

EFnet was ( and in some ways, still is ) the creme of the crop of IRC networks. Everyone who was anyone could be found there. I'd wager that some could credit some of their work due to conversations on it. And to be sappy, the amount of close relationships ( or even more - IRC marraiges! ) that have been forged, EFnet proves itself to be a valuable resource, despite its pitfalls.

It's one matter to just say 'move to another network', but its another to manage to find somewhere as central as EFnet is.

Hail Eris!

Re:What's the point?

[hawkfan]

Dianora is a first class bitch. Anyone who's been an eggie hack or on EF for a while knows her and knows the awful power trip she's been on for the past 3 or 4 years. It probably goes back further than that just before most of Europe left EF one could bypass her mood swings.

Re:What it will take to save EFNet

[GPB]

Nickserv/Chanserv allows you to reserve your own nickname and reserve your own channels for personal use.

SPOF (Single Point of Failure). It is trivial to take out a NickServ/ChanServ. What happens then? What is the state of nicks and channels when there's no active authority for it?

You could have a distributed NickServ/ChanServ to try to solve this, but then you've got a mini IRC network within an IRC network along with all the same old IRC problems; slipts, lag, TS, collisions, etc.

Believe me, as a longtime user and former IRCop of EFnet, this has all been discussed many many times. The IRC protocol is inherently flawed, and it is not trivially easy to just replace it.

-B

Re:"Eris Free Network"

[HeghmoH]

There has been some question among the EFNetters I hang out with as to whether it means Eris-Free Network or Eris Free-Network. That one little hyphen makes a huge difference in meaning. :-)

Re:Stopping DoS attacks

[SmittyTheBold]

yeah, um...no.

You're forgetting, these same people that are off for the summer are away from their precious academic bandwidth as well. I suppose you've got all the remote things...but in general students spend a lot less time online over the summer.

Re:What's the point?

[HiThere]

Sorry, I don't speak that lingo.
What does 133t mean?
The only possibilities that have occured to me are:
1) stupid
2) obnoxious
3) silly
4) sanguine
5) repulsive
6) juvenile
7) bait
8) neat
9) light
10) ... well, at this point I'm just adding words that end in t.

Caution: Now approaching the (technological) singularity.

EFNet != Warez/porn/etc central

[Ryan+Amos]

EFNet long ago stopped being the place where the majority of the net's illegal file traffic flowed through. Warez channel ops, along with the rest of us, got fed up with all the shit and moved to DALnet. That and the DALnet administration is too busy fighting amongst themselves to do any sort of user harassment (used to be an oper there, I know) This is also why DALnet usually sports more users than EFNet. Where the files go, so go the users.

The funny thing is, these zit-faced 14 year olds who prolly will never get laid with something you or I would call a woman get some kind of rush out of wasting other peoples' resources. I work for an ISP and frequently get kiddies scanning my IP ranges looking for vulnerable DNS/sendmail servers. I doubt most of them even know what bind or sendmail IS, they just run their happy hack program through a wingate and proceed to piss off the rest of us. I vote they should be dragged out into the street and shot.

Re:Blackened

[Wntrmute]

Blackened was always one of my favorites too...

I used to work MCSNet (as in irc.mcs.net) and I remember during a period in spring of '99 we were getting attacked *constantly*. To the point where we had to delink for awhile because our bandwidth was so saturated the actual MCSNet customers were having problems doing much of anything on the 'net.

I just hopped on irc.mcs.net to see how they are doing through all of this. They're linked, but slow. Actually, I'm surprised they are there at all since they're parent company filed chapter 11 not too long ago.

-Wintermute

Blackened

[toofast]

I remember when blackened.org went offline because of DoS attacks. They had the ability to serve up to 7000 IRC clients. One of the main reasons for killing the server, IIRC, was because of an evening where a bunch of idiots threw tons of garbage down blackened's pipes, causing the entire state of (arizona?) to be deprived of internet access. Although I cannot find Matt's original letter, I did find the config of irc2.blackened.com:

oldcharred.blackened.com: AMD K6-2 @ 333mhz, 128M of ram, 18G-10k rpm scsi primary, 9G secondary. This server houses the origional irc2.blackened.com EFnet server, the largest EFnet server in the world before it de-linked. Still running with the origional IRCD, I, O, C/N lines and TCM.

It's a pity that, in blackened's case, volunteer workers such as mjr are forced to abandon what they love to do, because of immature kiddies flooding the network with useless garbage.

Re:Blackened

[toofast]

I wrote Arizona this way: (Arizona?)

There was a reason for that.

Re:Blackened

[Teratogen]

My favorite efnet irc server of all time was irc.winternet.com. Winternet itself was a cool name; it was located in Minnesota or Michigan. The opers and admins were great people. I don't remember why winternet delinked.

Re:Efnet

[skullY]

I got off EFnet when DALnet first came up with a real solution to these problems (I held founder status on #watertower when it was the biggest channel on DALnet, way back when), and never looked back. I'm not surprised that EFnet has been in a long slow decline ever since.

Yeah, they solved those issues alright. So much so that now you can't even join a channel unless you've registered your nick. Not to meantion that someone's probably already registered your nick and only gets on once a month to keep it, so you have to change your nick anyway. And trying to find anyone worth talking to in the sea of ASL questions, and offers of cybersex. If that's what I wanted I'd use AIM or ICQ.

EFnet's not about keeping a certain identity or hiding behind the protection of the opers. It's about having a place where clued people can idle during work/school and talk to other people in similer situations. It's just a place to kick back and shoot the shit occasonally with people who are a notch or two smarter than the average people on irc. The opers generally leave the users alone, and the users generally leave the opers alone, and things are good. As the original poster said, you lose something, so what? If that's your biggest concern EFnet is not for you.

Incidentally, EFnet did fix most of the problems with channel takeovers and nick colliding by adding timestampping. No longer can you ride splits for ops, or nick collide to get someone's nick. Hell, you can't even get ops on a split server anymore. The only tool left to the script kiddie is DoS attacks, which no network is immune to.

So yes, EFnet may not be the largest network anymore, and its population may be going down, but the level of clue hasn't gone down and seems to be rising for the most part.

Re:Efnet

[WNight]

You know, the facist attitude of most IRCers is exactly the opposite of what is required.

Ops, nick protection, and channel protection. All worthless. All designed to beef up the ego of people who have to prove that they're on the bot and can k1x0r your ass. Wow, so l33t. The hackers are preferable to that.

All you really need on a system like IRC is /ignore that works at the server level. Someone bothering you? Ignore them.

Someone coming into YOUR channel and doing things you don't like? Deal with it. It's not for you to tell everyone else on the channel that they can't listen to this person (by kicking them). They can make that decision on their own. It's for you to ignore them and get on with your life.

But, I'm sure you don't want to hear any of this. Most IRCers I know all live for ops, it's all about sucking up until they're added to the ops list, so that they get to kick people, etc. They're just like the script kiddies but without the ability to use back orifice or sub-seven.

As far as I'm concerned, you can have Dalnet. It's sole use is collecting gits like you and keeping them far away from someone who just wants to use a chat system and doesn't want a life based around a little '@'.

Re:Uh....

[WNight]

Because people who prefer Undernet and DALnet tend to prefer them because of channel/nick protection.

That means that if they got there first and made a channel with a popular name (#quake, #perl, #pokemon, etc) that they will control it until the end of time. Alternatively, if they suck up to one of these people, they can get ops. With the @X or @W 'bots', they can log in any time of the day and get ops. Then they be an op. With ops. Did I mention they tend to be op-happy?

They also rarely tend to be happy with just having ops. They tend to use it... Kick anyone who disagrees with them, or the party line. Offer ops to people who will kiss their ass, etc.

Regular (EFNet) IRC has a bit of this, but with the complete channel ownership it gets worse.

Re:What it will take to save EFNet

[WNight]

If you didn't ban people, you wouldn't have to worry about designing a whole system just to allow banning.

Implement /ignore at the server level (like on some networks) so that when you ignore someone it doesn't even send you anything anymore. That remove the personal-level DoS attacks. (Well, that and not displaying the user's address.)

Get rid of ops at the same time. Let people deal with anyone they dislike by simply ignoring them.

The problem?

It'll never be done. The lusers who crave ops don't just want to ignore someone, it irks them that this person should be allowed to say something that they don't like. They want to kick these people off of a channel just to keep them from saying whatever it is they say.

Which is why most people play with IRC for a while but then quit using it, they get fed up with the bullshit politicing you have to go through.

Re:What it will take to save EFNet

[WNight]

I don't think invite-only channel are a bad idea, if they don't have names...

The problem with someone +s or +i'ing a channel is that they take a name someone else might want to use (because, face it, #perl is an obvious channel to talk to perl programmers, etc) and make it off-limits.

I think people should be able to make private channels that are assigned some unique identifier (ie, random characters) and be able to control that. Other channels, with names that attract others? No. Why is your claim to #starwars any better than anyone else's? Why do you have to right to kick/silence someone? Chances are from the viewpoint of an outsider, you were as big an ass to the guy you want to kick as he was to you.

Having the server do a few regexps isn't going to take a lot of CPU and it'd save sending a message through a web of servers, DoSing the receiver, who was just going to throw it away anyways.

If people just acted like grown-ups and ignored jerks, those jerks would go away. However, if people rely of ops or irc-ops to kick someone off, that person will be justifiably annoyed. And it also gives them attention.

A /ignore that actually worked would be best. It'd take away all attention and it wouldn't censor people who just have a different view. I've often been kicked off of channels for not toeing the party line. I mentioned on #c once (after fighting with a half-assed regexp library) that I really wished there was a regexp library as powerful and integrated as in perl. I got banned for that. Not a biggy, I didn't IRC much, but it annoyed me that instead of talking someone just relied on ops. The last refuge of the idiot.

Later I mentioned an idea of getting rid of ops and the only objections I heard were that people wouldn't be able to give friends ops. Nobody had any serious concerns about how the system would work, just that they wouldn't be able to give ops to people they liked. (And ban people they didn't.) Wow, that opened my eyes to the type of people who tend to hang out in that environment.

Re:Uh....

[WNight]

And if the people aren't mature, it ends up with the op kicking the non-op over whatever disagreement they have.

Nick protection is just plain silly. It's like bob@server.com ranting that bob@aol.com should have to change his email address. If you want to see who you're talking to, look at their hostname.

Just another example of people wanting control...

Re:Efnet

[WNight]

Yup, you're an op on some channel.

It's easy to tell. People who resort to person insults over the issue are people whose social standing rests completely on the '@'.

Tell you what. Get a tattoo of an @ sign on your face. That'll let people know you're to be respected.

If channels had random names, cybersquatting wouldn't be a problem. But if someone wants to talk Counterstrike (for example), which channel do you think they'll try. Starting another channel by another name isn't going to do any good because nobody would ever go there.

Thus, the first person to start a channel (and thus get ops) gets to lord it over everyone who goes there after that.

The only people who like the ops system are those who've kissed enough ass to get ops and thus are waiting their turn, for some sycophant to latch onto their sphincter.

Re:Efnet

[WNight]

I'd be devestated by your comments if I'd spent more than an hour on IRC in the last few years.

I realized it was just a political game for people and left when IMs became a decent alternative to IRC for coordinating with a group of net friends in realtime.

I just happen to be able to see that the problem is people like you. Op lovers who'll do anything to defend their little habit.

Say it with me, "I'm not a control freak! I never kick anyone... unless they mouth me off."

It's people with your attitude who resist having an op-free network where nobody can lord their power over anyone else. If you'd step back and look at it from the perspective of someone who doesn't want to have to play nice to some teenage kid with ops just because he wants to chat, you'd see the inherent problems in the system.

I guess from the position of that young kid with their first taste of power, it's pretty cool though.

Come back to this conversation in ten years, if you've got any friends in real life, you'll see it a bit differently. If you're still on IRC all the time, well, you won't have aged much.

$,$$$ minimums

[Smallest]

the FBI will not do _anything_ unless the damages exceed a certain amount. $5,000 was the limit my particular situation (re-routed domain info). unfortunately, they just don't have the resources to track down all of the assholes in the world.

-c

Echelon

[delmoi]

Echelon is run by the NSA, not the FBI. And it deals primarily with Europe.

And the FBI probably has bigger problems to deal with then IRC servers going down due to poor design.

Re:Echelon

[JoeShmoe]

Fine, so Carnivore then...pick your nefarious project, it's all the same deal.

- JoeShmoe

web history?

[delmoi]

IRC is not a part of the web, it has no place in 'web' history. The web is only a subset of the internet. And not the subset that contains IRC.

Re:Open servers

[delmoi]

And how the fuck are they supposed to do that?

Hi, we really need more open servers. Would you mind hosting our network and reciving hundreds of Distributed Denial of service attacks a day?

Hrm

[delmoi]

I think you're missunderstanding the point of the EEF...

Re:Hrm

[brianvan]

Don't you think that supporting a cause to help eliminate a problem that threatens the existance of IRC on the Internet is appropriate for such an advocacy group? They do help with legal defense in a lot of cases dealing with the Internet and freedom... I think that freedom also involves the rights to life, liberty, and the pursuit of happiness. I know it sounds kinda like patriotic bullshit, but these script kiddies are clearly ruining a valuable resource on the web, and are threatening its existance. I can't think of any other group besides the EFF that would take on such a cause. Maybe they could have a spinoff organization...

Re:Stopping DoS attacks

[nEoN+nOoDlE]

"I noticed most of these attacks happening in the summer time...I've written a paper on stopping DoS attacks "

I've also written a paper on how to stop the problem... I have posted it for everyones convenience:

Stopping DoS attack
by The Neon Noodle

It has recently come to my attention that DoS attacks occur mostly during summer, which is likely due to kids being out of school. My solution then is to STOP SUMMER FROM COMING. Thank you.

Re:Still other sources for IRC fun...

[JatTDB]

Throw enough packets of different kinds from enough sources (the sources being the most critical, and the heart and soul of DDoS), and I don't care what sort of protections the target has...the network link will either be essentially down or painfully slow.

Re:Still other sources for IRC fun...

[JatTDB]

Yeah...it never ceases to amaze me that people think that blocking a few IP's or killing all ICMP at the router is gonna protect them from a large-scale flood. Even blocking by the provider a few levels up from the target isn't a perfect solution. One of the servers was getting about 3gb/s during one of the attacks...I don't care who the upstream provider is, that much load in addition to all the regular traffic is going to make things damn horrible. Not to mention that the more things you block, the more you risk killing legitimate traffic.

hot deal on efnet

[aderusha]

http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem& item=1254742933

get it while it's hot...

So long, old friend.

[einTier]

Wow. While I've not been using EFNet in the recent past, it was my first exposure to the internet and all it's glory, way back in 1992. I remember it not being very big back then, few rooms had more than 20 people in them, and you often had to search for a while to find anybody who was actually up and awake. I watched it grown and expand until it finally took up so much of my time I had to leave it.

I also remember it being kind of the "outlaw frontier", where almost anything went, and hacking was somewhat encouraged. Moderators took a real hands-off approach unless you were being blatently over the top. Perhaps this rogue spirit is what is killing it today. If you encourage (or don't discourage) hackers and crackers and script kiddies, perhaps you reap what you sow. I just don't understand why, if someone gives you a really nice sandbox to play in and hack in, why you'd feel the need to take a big huge shit in it. Have fun raising hell in EFNet, but attacking the servers themselves is crossing the line.

Maybe they just want to be known as the people who took down EFNet. Likely, they'll be known as someone who spoiled a good thing.

Good bye, old friend, you'll be missed.

Re:IRC warrioring out of hand.

[cje]

I never did anything to harm an IRC server. Nobody did. #warez learned to fear my army of clonebots, and in fact clonebots were the only thing I ever did that upset IRCops.

You "never did anything to harm an IRC server", yet you had an "army of clonebots?" Were these magical clonebots? You know, the kind that can connect to the network without using up connections that would have otherwise been used by legitimate clients? Were they the kind of clonebots that could send nickfloods and tsunamis to #warez directly, without interacting with (or consuming the resources of) the servers?

IMHO, the DDoSers of today are the clonebotters of 6 years ago. The technology is different, but the mentality is the same. 6 years ago, people didn't have the big, fat network pipes that they've got today, and there weren't as many fools running networked, compromised boxes 24/7. 6 years ago, the DDoS attacks of today weren't technically possible. If they were possible, they would have been used.

You sound like you've outgrown the phase, which is good, but I suspect that if you were six years younger, you would be right alongside of the group that is responsible for this.

Re:IRC warrioring out of hand.

[cje]

A clonebot uses no more resources than a single legitimate client.

Legitimate clients don't change their nicks ten times a second, nor do they use TextBox/PhoEniX-style tsunamis (large amounts of text) against users and channels. Unless your clonebots joined the target channel and said "hehehe" and "LOL" every ten seconds or so, I think it's a safe assumption that they used well more than their fair share of resources. I can certainly say that in my years as an oper, I never encountered such benign clonebots.

I disagree strongly. They were more difficult, available to a smaller group of people.

Well, certainly the ability to do a distributed flood existed, but nowhere near to the extent that it exists today. The IRC "floodnets" that were the precursor to the modern DDoS didn't appear until a few years later. The modern DDoS would be an impossibility were it not for the large number of unprotected cable modem/DSL users and wide-open corporate networks, most of which didn't exist at that time.

Re:IRC warrioring out of hand.

[iCEBaLM]

IMHO, the DDoSers of today are the clonebotters of 6 years ago.

And, even though I'm going to get flamed for this, the argument exists that if the opers in their very-finite wisdom didn't do everything in their power to protect the sheep from themselves the kiddies would still be perfectly content to do simple text floods, nick collides and split riding instead of DDoSing full servers.

Infact, the many ircd "enhancements" currently make irc almost unusable for those who DON'T break the rules. No ops on split, no join on split, hell, there is even atleast one server which won't even allow you to chanop no matter what the server state. I mean wtf is this? No (ops|join) on split with a perfectly working TS is redundant, it just makes it harder to recover opless channels. Not allowing anyone to chanop is just fucking stupid, period.

EFNet, even for those who do follow the rules, is becoming unusable, not to mention that there are assholish and apathetic opers who just don't give a shit. Unless you're their friend you're fucked about getting help from one. I can see the frustration the kiddies are exhibiting.

-- iCEBaLM: 5+ years of EFNet usage.

Re:I'll tell you what's the point....

[Bothari]

Yeah, you're right, it'll be so much better when there is no EFNet, since the *volunteer* hosts get so pissed off at getting burnt by wars they have nothing to do with that they all quit.

Then you can be sure noone will take your channels away... mainly 'cause there will be no servers .. hehe

Real bright, kid.

...
Yes, I know I ramble and my spelling isn't quite up to scratch. If you wish to complain,

Re:How do you DCC?

[chrisqeld]

That's really not related. DCC is initiated client to client via msg's, they could still easily trade real IPs.

Re:What it will take to save EFNet

[chrisqeld]

Gee, it's just so simple isn't it?

Hostmask mirroring leads to endless problems in an IRC environment. How do you tell one person from another? Force nick registration? Nobody wants to sign up just to use IRC, that's one of the best things keeping it separate from instant messaging. Really it's much easier the way it is, with opers mostly hiding their real hosts not so they're not DoS'd, but so that it's at least more difficult to find/hack them and gain control over their server.

Nickserv/Chanserv don't help. DALnet/Undernet have services, they get hit. Not as much or nearly as hard as EFNet, but they do. Also, services have been known to be hacked(not that EFNet hasn't, but at least there isn't a service in place that makes it a 1 step process to 0w|\| every single channel)

Invisible hubs might sound nice in theory, and in fact were at least at one point scheduled for the next version of the EFnet ircd. However, this alone won't do a fucking thing. Because only a few servers have the balls to let many clients on anymore(irc.east.gblx.net, irc.ins.net.uk), taking down just those two servers takes out something like 1/2 of all EFNet users. Maybe you can't take channels so easily(like you can now?) but it'll still fuck with everyone trying to chat, and make the servers question why the hell they bother(which I don't understand myself. I have a friend who's an EFNet server admin, and I still don't get why.)

Re:Bullying.

[mystik]

PI IS EXACTLY 3
now that i have your attention :)
It's geek sweat you know. This was proved by Lisa Simpson. What better way to acculate geek sweat than from a bunch of kids on #MarriedAndFlirting ?

I'm fairly upset...

[brianvan]

My favorite IRC server is gone for good cause of these little f*ckers... who can I strangle now?

*sigh* And again, what's the purpose of this? We lose something in exchange for nothing. We should pursue these people more agressively, since we're really losing one of our best communication resources out there... cause I mean, when they're done with IRC, they'll go after whatever else looks ripe... AIM servers, ICQ servers... even Slashdot.

This is a good cause for the EFF to take up... prosecution of these script kiddies. I'll donate to that cause...

Echelon does not deal primarily with Europe

[alteridem]

Just because the EU is investigating Echelon, it does not mean that it is primarily targetted at Europe. Echelon sucks in everything in North America too. It was started here and they have much more control and access here...

Re:What's the point?

[forii]

Who's Dianora?

Re:Here is what i don't understand...

[drachen]

Or maybe the FBI/CIA should just host an EFNet server themselves.

I was thinking the exact same thing earlier today before this article came on slashdot. IRC servers are some of the most popular targets for these kinds of attacks and if the feds got involved somehow they could probably help curtail some of these attacks. But then... remember just what is on IRC: pirated software, mass porn channels... etc.. I don't think that the users and admins of EFNet would like the thought of having the government actually being part of their network. I know I wouldn't and the only channel I've pretty much ever been in on EFNet is #linuxhelp. (op in there since around 1996, but I haven't been on efnet in quite awhile due to channel takeovers and constant server splits.)

So I guess one of the main reasons for not getting the feds involved is for the protection of the users and the admins themselves. And the fact that for most of the ISPs that host those servers it's easier to just pull the plug on the server than deal with trying to prove "monetary losses" when their voluntarily run server is part of the medium that thousands of people use to trade pirated software.

Well, that's what I think anyways.

Re:Stopping DoS attacks

[First+Person]

An interesting article. I also enjoyed the Theories in DoS at the same site. However, I was disappointed that the firewall benchmarking PDF at http://antioffline.com/sec.bencharks.pdf went 404.

Re:just fixed it and added more info

[First+Person]

Thanks. I can see that a lot of work went into the benchmarking and appreciate the efforts. I've been surveying several firewall vendors and welcome this additional data.

Re:Only EFNet Users Will Get This

[British]

Interesting you mention umn.edu. *.umn.edu seemed to be quite the popular ban mask for LOTS of EFnet channels. Gah. I remember whe #warez(or #warez2-300, #warez5 had a limit on x users on) wasn't +i.

Re:Efnet

[Jay+Maynard]

I was on DALnet. I left a long time ago, having bounced through a few networks, and now run a server on a small network with just some friends on it. In reply to another poster...I left in large part because of what you're complaining about: it appeared that the net admins no longer cared about the users, unlike at the very beginning.

--

Re:Efnet

[Jay+Maynard]

A simple question, Ryan: How many nets are there that run some sort of services to protect ncks and channels, and how many are there that don't? AFAIK, there's one major network that doesn't: EFnet. I'd say that the answer to that question shows who's right about the social aspects. (Yes, the net I'm on now has a services machine.)
--

Re:Efnet

[Jay+Maynard]

Why does that make not having them wrong? It doesnt.

I submit that that statement merely emphasizes that you don't understand the social aspects of it. IRC users are voting with their feet, and leaving EFnet behind...and the folks who are doing the attacking are merely another symptom.
--

Re:Efnet

[Jay+Maynard]

EFnet's not about keeping a certain identity

Indeed not. That's the problem: EFnet doesn't recognize that people do want to maintain an identity. It's ingrained. Would you want some faceless bureaucrat telling you that you had to change your name because someone else started using the one you'd had all those years?

IRC IS a bunch of friends getting together to chat. Those friends have identities they've built up over years. Telling them that someone else can swoop in and whisk it away in the blink of a modem light ignores all of that. That's why many folks - definitely including myself - consider an IRC network without services simply unusable.
--

Re:Uh....

[Jay+Maynard]

What you say may be true of DALnet or Undernet or the other large networks. It is not, however, true of the network I inhabit; while it has channel and nick protection, the people there are completely indifferent to who has ops and who doesn't. There are old disagreements, true, but those are related to other issues.

The problem is not channel and nick protection. The problem is the people involved. Get a rational, mature bunch of people, and you don't have any of that.
--

Re:Uh....

[Jay+Maynard]

It's still personal politics, you still use the @ as a status symbol to say who's "approved" and who's not, to put down those you don't personally approve of or who don't fit into your little circle.

Bullshit. With exactly one exception, every regular on the channel whose nick is registered gets opped. That one exception is the person to whom I was referring when I mentioned old disagreements. As to other channels on the net, I don't care even a little bit, since the only reason I go there is to try to raise another admin when things are going wrong.

I do, however, find it interesting to see how many folks from there are showing up here to put me down, yet don't have the courage to stand up and identify themselves as I have.
--

Re:Uh....

[Jay+Maynard]

Your dumb little IRC net wouldnt need the services on it if it werent for you and your channel.

Then why did it have them long before my channel came to the net? Perhaps it's because others there share my opinion about their necessity?
--

Re:Efnet

[Jay+Maynard]

You lost your channel? So what, go make a new one.

You lost your nick? So what use a deviation.

These two lines, all by themselves, show why EFnet's been going downhill for years. Simply put, they ignore the social aspects of IRC. People don't want to change their name, or their street address, just because some script kiddie managed to kick them off and steal theirs.

I got off EFnet when DALnet first came up with a real solution to these problems (I held founder status on #watertower when it was the biggest channel on DALnet, way back when), and never looked back. I'm not surprised that EFnet has been in a long slow decline ever since.
--

Re:What's the point?

[Old+Wolf]

Main point is to annoy specific users or opers of the network.

Undernet went through a large dossing phase a few months ago (now there are only half a dozen or so American servers left from the 25 or so there were before). They've since been implementing measures to protect from DOS:
- hide the server names in /whois
- disable /map and /links
- hide the server names in netsplits
- disable umode +s

Perhaps EFnet could learn from history :)

Re:are you kidding

[LS]

If you read my post, it says "...in addition to chatrooms involving help with coding or project collaboration, the two largest groups that use IRC are "pirates" and pr0n freaks". I acknowledge the fact that IRC is used in significant numbers by people other than "warez kiddies"

Do we really know who is DDOSing?

[LS]

The posts on slashdot indicate that most of you think that the DOS attacks are the responsibility of a 13 year who has too much time on his hands and hasn't yet understood the stupidity of attacking a nonprofit service.

I pose a different theory. There is not much to back it up, but it's a possibility that should be considered. First, in addition to chatrooms involving help with coding or project collaboration, the two largest groups that use IRC are "pirates" and pr0n freaks. Big business hates the IRC because it's the epicenter for trading of movies, music, and software, and some software and movie distributers even start with the IRC. The Government hates the IRC because they seem to think that it's the hotbed for perverts to meet children, hence all the FBI agents posing as little girls.

The IRC is somewhat immune to legal attack, since it is decentralised, and like the newsgroups, the content is user-based, thus the hosts don't take responsibility for illegal activity. So what can Big Business and the Government do to stop this menace? Hmmm....

Re:Do we really know who is DDOSing?

[PhantomHarlock]

And why does that post have a 'funny' rating on it? Do you not think that is a perfectly plausible theory? Give me one good reason why that couldn't happen...you can't. It would be very easy for even a single corporation or government entity to perform something as easy as a massive DDoS, using even just a few people instead of one kid in his bedroom.

As the original poster mentioned, there are MANY entities which feel they are losing out by the information and wArEz being passed around IRC. It would be nothing for a company to post two or three people on a rotating 24 hour shift to blast the hell out of some servers continuously until they finally give in, or are badly damaged.

But, as the followup poster mentioned, it could also just as likely be one idiot on a warpath. The thing that gets me is that people are even using the phrase "IRC Warrior" and other such things. The truth is all of this stuff is completely meaningless...IRC is a means to an end (chatting and exchanging information) not an end unto itself, which is how the kids see it. (pre-occupied with 0pz, channels, etc)

90% of the userbase of EFNet is a sad joke. Even 10 years ago it had it's lamer elements, but they have grown to almost completely overtake the network. It's so bad that it's funny. And humor is all we have left.

"A joke is the epigram on the death of a feeling."
--Edith Warton

Mike Massee

just fixed it and added more info

[joq]

Thanks I didn't even check to see if the link was broken. It was a typo so I moved it over, and added a TCP/IP stack tuning guide to the original document.

are you kidding

[joq]

Many people still use IRC for many things trading coding tips in C++, developing OS's (#freebsd, #openbsd, etc.), assisting newer users of the OS (#linuxhelp, #freebsdhelp). Many friends also use it as a means to communicate, and it's sad you do have some shitty channels but you shouldn't generalize everyone on IRC as being warez kiddies.

Re:are you kidding

[Ded+Bob]

I have been trying to help out on #FreeBSDhelp for the last few days. This is frustrating, but at least now I know why I have not been able to connect.

Whoever is doing this should lose the use of a computer for a year. That would be an appropriate punishment.

Stopping DoS attacks

[joq]

I noticed most of these attacks happening in the summer time which can be attributed to kids being out of school and having too much time on their hands. I've written a paper on stopping DoS attacks which can be found here, which deals with network based (router level), firewall, and kernel tweaks, to minimize a DoS attack.

Some of these idiots should check into a local clinic for psychiatric assistance, and stop ruining things for people who just want to chat.

Re:Stopping DoS attacks

[lewp]

When I say it, "kids" just refers to their immature behavior. I know a bunch of young adults (early to mid 20's) who engage in the same activities.

Re:Stopping DoS attacks

[Narmi]

> The recurring theme throughout these posts is > "kids", doesn't that tell you anything? > WHERE ARE THEIR PARENTS? In the daytime? Probably at work. I know my parents would not be able to tell the difference between me flooding your server or downloading some software. They would believe whatever I told them.

Re:Stopping DoS attacks

[Sycraft-fu]

Nice article with some sage adivce, however I'm not really sure it would help in EFNet's case. Blocking a DDoS at your border routers only works provided the bandwidth being used by the DDos is under your total available bandwidth. If the hax0rs have a lot of boxes involved, and particularly if some of them sit on high bandwidth networks it's not going to do much good. For example: suppose you have your own T1 line, and a nice Cisco 1600 on it. Now suppose I decided I don't like you and start DoSing you from work, which has 2 T3 lines. You figure out that I'm the moron responsible and block my IP on your router. Fine, but you're still flooded off the internet because I'm just ramming too much traffic at you. The router is blocking it, but it's no good because the link is totally saturated. To deal with that you'd have to call your upstream provider and attempt to get them to block me.

At any rate, that said, your document is still a good one and can help prevent DoS attacks that deal with generating load on the server rather than trying to just flood the link out.

Re:Efnet

[Retalin]

And your attitude is personified by the users of Dalnet... so in the end its all good.

Re:Efnet

[Retalin]

Its all taste... I prefer not having services, you prefer having them. Why does that make not having them wrong? It doesnt. Its fine that you like them just as its fine that I dont like them.

Efnet

[Retalin]

I usually refrain from posting opinions but I feel on this one I must.

EFNet has been my sole IRC network for years now, its plagued by many things that draw the wrong crowds. However this doesnt make it a bad place, its just not one where you can go telling off some 13 year old that has as they say "500 b0x3n". I dont understand the mentality of attacking a non-profit irc network for any reason.

You lost your channel? So what, go make a new one.
You lost your nick? So what use a deviation.
They wont let you be an oper? So what start your own network.

I mean come on.. this is rediculous.. So what if your upset with efnet, there are so many other alternatives out there that you cant begin to list them. Use one of them.

As far as the attack that efnet is facing, its not just the DDoS, its also the attack of its users. Just like this post on slashdot about efnet... "but I find myself wondering if the oldest IRC network can pull out of this type of situation a second time?" If youve used a network for 5 plus years, and its been through this before, then odds are it will make it though it again, dont show a lack of faith or support like that. You are giving this kids or immature adults exactly what they want. The truth is this, we are giving them exactly what they want, thus they wont quit. If we quit complaining, then what they are doing isnt working any more, or they are not going to get their desired results, thus they will probably quit attacking efnet.

One of the most redundant things you will see on the efnet.org forums is the posts regarding the problems efnet is facing where people are whining and complaining about not being able to get on efnet. Instead of that, shut up and move on. So what if you cant get on efnet for a few days, its not like theres not 100 other irc networks that you can use until EFNet gets back up, heck have your buddy on a cable modem load up ircd to support your friends until efnet is back online.

In short, stop making a big deal out of it. In the end your forgetting the people who are really suffering and whining about stuff that dont matter, imagine how much these attacks are costing the hosts of the servers we love, they are doing this for free, and paying out the rear end to keep this thing going. Thats where we come to the poing of loosing efnet, is when it hits the sponsors (servers) in the pocket.

Regards,

Ret

Re:Efnet

[lewp]

So yes, EFnet may not be the largest network anymore, and its population may be going down, but the level of clue hasn't gone down and seems to be rising for the most part.

Yeah, I've actually noticed this. As it becomes harder for people to get on EFnet the amount of annoying "a/s/l"-type kids has really declined.

Re:Efnet

[Trepalium]

Incidentally, EFnet did fix most of the problems with channel takeovers and nick colliding by adding timestampping. No longer can you ride splits for ops, or nick collide to get someone's nick. Hell, you can't even get ops on a split server anymore. The only tool left to the script kiddie is DoS attacks, which no network is immune to.

I think part of the problem is too few servers are running the latest hybrid server that supports all the newest timestamping features, so the morons are still DoSing servers that are linked to those server to get them to delink to get ops on them and ride it back in.

Re:Efnet

[AtariKee]

What are you? 12 years old? Sounds like a bunch of whining from someone who's been kickbanned too much for being an idiot in someone's channel. There is more to having channel ops than a power trip.

Besides, it's only IRC. Get kicked out of a channel? Just start your own or join another. Quit yer damn whining.

Re:Efnet

[AtariKee]

"Yup, you're an op on some channel."

Nope. I frequent certain channels to talk and do business. I stay out of IRC politics, simply because to take it too seriously is to have no life outside of your computer.

"It's easy to tell. People who resort to person insults over the issue are people whose social standing rests completely on the '@'."

How witty. Truth hurt a bit?

"Tell you what. Get a tattoo of an @ sign on your face. That'll let people know you're to be respected."

See above.

The rest of your snappy comeback is just more groveling from someone who takes IRC too seriously and has been denied ops for far too long. Get away from your computer once in a while and those feelings will go away.

Have a nice..... whatever.....

Re:Efnet

[kvx]

The majority of posts to that forum seem to be complaints about not being able to connect, usually because they can't get ident to work. There are many places to get help, but they are too lazy to look for those. If you have ident, you can almost always connect to several servers.

Re:What's the point?

[StarKruzr]

Doesn't EFNet have a ChanServ of some kind too? They pretty much make it impossible to take ops on a network you don't belong having them. We on Afternet, for example, use the extremely capable X2 ChanServ (available on SourceForge) which is ironclad and maintains userlists for every registered channel.

Other good public IRC servers beside emory.edu?

[antdude]

Since irc.emory.edu is delinked, any other good public Efnet IRC servers to use? Thanks!

IPv6

[_GNU_]

From what I've heard about IPv6, DoS attacks are alot easier to control there...

IRCnet has quite a few ipv6 server running, but as they are also quite limited to their surrounding univs etc due to beeing ipv6 only, where people tend to be clued, and not scriptkiddies, I don't think they've been put to any serious tests... well.. some minor incidents where the ipv6 tunnels have been cracked and DoS attacks against ipv6 hosts have been performed..

The most ipv6 abuse I've seen are funny ip-ending like :dead:fed and such.. ;)

If someone is clued in on ipv6, please brief us on DoS controlling if I'm totally off here.

Re:IPv6

[AndroSyn]

Hybrid 7 has support for IPv6, but alas, its not quite finished yet, and with all this stupid shit going on it, it still might be a while longer, especially with one of our best coders around. But the IPv6 support seems mature enough(I should know if anybody, I wrote most of it).

But, honestly, IPv6 might be able to help against certain types of attacks, like smurf attacks, but it doesn't help as much against DDoS. But at least QoS(Quality of Service) it would help some, unless your router is swamped....

Re:IPv6

[Dzejwi]

You really think that there are only uni users using IPv6? No way! There are numerous _free_, automatic Tunnelbrokers (see http://www.hs247.com which allows every kiddie to have their 0wn 31337 tunnel (yes, those :dead:beef). Sadly, some (ab)users doesn't even know what ipv6 is, just they are happy that they have 31337 host. And yes, DDoS with ipv6 is not as easy. But you can easily spoof v4 SIT packets...

Re:What's the point?

[jidar]

I just found out that that IS why they are under attack. I swear to god I didn't know that beforehand.

Re:news page already ./ed

[jidar]

EFnet DOS'd because of Dianora. Anybody with any longtime experience on efnet is probably not surprised by this.

Shes the biggest example of a power tripping elitist megalomanic ircop ever.

Re:What's the point?

[jidar]

It's posted on efnet website (linked above by Michael) that the servers being DOS's are the same ones Dianora has IRCOP on. I'd say it's more than just a rumor.

Re:What's the point?

[jidar]

oh... well anyway, I can dream.

Re:What's the point?

[jidar]

Speaking from experience, they are probably pissed off at Dianora.

Re:Do people still use IRC?

[treat]

I used it a few years ago when I was at college, but even then it was just a bunch of jerks

Probably because you were in the wrong channels. Really, the best channels have names that are not obvious (e.g. #sex is obvious), and are either +s ("secret", so it does not show up in /list or /whois) or +i or +k (invite-only or key needed to join). This keeps out the clueless newbies, and the warrior spillover from wherever it is that they hang out now.

Re:IRC warrioring out of hand.

[treat]

You "never did anything to harm an IRC server", yet you had an "army of clonebots?"

A clonebot uses no more resources than a single legitimate client. Yes, this is abuse of the IRC server. But this is a minor abuse, compared to the events that this Slashdot is about. Clonebots do not in and of themselves harm the server. They simply use more than one person's fair share of resources. (resources being a TCP connection, bandwidth, and memory on the server and on the IRC network). IP flooding is so much more serious.

6 years ago, the DDoS attacks of today weren't technically possible. If they were possible, they would have been used.

I disagree strongly. They were more difficult, available to a smaller group of people. And the group of people who had the ability to do this, I would like to think, also had a certain ethic against doing it.

Re:What's the point?

[treat]

What is the point of attacking an IRC network with a DOS attack anyway?

To get ops. Timestamping makes this more difficult, it does not make this impossible. Consider the case where everyone in the channel is disconnected because their server is flooded off. Now that there are no ops, you can get ops on a split. And of course, you can cause a split by flooding one or more servers. As a bonus, you get to steal the nicks of your enemies.

Re:IRC warrioring out of hand.

[treat]

Well I hope your equally disgusted with yourself. Its shitheads like yourself who's antics set the stage for this sort of thing.

How is that? When IRC wars moved out of IRC, I stopped. More than that, I vowed to never fight again. I have let the channel I hung out in for 8 years be taken over for months, because I refused to engage in any IRC wars.

Pingflooding had been considered lame for a long time. It hurts noncombatants. It hurts combatants in ways unrelated to IRC. It is unfair to those who have less bandwidth. It creates wars that escalate only through use of more bandwidth, which means hacking hundreds or thousands of machines. Then a new crowd moved in (along with Windows, WSIRC, and mIRC) that didn't see a problem with it. The collective morality changed. It wasn't individuals who's morality changed, it was a new group of people who did not have any respect for anything.

IRC warrioring out of hand.

[treat]

I used to be a fearsome IRC warrior, in the days of nuke and flash. Not winnuke, mind you. Nobody on IRC used Windows then. Nobody at all.

I never did anything to harm an IRC server. Nobody did. #warez learned to fear my army of clonebots, and in fact clonebots were the only thing I ever did that upset IRCops.

Now, people don't care about IRC when they are involved in their IRC wars. Just like using nuclear/biological/chemical weapons in real-life wars, DoS attacks against servers harm innocent noncombatants. This is unconscionable.

DoS attacks against servers is destroying, and will ultimately destroy, EFNet. These people surely know this. They just don't care.

I have never been so disgusted with mankind.

Re:IRC warrioring out of hand.

[Tarpan]

[...]there is even atleast one server which won't even allow you to chanop no matter what the server state.

I'm not on EFNet, i keep myself on IRCnet. But there are alot of restricted servers for me, ie those that i can connect to but i can't use any chanop commands. Which is kinda sucky. Not to mention how hard it is to find a working server for me sometimes, i got three i can use and they all die with regular intervalls.

Re:IRC warrioring out of hand.

[clyons]

The parents are gone. But anytime someone proposes a law/plan dealing with something like this, it is slapped down as 'crushing our free rights'.

Then maybe our representatives should write laws to address activities that victimize people and their property, without bundling in laws that restrict free speech, free thought, reverse engineering, etc.

I doubt many people here would Welcome to reality. You can have a stable society with no rights, or you can have an anarchistic society where everyone carries a gun.

Of you can have a fairly society where individual rights, privacy, civil liberties, and self determination are balanced with the need for law, order, justice, and the ability to enforce laws, without trying to tell us we must love Big Brother.

The parents are gone, it's up to society to run the show now.

Socitey is willing to deal with abuses like this, though not at the cost of human rights and civil liberties. Stopping DoS attacks doesn't mean we have to lose our rights and liberties in the process. It just that certain people (those who are supposed to represent us) like to throw in think we think would be detremental in what amounts to an all-or-nothing deal.

Really, it's an attitude of "Well, either you eat the poisoned food, or you'll starve." It's called attrition. They figure if they don't give us something uncontaminated, we'll eventually be hungry enough to swallow poison just for the sake of food.

--

Re:IRC warrioring out of hand.

[jrockway]

OPN has NickServ and ChanServ... BTW OPN _is_ a cool place to hang out. Try #ppclinux and #imaclinux, since I have ops there ;) [I didn't DoS either...]

Re:IRC warrioring out of hand.

[NDPTAL85]

In what way is DALnet lame? They have a Nick and Channel serv. More than most nets can say.........

Re:IRC warrioring out of hand.

[TeraCo]

The parents are gone. But anytime someone proposes a law/plan dealing with something like this, it is slapped down as 'crushing our free rights'.

Welcome to reality. You can have a stable society with no rights, or you can have an anarchistic society where everyone carries a gun.

The parents are gone, it's up to society to run the show now.

Re:IRC warrioring out of hand.

[banshee2000]

DALnetsux is lame because it's got more ego than anything else going for it. The opers don't even follow their own policies. It's a network of old boys who will forgo all of their stated ethical policies for anyone who can suck up to the oper/admins ego's.

If you think that DALnetsux is the only (or one of the few) networks with services, then you better try again. There's a shitload of networks on IRC with full services.

Re:IRC warrioring out of hand.

[tetsugakusha]

I'm a fellow ex-EFNet soldier (lameness intentional) and I still hang out on EFNet from time to time, there are a few channels still around where there are actually people talking 24/7, people who have been there sometimes 10 years or more. People are posting as if EFNet were already dead, or its death were a foregone conclusion. I, however, have faith that this, too, will pass and EFNet will be fine. But if it comes to it, better death than becoming lame and AOL-ish like certain other un-named (DALnet) networks.

The only thing insightful about that comment...

[dave-fu]

...is the fact that (at the time that I'm posting this), 12 mod points have been burned on this artificial tripe-flavored morsel of geekish "violence". Feel free to threaten to beat my skull in for not agreeing with you, a0lc0d3gUrU.
And if you were among those that modded this misanthrope up, shame on you. So much for constructively teaching our children how to do right: let's just round them up and kill them all the first time they do something wrong.

Re:and more DOS

[phunhippy]

Why is this moderated up? Efnet's website is now slashdoted and efnet.org has nothing to with the efnet irc servers... think before you post.. specially since yer a doctor..

what keeps an irc network together

[Teratogen]

Remember, the four things that keep an irc network together are:

1) The learning of the wise
2) The justice of the great
3) The prayers of the righteous
4) The valor of the brave.

Against these things the packet kiddies will not ever prevail. EFNet will always be alive in our hearts and minds.

P.S. I miss you, Dianora. =~)

Re:what keeps an irc network together

[Teratogen]

coward =P

Re:What's the point?

[Teratogen]

She's an efnet irc operator, also a C programmer who has worked on the ircd code.

Re:Here he is.... WAS Re::( ... God! I wish

[Teratogen]

if he's the one who is doing this, I hope he drinks some bad vodka with methanol in it and dies a horrible screeching vomiting death.

The downfall of the EFNet

[iso]

I've been on the EFNet since 1991 (#iCE and #ANSi back in the day ;) and it's been a shame to see it steadily decline in the last few years. I used to frequent it all the time but about three years ago it just started getting ridiculous: netplits all the time, lamers taking over the channels, and very difficult to have any decent conversation. It used to be fun to have it on in the background at work but now it's just not worth it.

This year has definitely been the worst however. I've seen every single channel I've ever frequented move to other networks. #iCE was the last to go (they're very nostalgic) and while they've tried to keep a relay bot up on EFNet to keep the conversation on both servers it just isn't working: EFNet has officially gone to hell.

I hate to see it go. Now I can't find any two interesting channels on the same network and everybody I used to talk to is fragmented on different nets. It's really too bad that a few immature individuals can ruin it for the rest of us.

- j

Re:The downfall of the EFNet

[jpmoney]

Ahh #ansi, so much fun =). I'm a current #ascii guy and its bugging the hell out of me that I can't get on. Yes EFnet has gone to hell, but it will stay up. Even if it does go down, all the war3z kids, the mp3 kids, the iSO/divx/mpg kids and the other random 31337 kids will find a new network. I really do wonder however how much these "scenes" (the main pull to efnet, don't fool yourself) have to do with the script kiddies or whoever is launching the attacks. I don't think there is much of a tie at all... any ideas on this?

I'll spare everyone yet another rant on why the DoS attacks are just stupid. At teh same time, it brings a tear to my eye to see #ansi typed here *sniff, sniff*

Re:Possible Solutions

[Greyfox]

Another possible solution WOULD be to license net use. Sounds kind of silly until you think about the requirements to broadcast radio over the public air waves. Any citizen can be authorized to broadcast "Allowed" traffic by studying for the test and getting a ham license. Unlicensed bands (CB) is much more leet kiddies running illegal amplifiers and effectively DOSing each other. Ham people call CB "Children's Band." AOL could be the internet's "Children's Band."

Possible Solutions

[Greyfox]

A couple of possible solutions present themselves to DOS attacks:

1) Mandate that ISPs filter outgoing traffic from outside their address range. A lot of these attacks won't work or won't work as well due to address forgeries.

1a) Hold ISPs responsible for damages stemming from attacks originating from inside their IP ranges. Allow them to recoup those costs from the users whose hosts are involved in the attack.

A lot of people are gearing up to flame at this point going "But but but you can't hold a user responsible for the security of his machine!" Bullshit. If you want to connect to a public network, you should damn well make sure your system is secure. And security would improve, because someone's money would be directly involved and therefore law enforcement would be much more inclined to pay attention.

2) Give a government organization draconian powers over the net and passwords to all the routers irrespective of what company owns them. "Oh... That DOS is originating from foo.net. Lets just turn down their router until they sort it out." That'd damn well get attention real fast.

Re:Possible Solutions

[autechre]

Re: security:

Personally, I'm all for splitting the blame between the ISP and the user. When the Comcast (or whoever) representative comes out and installs your cable, they should have you sign some sort of statement of security, peform a few basic checks on your machine, and leave a card telling you basic ways to keep your machine secure. These would be something like:

1. At least once per week, preferably more often, use the update feature of your OS. Win32 has Windows Update, MacOS has a control panel, Debian has apt-get. This alone would prevent much of the successful attacks going on today.

2. If possible, leave file and print sharing off. Use a password, if you must turn them on. (for *nix machines, this could be extended to "don't run things like r-services, telnet, etc.)

3. Buy one of those nifty little $100 routers, or use one of (list of approved software).

After that, it's all upon the user. If someone can pay for access which is fast enough to make them a target, they can certainly take a few minutes every week to keep things up to date. If not, then they get to pay $$. It's the same with people who can't bother to cook for themselves, or who have to have designer blue jeans. You pay, I don't. What a wonderful life.

Will this work? Ha! This will probably work at about the same time people check the fluids in their car once per week like they're supposed to do. However, if their computer gets 0wn3d, and they have to pay $$ for it, that might be a pretty good motivator.

Sotto la panca, la capra crepa

Re:Possible Solutions

[PatJensen]

While these are good conceptual ideas, once a packet filter is implemented on a router, it consumes a huge amount of processing power and memory to then process every individual packet through that filter. This will lower an ISPs throughput significantly as each packet hits the filter.

Now, imagine these LARGE NSPs that host IRC servers on EFnet with multiply redundant BGP-4 routed DS3 and ATM circuits placing these access lists on their core routers. It wouldn't work. It would cripple them worse then the DDoS's will.

You could use a Firewall as a solution, but they are cost prohibitive to pay per connection for every IRC client. This is why it is hard to "just filter" attackers on core routers.

And as far as holding ISPs accountable goes, that is a can of worms that won't be opened. Other then our DMCA and other laws.. I can't imagine this happening.

-Pat

Re:Possible Solutions

[kinnunen]

While these are good conceptual ideas, once a packet filter is implemented on a router, it consumes a huge amount of processing power and memory to then process every individual packet through that filter. This will lower an ISPs throughput significantly as each packet hits the filter.

Umm, how so? All packets are already routed based on the destination address, this would simply be routing based on origin address. And it would be really simple too, the routing table is very small since ISPs usually have large address blocks, plus there are just two possible routing options (destinations): kill and don't kill.

--

Re:news page already ./ed

[AndroSyn]

Never mind the fact that Dianora has been pretty much responsible for leading the development of Hybrid ircd. Of course most of you don't want to here that.

Regardless, its a pretty stupid.

(Speaking for myself, not the Hybrid team)

Re:news page already ./ed

[AndroSyn]

Yeah..like ircd-omstud is some amazing piece of software or something...With its negative idles times and shit, not to mention its pretty much unmaintained.

Re:news page already ./ed

[JoeShmoe]

It's not the slashdotting (well, it probably is now) its that everyone on irc has been trying to get an update since yesterday.

You can read the news at this mirror too:

http://www.phule.net/mirrors/efnet-news.html

- JoeShmoe

Re:Here is what i don't understand...

[JoeShmoe]

I don't think that the users and admins of EFNet would like the thought of having the government actually being part of their network.

Um, if you don't think the government is already on EFNet (actually, any IRC networks) then you are living in a fairy tale. Think back to the mafiaboy fiasco...he bragged in an irc channel and the next day he was arrested.

Not to mention all the undercover cops in channels like #dadanddaughtersex hoping to catch some kiddie porners.

Since the government can get their hands on any information with a sealed subpoena there is no more or less protection than just everyone using a server like irc.fbi.gov!

The whole EFNet piract scene is a few thousand people at best. There are far larger targets (although they have gone after FTP sites, which in a sense could count as an IRC bust since most siteops are on IRC).

Regarding proof, they don't need prove to make an arrest. That's what a trial is for. Kevin Mitnick was arrested because companies like Sun claimed his copying of source code cost them millions. This was enough to make him guilty of grand-theft computer and get him arrested, even if Sun couldn't prove a single cent of damages resulting from the download. It was just a theory but that's all that matters for an arrest.

I admit that a bunch of WAREZ DOODS don't make a very sympathetic victim, but think about the major ISPs like @Home, C&W, Mindspring, etc that are subjected to constant attacks. If just one of these companies would grow a pair of balls and try to get enforcement instead of pulling the plug then it would send a message.

After mafiaboy I sincerely doubt that anyone would try a major attack against our precious, precious e-commerce sites. So if the same kind of example was made of one of these script kiddies then maybe the rest would think about whether taking that channel was worth years in jail.

- JoeShmoe

Here is what i don't understand...

[JoeShmoe]

This is a crime. Where is law enforcement?

No monetary losses? How about bandwidth cost? How about admin time to repair/fix hacked IRC servers?

What I fail to understand is how some Canadian teen ping floods Yahoo! and has the entire wrath of the FBI, NSA, CIA, DIA and Canadian Monties on his ass...meanwhile EFNet servers are subjected to coordinated 3Gbps attacks and the only solutions seems to be give up?

What the hell kind of logic is that? Okay, give up because it is easier. If you ask me, every EFNet server should lodge a formal complain, claiming $10million in monetary losses. If we learned anything from Mitnick, it's that companies can claim any bogus amount of losses and get results.

Or maybe the FBI/CIA should just host an EFNet server themselves. We all know they are caching the whole damn thing anyway to run through Echelon. If EFNet goes down then were are news organizations going to go for their pithy quotes?

- JoeShmoe

Does *this* have something to do with it?

[Trinity-Infinity]

I saw this post when searching for Dianora on google. I've not used IRC in years and am unfamiliar with the battles going on... but perhaps something in these threads can explain exactly what happened to cause the DoS?

Duh, please ignore my previous post...

[Trinity-Infinity]

I didn't notice the date on that was 1998. I'll say that's a bit stale for these purposes...

What sort of fools build a spanning tree anyway?

[cperciva]

I really have to wonder at these IRC people: They build a spanning tree, and then complain about netsplits. Come on, you want to avoid having *any* single point of faliure... not maximize the number of such points.

IMHO, IRC networks should be set up to look more like usenet does: Each server should peer with several others, forwarding data about using basic flooding algorithms. Sure it would be a bit more complicated, and it would use more bandwidth (because you need to work out which data has already reached your peer and avoid resending it), but it would practically eliminate these problems.

Why can't people design computer systems with a bit of attention to redundancy and security in the first place?

Re:What it will take to save EFNet

[Fred+Ferrigno]

In a channel without ops, and even with a real /ignore, spambots become a real problem. New people to the channel who haven't ignored the 20 resident on-join spammers will be targeted. People with massive clonebot nets can still DoS those who aren't quick enough to block 240 different IPs. Opers become the policemen of IRC, spending much more time dealing with smaller problems.

The first come, first serve status of IRC may be prone to abuse, but more abuse occurs without anyone there to take quick and decisive action. In an ideal world, users would elect ops and confirm their decisions, but that's far too much to expect from a chat room.

--

Re:What it will take to save EFNet

[BlueBlade]

You sir, are ignorant. Have you even seen a good join/part flood on IRC? A good botnet of over 30 hosts, disconnecting and reconnecting with a new name every second, joining then parting. This prevents any legitimate chat in a channel. The problem is that these 30 hosts are mostly rooted boxes or misconfigured proxies. But there's no shortage of such boxes on the 'net. Having no ops would mean letting these kids kill any channel they want. They just have to hit the channel with such a flood, once a day. Who wants to have to type a /ignore *!*@*.somehost.com 30 times a day just to stay on a channel? There's clearly the need for some authority powers. I op in some rather controversial channels (but legal) and we are hit by such floods regularly. If we could not ban the users, our channel would sink under. And re-creating isn't an option, as the flooders would simply change their target. You are living in another world if you think channel authority should not be implemented.

Conspiracy Theory #45

[neoThoth]

This could be the recording and motion pictures industries way of dealing with all those 31337 w4r3z d00dz. Think how cheaply a large company could commit an attack of that magnitude. They own entire OC-48 connections, each (lots of companies comprise those industry groups).
I know it sounds all Johnny Mneumonic (allusion to the cyberpunk genre not the lame damn movie!) but a corporation spending money from a slush fund to pay off some hackers (or maybe just giving them crap loads of free promotional gear) to take out these servers. Hell maybe their own IT personel are in on it. If you had all the bandwidth and computing power in the world wouldn't you?
Well they are a souless corporation... and they would.

ne0

Re:and more DOS

[pallex]

You said the same thing 3 times, using different words. Are you a journalist?

Re:Still other sources for IRC fun...

[CaptJay]

The post you responded to is correct: There ARE ways to protect network hubs from (D)DoS. One of them which Undernet uses is hiding the hub's IP, either through tunnelling (makes hubs look like they are on a local, non-routable address from the client servers) or making sure the servers do not give out IPs of connecting/splitting servers.

Of course, it assumes that you change where you host the hubs before it gets effective, and that noone leaks what the actual IP is, but it's a start. Sure, security through obscurity is no security at all, but what we're dealing with here are script kids.

It didnt solve all the problems on Undernet either, because client servers can and will still be attacked. but hubs, along with services, have always been the challenge script kiddies like to have because they cause much more trouble when they go down.

CaptJay,
former NewBrunswick.NJ.US.Undernet.Org Oper

BAH!

[jbarnett]

First a DOS on their irc network, now a slashdot on their web server....

We should ALL send out our support though LOADS of email to let me know we care... err wait

Re:WRONG

[Mekanix]

Noone is saying we are sitting on IRC 24/7 and we do recommend people to seek professionel help.

But when that's said that doesn't solve the issue that people come to rely on us because:

1) All the professionel help they get are a monthly visit to the psykiatrisk for a new prescription for Prozac and the likes. We all know that doesn't solve anything, but that's how it works in this country anyway.

2) Quite a lot have some kind of fears/angst on top of their depression. Fear of leaving the house, fear of people, fear of people getting close. IRC gives them a chance to leverage this fear and meet people either through anonymity and/or the distance/facelessness.

3) Some doesn't trust anyone due to either abuses in life, 1) and/or 2). They too are gaining an entrylevel to "get out there".

4) Some are very lonely. No family, no friends. All they got is perhaps a therapist.

All in all on IRC we find something we don't find or are ready for IRL.

Personally I've gained a lot from IRC. Learned that there was more help to be hat than the monthly prescription. Learning socialskills. And actually *meet* people (yes, we actually meet eachother outside IRC). And in times I got more out of IRC than various ad hoc therapi/workshops.

Bjarne

There are no face.

[Mekanix]

I run a chat for people with depression and similar disorders.

We find great comfort in chatting with eachother and are happy that the various IRC-networks gives us this upportunity.

But when this kind of childish behavior sets in, it's not just the various networkoperators and sponsors who pays.

There are real people behind all those nicks. People who have come to depend on it. And suddenly find themselves alone, again. Alone to deal with their pain.

Once we have relocated to yet a new network, next step is at get contact to all the users. Mostly impossible, few trust others to get close enough to give out personal datas (like email).

Third step is to get people to change their client. Almost as impossible, many of the users aren't your run-of-the-mill powerusers.

Bottom line is that every time this pre-teen-kidz feel an urge to show off their l337-status, *real* people with *real* life and *real* problem.

But those script-kiddies doesn't care, to them we are just faceless nicks.

My wish is, that once those kids grow up they will learn of the harm they had done. Know that when they trashed a network, someone was left alone... crying in the dark...

... and know *they* are to blame for nonexistance of IRC and free chats.

Bjarne

Why do it?

[Some12]

I still just don't understand what people get from bringing down irc servers....

ident

[ArchieBunker]

whats the fucking point? its useless and easily fooled.

Re:ident

[enneff]

If I were participating in moderation I'd mod you up right now. That's a damn good question. What is the fucking point?!

ident is a complete waste of time. The majority of IRC users are dialup, dsl, or cable and hence have control over the strings returned by ident requests. I personally run a daemon called 'mmidentd' which always returns a random ident string, plus in most irc clients (BitchX, for example) you can use a command like /ircuser to set it anyway.

bleh.

Re:news page already ./ed

[darkwhite]

hardy @ 2001/07/10 21.49 irc.emory.edu irc.emory.edu has officially de-linked from EFNet as of today due to excessive Denial of Service Attacks for unknown (but most likely IRC-Related) reasons. It's a great loss for the EFNet community as Emory University's IRC server has for 5 years been a very stable, reliable, and open one. We would like to thank the irc.emory.edu staff for their time and dedication to EFNet, you will be missed.

Those fuckers DDOSd irc.emory.edu off EFNet? Now that's truly evil. I consider this a huge insult to the, um, "hacker" community, and this will be a great loss for me... Emory was actually the only server that let me on EFNet at one point... I think it provided great service. Indeed, irc.emory.edu, you will be missed.

thats what IRC is anyone

[kollaps]

Opers are friends of other opers, after all, its all volunteer, what did you expect? I'm rather satisfied with Dalnet after EF and undernet, even though the splits can get bad at times. I wonder how often though machines get DDoS'ed. I'm sure its nowhere as bad as EF, channel takeovers are pretty much non-existent or very, very temporary.

Only EFNet Users Will Get This

[R-66Y]

When you know things are really bad:

*** no such channel "#warez" (irc.umn.edu)

Later,

Re:What it will take to save EFNet

[Sheetrock]

Generating a database would be tougher if you follow the same basic concept as VWorld but substitute an encrypting/hashing algorithm that is costly in CPU time to apply for whatever algorithm they're currently using to hide the domain (this idea is mostly lifted from Adam Back's Hashcash concept for fighting spam). Here's the idea:

The algorithm should take something like 30 seconds or a minute to perform on a domain or IP address by an average IRC server, which could cache calculated hashes for speedier subsequent logins from that address. Take the entire IP address/domain name to use in generating the hash and don't reveal any part of the user's real address to other IRC users. This would give roughly 2^32 addresses to guess at, as you mention. The IRC server should only use the IP address of a client to compute the hash as a last resort when a domain lookup doesn't work. This scenario would make it computationally infeasible to generate a lookup database client-side.

Additionally, if a secret numerical seed was used in generating this hash and shared only amongst server operators, the threat of someone generating (or stealing from an IRC server, assuming generated hashes are cached to improve future performance) a lookup database could be softened somewhat by the potential of server operators choosing a new key if a compromise occurs or on a periodic basis. This would make the database worthless. It's similar to the way Unix crypt() fights lookups using 'salt', but this secret key can't be randomly generated because then the hash would be worthless for doing autobans and the like (it'd change every login).

This scheme will decrease in effectiveness as computing strength grows. The only way to combat this is to increase the computing needed to process the algorithm. The algorithm must be adjustable, perhaps by adjusting its key length or by running it more than once.

So, basically, if VWorld can find a one-way cryptographic function where the time required to encrypt can be adjusted periodically and the function can be seeded by a large key provided by IRC operators, I think they'd be better off. Perhaps something like Blowfish run a particular number of times or with a particular key size (to slow it down) over the domain name/IP address, then MD5 over the output from the cipher to get short, consistently-lengthed output for the fake domain name shown to other IRC users.

---

Re:What it will take to save EFNet

[Sheetrock]

You've got a good point about being able to down a server with my suggestion (I used 30 seconds as a placeholder for N seconds such that N seconds wouldn't be too long for a server to spend calculating a key and N*2^32 seconds would be too inconvenient for one to calculate a lookup database). N could be one second, which would cause the generation of an entire lookup database take 49,710 days (this also assumes that a cracker knows the key... hope his school can afford Crays :). While the hash-calculation time would only be incurred the first time an IP/domain address is used to log in, my scheme would be open to abuse through a denial-of-service attack by someone who accumulates a fair number of machines on IPs that haven't logged into the server before.

It didn't hit me until the night after I posted that I was staring at the obvious; if the server operators can be trusted to share a secret key that they use to generate hashes, the algorithm doesn't need to be secret or take an inconvenient amount of time to run. I was solving the wrong problem. I decided to graft some code to the latest version of ircd-hybrid (the EFNet server of choice) to see what the ramifications would be if they ran my revised scheme (TripleDES over the hostname, MD5 over the result, append enough plaintext information about the domain to the end of the hash so that chanops can still ban problematic domains). The following is a log of me testing it out (ShtRck1 and ShtRck2 are both on locally, ShtRck3 is logging on from an address that is looked up through DNS... Slashdot is inserting spaces in wierd places but you can get the general idea).

------
/WHOIS shtrck1
*** ShtRck1 is sheetrck@0676a057.10ffd120.74043469.f0ca9fc1.127.0 (Debian User)
*** on channels: @#asdf
*** on irc via server noop (hybrid-7 test server)
*** ShtRck1 has been idle 13 minutes, signed on at Sat Jul 14 19:21:00 2001
*** shtrck1 : End of /WHOIS list.
*** ShtRck2 (sheetrck@0676a057.10ffd120.74043469.f0ca9fc1.127. 0) has joined channel #asdf
*** ShtRck3 (sheetrck@cc972d09.d9f38191.49dbe927.93a4eff0.aol. com) has joined channel #asdf
/KICK #asdf ShtRck3 Testing...
*** ShtRck3 has been kicked off channel #asdf by ShtRck1 (Testing...)
*** ShtRck3 (sheetrck@cc972d09.d9f38191.49dbe927.93a4eff0.aol. com) has joined channel #asdf
/MODE #asdf +b *@*.aol.com
*** Mode change "+b *!*@*.aol.com" on channel #asdf by ShtRck1
/KICK #asdf shtrck3
*** ShtRck3 has been kicked off channel #asdf by ShtRck1 (shtrck3)
/MODE #asdf -b
*** #asdf *!*@*.aol.com ShtRck1!sheetrck@0676a057.10ffd120.74043469.f0ca9f c1.127.0 995156621
*** Total number of bans on #asdf - 1
------

The two awkward things I see in this scheme are the length of the fake addresses (which do fit comfortably within the hostname space allocated by Hybrid) and the need to trust every operator on EFNet to guard the key. Should the key become compromised, it would be simple enough to generate a new one and distribute it to server ops, but as you mention it would invalidate everybody's autoban/autoop lists. Then again, server ops are trusted to not maliciously modify their servers or randomly kill other servers and that's worked out pretty well so far. Given the ease of writing this patch, I'm kind of surprised they haven't done it already; the server already optionally links to OpenSSL. My guess is that they haven't seen much of a need beyond spoofing server operator hostnames (something they've made provision for in the source) so they decided it's a non-priority.

Do you think VWorld would be interested in strengthening their system like this? Are there any other obviously incorrect assumptions in my design?

---

Re:Open servers

[AntiNorm]

And how the fuck are they supposed to do that? - Hi, we really need more open servers. Would you mind hosting our network and reciving hundreds of Distributed Denial of service attacks a day?

Take a look at DALnet, for instance. Their servers are DoSed too, but not nearly to the same level as EFnet's servers. And look -- most DALnet servers are open!

---
DOOR!!

Open servers

[AntiNorm]

Believe it or not, EFnet would vastly improve its situation with more open servers. Having to spend a considerable amount of time searching for a server that will let you connect is VERY annoying. I have spoken with a number of other people who agree with me on this. People don't want to have to do this, and I find it impossible to blame them.

Like it or not, EFnet is pissing off its user base. Not that this warrants DDoS attacks, but the basic principle is that if you treat your users well, they'll treat you well. Likewise, if you piss them off, they're not going to be so likely to be friendly towards you.

---
DOOR!!

Re:How is this just "an IRC thing"?

[sethgecko]

The root DNS servers at [a-l].root-servers.net are just as vulnerable to this stuff.

Yes and no. Providers of root servers usually won't stop hosting root servers because of a DDOS attack. The root servers aren't going away. The whole point about EFNet is that most of these servers are optional, run because some provider felt like doing a good turn for the community. When these providers get hit, they drop their IRC servers pretty fast. The same thing will not happen to the root servers, at least in terms of getting dropped.

Also, there is much more redundancy in DNS than IRC. If several/most/all root servers die, caching should continue to provide some level of service. Generally speaking, end users don't send DNS queries directly to the root servers, (unless they're running djbdns, like me).

Re:Uh....

[Suppafly]

Because people who prefer Undernet and DALnet tend to prefer them because of channel/nick protection
last time i was on undernet.. a couple days ago.. they didnt have nickserv or chanserv so i dont know what you are talking about.. and x and w havent been working on undernet for like ever..

Re:What's the point?

[chompz]

All of thier scripts are envoked as such:
----
Your COmmanD OF D3ZTRuCTi`N: irckill.sh -h
USAGE:
irckill.sh -s server (DEFAULT: efnet)
Result: procedes to destroy the network "server" exists on.

Your COmmanD OF D3ZTRuCTi`N: irckill.sh
Target: "DEFAULT" destoryed.

but it could be used on irc.coolfellas.com if it existed.

It just seems, most script kiddies are to dumb to care who they are attacking, so they see an example of how to atack server XYZ and that's what they try. Immagine, write such a script, place it on a watering hole website (like the poor, forgotten rootshell and ten thousand freshman college kiddies download it and try to run it on thier "l337" redhat box, which they had an upper classman setup "the right way" so they could try haxoring.
So, these ten thousand kiddies all run this script on a few computers right around the same time (a week or so) and suddenly, wow, target "DEFAULT" isn't sitting so pretty on its network.

That is the way it is.

:( ... God! I wish

[cOdEgUru]

that I could lay my hands on that 13 yr old freak whos behind this. To hell with Non-violence, I would bash his head open.

These idiots would never stop, until someone hit them with a baseball bat over their head. And its time someone did.

A rant

[warkeng]

How dare they let us use their servers and IRC for free. Those bastards. I'm going to dos them.

Re:A rant

[warkeng]

The above was sarcasm.

.sig
Slashdot ate my angle brackets.

Re:and more DOS

[DCowern]

You must not submit stories very often... it's not the admins but the people who submit the stories who insert the links. If you're going to yell at anyone, yell at the person who submitted the story. -- Dave

How is this just "an IRC thing"?

[SlushDot]

There seems to be an attitude here that most of IRC is lamers, and who cares if they're DDOSed into oblivion. However, I fail to see what makes this unique.

The root DNS servers at [a-l].root-servers.net are just as vulnerable to this stuff.

Re:How is this just "an IRC thing"?

[imipak]

...until the TTLs start timing out. If the putative 15 y.o. could keep it going more than a week it would get ugly, I suspect.
--
"I'm not downloaded, I'm just loaded and down"

Do people still use IRC?

[doorbot.com]

I used it a few years ago when I was at college, but even then it was just a bunch of jerks who got off on having moderator priviledges and kickbanning people who used brackets around their name (I guess those people were stereotypically 'leet haxors who would end up banned anyways).

I thought geeks were open minded because they'd been treated like outcasts. Maybe it made them feel better treating newbies that way.

Well, I wish your IRCers luck trading files on #warez...

How about this for a scary idea.....

[gdchinacat]

Perhaps a reason people launch DOS attacks against entities such as EFNet for no apparent reason is simply to get press. I think this is similar to the sports fans who run across a baseball field during the seventh-inning stretch (perhaps minus the alcohol however). Perhaps slashdot should treat them the same way as the broadcasters treat streakers...DON'T GIVE THEM WHAT THEY WANT -- PRESS.

What it will take to save EFNet

[bl968]

It will take a number of the following measures to limit and reduce the number of attacks EFNet faces.

Hostmask mirroringthat would at the irc server level protect you from hostile users out there, making it virtually impossible for them to gain your IP address via IRC.

Nickserv/Chanserv allows you to reserve your own nickname and reserve your own channels for personal use.

Invisible hub servers, these invisble hubs means it is possible for one or two servers to be taken down but it will be individual servers on instead of entire branches

By implementing these features you will see the irc wars lessen and eventually die out for the most part. The nick and channel services would protect the channels reguardless of the warbots and denial of service attacks. The masked ip's would mean you could not attack other users of the network unless they did something stupid like accept a dcc connection. EFNet may have the invisible hubs already however the rest of the possible solutions they do not have and seriously need to consider.


--
When I'm good I'm very good, when I'm bad I'm better, But when I'm evil you better run :P

Re:What it will take to save EFNet

[bsquizzato]

The things you mentioned have already been implemented in EFnet's hybrid7 ircd (which is currently still in beta).

Re:What it will take to save EFNet

[kvx]

EFnet is popular in large part because of the lack of services. As for invisible hubs, there are several hubs on the network (exodus, hub.uk to name a couple) which don't have their actual IPs shown in the C/N lines. And this attack seemed to hit _every_ client server or just about, so your solution wouldn't work anyway.

Re:What sort of fools build a spanning tree anyway

[achurch]

I've got a proposal for a new IRC protocol (very much a work in progress) sitting around, if you're interested; among other things, it allows redundant connections between servers. Comments are welcome (but "we-don't-need-another-IRC-protocol" flames are not).

--
BACKNEXTFINISHCANCEL

Still other sources for IRC fun...

[DarkEdgeX]

EFNet going down is indeed news, but I question how great of a loss it would be with the other networks still out there. Sure, losing EFNet is probably similar to losing BBSes for the internet, but in this situation, there are still other networks and new ones still pop up from time to time.

And before anyone takes this as a flame, I *LIKE* EFNet, but it won't kill me if they can't turn things around-- I'm intelligent enough to realize that there ARE alternatives.

Re:Still other sources for IRC fun...

[DarkEdgeX]

Read the other threads under this story-- there are ways to keep a DDoS attack from crippling a network, it just appears that some (all) of EFNet's hubs/servers aren't protected.

Re:Still other sources for IRC fun...

[MagerValp]

Yeah, well, what makes you think the script kiddies won't DoS the other networks once EFnet's gone? I've been on EFnet for 8 years now, and it's sad to see a bunch of wankers destroy it.

Re:Still other sources for IRC fun...

[ByTor-2112]

Yeah, plus I'm sure that other wankers have stolen my nick on other networks. It sucks that I worked so hard flooding and pinging all those years ago to take it by force and now thanks to script kiddies I'll lose that. Dang it.

Killer Pro for mIRC baby!
Mind 'n Smoke by Drwhatshisname.

Old school rocks!

The cause..

[dj28]

The cause (from what i gather) is that opers were splitting servers in order to gain OPs in some chans. This is deemed as 'breaking the rules', and someone decided to take matters into their own hands. One of the people admitting to doing it on the forum said it's being done becuase of "abuse operators." It's a shame this is happening. Some people don't appreciate a free service.

Re:What's the point?

[Megahurts]

Notoriety. Look at the response they've gotten so far...

Re::( ... God! I wish

[BlowCat]

(Score:5, Insightful)
...
I would bash his head open.

Gosh, I've never been moderated to +5, Insightful. Perhaps I should learn from you how to write insightful comments.

What happened?

[update()]

madmax @ 2001/07/11 21.16 irc.ins.net.uk / dianora
Just incase the rumours are true and somebody's attacked all the servers dianora opers on, can I point out that Diane hasnt been opered on irc.ins.net.uk for about a week... If you're going to DOS servers because you dont like their opers, at least /stats o first ;P

Since a lot of people seem to be up on this situation -- what's the story?

I know, this is pure gossip with no redeeming News For Nerds value and almost certainly involves a lot of dweebs with too much time on their hands and no sense of perspective. But since we've pretty much exhausted the community discussion possibilities of "Destructive script kiddiez are idiots!" let's get to the dirt!

Unsettling MOTD at my ISP.

Re:and more DOS

[Manitcor]

I would disagree. In the simpilest form it may be but lets look at the 2:

A DoS attack is normally done when a script with no intention of anything other than bringing a site down is excuted across 1 or more systems that hit the server 100s-1000s of times a second to overload the server.

The /. effect is a bit different though it is debiliatating to some servers. Users of /. see a link from a story and wish to find out more by viewing that link. Due to the large membership of /. this can sometimes surprise a site not ready for a lot of traffic and bring them down.

The effects are the same but the intent is quite different. And at least in the US intent can be the difference between guilty and innocent.

What's the point?

[Traicovn]

What is the point of attacking an IRC network with a DOS attack anyway?

It's not going to give you ops, your not going to achieve anything besides slowing down the network.

I have to wonder what the script kiddies problem is with EFNET, what's their beef with them? I'd like to see that posted here, or are they just doing it because they can.

I've seen some severs disappear off efnet and go private or join other networks too. People don't want to be associated with the unstable network, and they can't pay the bandwidth bills of a DOS atack. Remember, DOS sends a whole lot of information, which translates to bandwidth, which on servers, costs a pretty penny. And unless you own a telecom, that's money that your never going to see.

Whoever is doing this, just quit it. Attacking an IRC network (Which is free for people to connect to and use by the way) is just lame and stupid.

[Something witty and intelligent should have appeared here.]

Re:What's the point?

[jesseraf]

Some opers piss people off too. K-line their bots, etc, and that doesn't help the situation.

Re:What's the point?

[TotoLeFoobar]

Ego crisis. Alice hurts Bob's feelings. Bob gets pissed, takes his gun and shoots at servers Alice is using. Apparently there was IRCop abuse, and some paquet kiddie got pissed. 49gbps DDoS. Some people don't seem to understand that real servers are behind this and real people with real spare time that's not worth investing in a war between users.

Re:What's the point?

[chuqui]

> > What is the point of attacking an IRC network with a DOS attack anyway?

> To get ops. Timestamping makes this more difficult, it does not make this impossible.

And there's also the "if I don't get what I want, I'll take your toys and go home" attitude. They don't care who else they screw in the process, they'll blow it up because they aren't allowed to, and feel like it.

A true lamer mentality, but it's all over the net. Just ask the slashdot trolls...

Re:What's the point?

[banshee2000]

Exactly - well said. These damn skript kiddies don't realize the damage they do .. they don't even care. They'll kill IRC before they're happy.

We have a small IRC network and it can get bloody expensive. We've been hit by DOS attacks too for no apparent reason. You're right, they do it just coz they can. These stupid kids aren't hackers, they aren't even wannabe hackers, they hit and run with point n click kiddie scripts.

I've been on IRC for almost 7 yrs. I started on Efnet then moved to DALnetsux and now on my own small network. All we want to do is have fun chatting and we provide the service to people for free so they can enjoy it too.

More and more the shell providers are shying away from offering IRCDs precicely because they are so bandwidth heavy thanks to these damn kids. It just sux. I'd like to be their parent for about a week .. man they'd be afraid to fart w/o my permission when I got thru with them.

End of rant :P

Re:What's the point?

[kvx]

Well, there are a couple of things I heard. First, I heard that some kiddie vowed he'd hold down all the servers for 12 hours. Supposedly this comes from opers. The other one I heard, and is a rumor posted by madmax (irc.ins.net.uk admin) to efnet.org that it was because of Dianora. There's always allegations of oper abuse and from time to time, servers probably do get hit for that, but at last I heard, that was just a rumor.

Re:What's the point?

[kvx]

It even says it's a rumor on the site.

madmax @ 2001/07/11 21.16 irc.ins.net.uk / dianora

Just incase the rumours are true and somebody's attacked all the servers dianora opers on, can I point out that Diane hasnt been opered on irc.ins.net.uk for about a week... If you're going to DOS servers because you dont like their opers, at least /stats o first ;P

EFnet had problems long before this...

[TWX_the_Linux_Zealot]

I've tried using EFnet for IRC, but any channel that deals with anything even close to a popular topic has been the target of channel takeovers, denial of servicing and hacking of channel participants' computers, flooding, and other general crap to such an extent that I gave up on it in favour of DALnet a couple of years ago. I mean, freakin' #M&M6 (for might and magic) was even having problems, and it was a puny little channel by comparison. At least the other IRC networks don't have rampant channel battles of that type. I'll be somewhat sad to see EFnet go, but I'm not really surprised in light of how the network has been let go.


IBM had PL/1, with syntax worse than JOSS,

Ironically,

[xenocide2]

it was bad behavior that started the trend to I-linging servers. There was a time where I could get on EFnet most anywhere. Then EFnet delinked AOL's server, and nearly unilaterally k-lined *.aol.com. I didn't use AOL, but it certainly set the tone for future problems, and now I have a hard time getting anywhere with my @home hostmask. Do I then, blame people for being aggrovated at the overreaching bans that the same people have caused a need for? Yes I do.

NoOps on Split

[xenocide2]

Splitting in ops had become a common practice of taking over a channel that EFnet went to a NoOps on Split mode to prevent people from trying it. Of course, this makes it all the harder to change things should something go awry.

So out goes that reason. My only guess is that some people wanted to take down EFnet itself after they were refused ircops. But life and EFnet will go on.

Bullying.

[Kasreyn]

Why do schoolyard bullies put a nerd's head in the toilet? They don't get anything for it. It doesn't make them any money, it can't improve their lot in life, it teaches them nothing so it's not even a learning experience.

Frankly, they do it because they ENJOY DOING IT. They get a cruel (I would say sick but sick is a hard word to apply to something practised by the vast majority of the human race), a cruel thrill off of beating up someone weaker than they. And then the tortured nerd goes home. And then he either torments pets, or he goes on the net and DDoS's some perfectly cool site. Because he has learned to be a bully, by example and by reaction to his own treatment.

Why not DDoS Microshaft or whatever, while he's at it? Because he does not have any sort of economic or political goal for this attack. He's not doing it for that reason. He's doing it to piss off as MANY people as possible. DDoS'ing Microsoft pleases too many people, so he could care less about doing it. What better way to piss off a whole bunch of netters than attacking their community where it hurts?

-Kasreyn

Re:Bullying.

[Bat_Masterson]

There seems to be a lot of belief that DDOS attacks are done by kids in order to prove how big a bully they are. Perhaps there is a more devious reason -- driven by the people behind the scenes. There is speculation that the Internet (or someplace like it) will be the location of the next World War. DDOS attacks now could be the first tests for bigger and more coordinated means of crippling a range of computers for an extended period of time. If the Internet succeeds (a big if in the current downturn), more transactions will be done online, so an extended DDOS attack could cripple major amounts of business (who says that war is merely conducted by governments). Think about it...

Re:Bullying.

[cREW+oNE]

And besides - DDOSing Mickeysoft would mean the feds are on your doorstep in about 20 seconds, and you'd face a lawsuit of millions of dollars. Wheras you can get away with DDOSing some IRC network.

EFnet - Chanserv

[IdentityCrisis]

For all those who are whining that efnet should get a chanserv, and that'll solve it all:
Well, in my opinion the real beuty of efnet is the anarchy
But just think about implementing a nickserv/chanserv right now on efnet, think about the disputes..
Who really owns #shells and #warez or nicks like bill and joe?
That'll cause more DoS because of kiddies wanting their nick/chan back.

well, efnet opers has setup a voting service and have voted for the latest proposal about "op fix" which is mainly a system who will let the old ops regain op when the channel is opless, more here.

Which in my opinion is a great solution to the problem (or so it seems) yet efnet being the natural home for the script kiddies kind, I'm not sure that'll stop the DDoS attacks.

Humor me will you?

[irc(addict)]

Have you even been on irc before? You sure dont sound like it. EFnet is a collection of servers. Notice the s on the end of servers. And, it is also HIGHLY unlikely that the semi official webpage at EFnet.org is even hosted on one of the IRC servers. Please. Humor Me. True, they probably dont really want a slashdot effect right about now, but, its highly unlikely that its connected to the IRC Network.
Call me a troll if you want but Doc here needs a sortin out.

Re:Humor me will you?

[C.+Tengo+Hambre]

Microsoft is bashing sheep now? Those bastards!

Re:and more DOS

[litheum]

You guys... really... the whole idea behind the web is hypertext. Hypertext with hyperlinks. I mean good god, you're going to http://www.efnet.org/index.html or something, and you'll notice that http and html are both acronyms that deal with hypertext. Hypertext with hyperlinks. Like the one that michael or whoever the hell put on the article that he posted. If efnet's servers can't handle the "/. effect" then they should take the fuckin' things offline. That's just how the world wide web works... by one hypertext page linking to another, and it makes no sense to leave out a link because the guy at the other end can't handle it.

And one more thing... if there's anything it's not, it's not poor journalism. Journalism has nothing to do with being considerate to the other guy by not linking to his stupid website. Slashdot is making things easier for it's users by putting in a damn hyperlink, and you can't deal with it.

VERY poor complaint, dude.

The Problem . . .

[bedouin]

I first got on EFNet around 1993, with a VMS account of my sister's from her university and IRC 1.7.3 :) My favorite server at that time I think was irc.pitt.edu, mainly because it was only an hour or so from my house.

Anyway, the biggest problem with EFNet began when people joining from .edu's became the minority, and people from AOL and Netcom became the majority. Not to use ".edu" as an elitist symbol or anything, but when IRC access was limited to academic institutions, it did a good job of filtering out complete morons.

In fact, my university banned IRC from running on it's VMS system. I remember a script kid wanted to take over a channel I was on and DOS'ed the entire campus; that could have one of the reasons.

What bothers me about things like this, is that it could be what marks the end of a "free" Internet. There's no incentive for people to offer services like IRC for free anymore, not when it causes this much trouble.

Uh....

[NDPTAL85]

" It's about having a place where clued people can idle during work/school and talk to other people in similer situations. It's just a place to kick back and shoot the shit occasonally with people who are a notch or two smarter than the average people on irc. The opers generally leave the users alone, and the users generally leave the opers alone, and things are good."

And this is different from Undernet and DALnet in what ways again?

You ACTUALLY believe your own hubris?

[NDPTAL85]

Dalnet is lame because there is no darwinism? So since a bunch of script kiddies with bad attitudes constantly ping-flood and take over channels thats supposed to make Efnet superior? In that kind of environment you supposedly get a higher class of "geek"? A better programmer? Please. What you get is a bunch of little boys with little dicks trying to prove who can "0wn j00" the best. Yeah thats impressive.

Being a predator does not make one good at anything other than being a delinquent. Delinquency is quite juvenile. What makes a good channel is stability and the ability to have a discussion without having to fight off those who consider you lame. Of course everyone thinks they are the perfect judge of ability/character so they must be right when they consider you lame. Those who don't fight to keep a channel on Efnet aren't losers, they just don't feel like playing games when all they wanted to do was chat. If you don't like newbies all you have to do is put them on ignore.

Competition? WTF do you think IRC is a market? Its a place for people to hang out. If you actually think that you are better than someone if you manage a channel then you really need to get a life. Taking a channel from someone doesn't prove anything. Its no different from shouting fire in a movie theatre. It just proves you are very immature and like to point to advanced theories of Darwinism to bolster and validate your own behavior.

So sure EFNet has and will survive these DDOS attacks. So has Undernet and Dalnet. They're all big and they'll all be around for a long time. Whats the difference? Undernet and Dalnet are for folks who appreciate maturity, discussion AND intelligence while Efnet is for those who live their lives like this: "Ohhh! J00 st0l3 my nick! Ima r00t j00!!!!!!"

Yeah thats a lovely product of Darwinism......not.

Someone sounds bitter..........

[NDPTAL85]

So basically some channel you wanted was already registered by someone and the person who registered it didn't get along with you and kick/banned you huh? Awwwww poor baby!

So because of this you are pissed that services exist and rob you of the power of hijacking a channel someone has already setup shop in huh?

Its called life buddy. This is how life works. People are nice to you when you are nice to them and vice versa, and people aren't nice to you when you aren't nice to them. That doesn't give you the right to take over the location where they meet. If you are kick/banned from a channel either deal with it or adjust your attitude so you can get back in (hopefully) someday in the future. And is it SO hard to create #perl1 or something if #perl is already taken? Or do you want that name cause its popular and you want the attention to go to you instead of the current channel owner? Cause if thats the real reason you are just as bad as you say they are.

DoS doesn't mean the end of the world

[hyrdra]

Null routing a server due to DoS is just silly. Even with DDoS, it is very possible to block most all attacks, without costing bandwidth.

Our security policy when we go under a DDoS attack is to analyze the attack by collecting as much information as possible, and then configure router settings at our ISP to block the attack upstream, after it gets off the fat pipe and has less ability to cause network problems.

Most of the time we are dealing with script kiddies, albeit clever, they are no match in technical knowledge and most just click blindly at programs traded on IRC (ironically).

Even if the IP's are spoofed, they can still be filtered out, because the attack patterns of most all automated DDoS software, which uses cable modems and college networks are quite regular.

You should see grc.com for a good method of handeling a DDoS attack. This is what all administrators should do, but too many are trained that DoS is completly impossible and you are at the mercy of the "hackers" and the only thing you can do is run for the big red switch. This just isn't so.

These types of antics will be around for awhile, in all types of networks. There will be people who attack because someone banned them from IRC, people who do it because they're taking their personal problems out on the world, etc. The list goes on. If services, especially public, continue to wash their hands we will only see some great communities lost when a very good solution is always very easy to come by.

Most ISPs will work with users who are under DoS quite well. Remember, this is there network which is under attack too.

Re:DoS doesn't mean the end of the world

[hyrdra]

Large ISPs have a lot more bandwidth than a few gigabytes. And as I mentioned, DoS has a lot to do with your ISP.

Of the several "ISPs" who were hosting servers, none actually owned the wire. This is because you are using the term ISP as Internet Service Provider, which can mean anything. Slashdot provides a service on the Internet, so they could also be considerd an ISP. However, the ISPs I am talking about provide bandwidth services and have actual public networks which are either national or global.

In affect, those hosting IRC have purchased services from a real telecommunications ISPs who operate public networks.

SolidStreaming is not an ISP, and in fact a traceroute shows they are using Globix.net as their hosting provider.

irc.emory.edu is obviously not an ISP, and they obviously lease a line from a company who could easily employ filtering at the router.

Even in the case a very large ISP would come under attack, it would be trivial to configure router interfaces to other connecting networks (both at these networks and at the ISP) in a similar way to block DoS. You only pay for bandwidth if you receive it, and if you ask a network to block certain types of packets, you will have eliminated your problem.

But perhaps the best method so far is good egress filtering at all network levels, especially in the cable and DSL networks who are often the target of DoS trojans and hacks. This would eliminate spoofed IP's and provide further protection from methods DoS attacks often use.

Please, do your homework (this doesn't count your MSCE study guide) before calling someone stupid.

Re:and more DOS

[evilninja]

Yes, I quite agree. It would have been much better journalism to grant EFNet special concessions since you like them.

Let's take some load off of that EFNet webserver.

[Scoria]

Fresh mirror here!

Everything but the documents and one unimportant image snagged.

"Eris Free Network"

[KupekKupoppo]

For those of you who didn't know, EFNet stands for Eris Free Network. Eris, of course, is the Greek goddess of Discord. Call me wacky, but EFNet doesn't seem to be that free of discord. From the EFNet news page (from memory since it's now Slashdotted): "You heard it here first. Don't shit where you sleep. You know who you are."

This was inevitable

[elgee]

Once the Internet became available to the unwashed masses. I got on the Arpanet in 1984 and it was a damn friendly, helpful, and great place.

Take this as a warning. The entire infrastructure of the Internet is at risk. Turn off your computer and go outside and play.

My trashbin could easily hold all my computers. How tempting!

Mirror of the website?

[freeweed]

Just so's y'all know, www.efnet.net seems to be up and un-slashdotted just fine.

Re:and more DOS

[Dr.+Prakash+Kothari]

It's a good joke, but in all reality, I think it was quite irresponsible of michael to link to a server that is CURRENTLY experiencing a debilitating DoS attack. While it's good that Slashdot is trying to make people aware of the situation, i find it to be in VERY poor taste that Slashdot should add to EFNet's trouble by directing a few thousand Slashbots to their belagured site.

Now, not only does EFNet have to deal with irresponsible skrip7 kiddi3s, but they're taking the full brunt of the Slashdot effect as well.

VERY poor journalism, guys.

news page already ./ed

[thopo]

it took me 5 minutes to get on there. take some load off their shoulders and read it here instead:

madmax @ 2001/07/11 21.16 irc.ins.net.uk / dianora
Just incase the rumours are true and somebody's attacked all the servers dianora opers on, can I point out that Diane hasnt been opered on irc.ins.net.uk for about a week... If you're going to DOS servers because you dont like their opers, at least /stats o first ;P

hardy @ 2001/07/11 16.05 ircd.solidstreaming.net / irc.solidstreaming.net
SolidStreaming's irc client and hub servers have been null routed at the moment due to a massive core router flood. Currently, there is no ETA for return.

madmax @ 2001/07/11 12.44 irc.ins.net.uk / irc.hub.uk
C&W INS has been under such a large attack that they have now null routed the irc servers. We do not know at this stage if or when they'll be returning.

madmax @ 2001/07/11 09.31 Efnet's broken
You heard it here first. To those concerned, quit with the attacks, learn not to shit where you sleep. You know who you are.

madmax @ 2001/07/11 09.25 irc.lightning.net
Lightning is disconnecting from efnet for the immediate future due to DOS attacks. They will look at the situation again as soon as possible and hopefully make a comeback.

hardy @ 2001/07/10 21.49 irc.emory.edu
irc.emory.edu has officially de-linked from EFNet as of today due to excessive Denial of Service Attacks for unknown (but most likely IRC-Related) reasons. It's a great loss for the EFNet community as Emory University's IRC server has for 5 years been a very stable, reliable, and open one. We would like to thank the irc.emory.edu staff for their time and dedication to EFNet, you will be missed.

Re:news page already ./ed

[dabulldog]

My personal opinion is that people should stop trying to jump on the bandwaggon of accusation. Get your facts right, and stop trying to 'add your three pence worth' for the sake of it, its not big, its not clever, and it certainly does not help. The real problem were the people who were wasting time, money and putting into question "why should we bother running irc servers?" by packeting. dbd.

Kiddies grow up: more kiddies appear

[dragonsister]

I'm most moved by this poster's comments on the effects of network attacks on depression support groups. Normally lots of people would be annoyed and inconvenienced - some people counting on the system to transmit or recieve important information - but this is a special case; I have just enough experience with depression to know how being deprived of a solace can hurt.

Once those kids grow up, they will learn - most of them. It's part of growing up, really - learning to keep minor set-backs in proportion, rather than making life hell for everyone else; learning to consider others. Learning what the effects of their actions actually are. There are unpleasant and irresponsible adults out there, of course - but a lower proportion of them than of kids. Not knowing the consequences of your own actions is almost part of the definition of childhood, isn't it?

The problem is - when today's kids have grown up and absorbed adult attitudes, there will be a fresh supply of youngsters causing trouble. The individuals involved will change; the tendency to casual maliciousness will not. Even the nicest of people occasionally feels angry or hurt and wants to lash out - whether or not they actually do it.

Well, wherever casual maliciousness is an option, some hurt, angry, or immature adult or some ignorant child is going to cause trouble - sometime, somewhere. The easier it is to be nasty ... no, it's not nice, but as far as I can tell it's very human. Niceness is learned.

So what do we do? I'm not one for regulations, or blame; I can't see that it would help here. I think the best thing we can do is make it harder to inflict damage, easier to defend against it; naturally there's a limit to how far one should go before it isn't worth worrying any more, but it's clear that we aren't there yet. The article at grc.com on DDOS attacks gives some thoughts on this ...

I'm not so keen on bashing Microsoft, but it sounds like there's a lot they can do that would improve things. That being recognised, it seems to me almost criminal that they don't!

We're little folk. Keep an eye out, folks, for the places you can help; in internet security and elsewhere.

Rachel

Re:and more DOS

[mcarp]

Yes I felt the same way. I considered myself posting about efnet's troubles, however, I regret that the efnet home page was linked in the article. I knew that if I were to post an artical here, that I would not link the page and would suggest that people do not go there. They already have troubles and /.ing cant help. If anyone can resist, I recommend not going to efnet's web page as it is already flailing in agony. I'm currently in and out of gblx east and lightning and well, its probably about time to just quit trying for a while. Maybe if we help reduce traffic they can recover from...something...

I thought...

[tuxloveslinux]

I was trying to connect to EFNet yesterday, and It wouldn't let me. I thought that they didn't like me!
------
#!/usr/bin/perl -w

Re:and more DOS

[BlueTT]

I agree - a DOS attack more effective than being /.'ed?!?!

They really don't understand.

[bsquizzato]

I wonder if the people packeting actually understand that what they're doing hurts buisnesses, sucks up money, and wastes time (on the ISP's part). It's more than the IRC'ers being temporarily restricted from chatting.

and more DOS

[manifested2]

Poor EFnet, first the IRC DOS attack... ...now their www server getting the slashdot effect...

Re:and more DOS

[moncyb]

Being /.ed is a DoS attack! ;)

Re:and more DOS

[kvx]

If EFnet didn't want you going to their page, they woudln't be using it to post news about their network and the DoS attacks. Last night, nearly every server was hit at one time or another and the page stayed up. As for EFnet, the servers that seemed to have been hit the hardest were ins (Cable & Wireless INS, UK), solidstreaming, and lightning. And at this hour, it seems to be pretty much back up, though solidstreaming is still down. By the way, I submitted this much earlier in the day and it was promptly rejected.

In praise of smaller nets.

[banshee2000]

I was on DALnetsux for 5 yrs. I joined when there were only about a dozen channels and less than 500 users (Oct.95). I started a channel and kept it going successfully for 5 yrs. When running a channel you often have to deal with ego's and power trippers. We had our fair share of that for sure. We ran a family channel and thus our policies were a little bit stricter than most channels but all-in-all, most ppl agreed with the policies and it was stable.

A former disgruntled channelop sucked up to one of DALnetsux's admins and was given the channel password so we lost the channel. Since then it has been reduced to a smut channel at best. Myself and a lot of the original users moved on and now we have our own little network where we (and any user) KNOWS that if they want to have a family channel (or any other kind of channel), they can do so and feel secure knowing that no oper or admin will take it away from them.

IRC is a community and always has been. There are enough networks out there now that ppl can pick and choose one to their own liking. As you said: [you] now run a server on a small network with just some friends on it. That's what IRC is coming to, much to the dismay of the larger and more corrupt networks. While a lot of people start out on larger networks, I would dare to say that a good percentage of them eventually move on to smaller and more user-friendly nets. Change can be a good thing :).

Oi oi!

[Purple_Walrus]

EFNet was so groovy! I never used it often but it was much more fun than DALNet. Also seeing how they are a very old network, it is sad to see them go!
---

So DONT slashdot it

[Air-Op]

If they are being DOS attacked... don't hit em with a slashdot! Please remove links to the site from the slashdot home page... just cause when I clicked on it (I click a huge number of slashdot articles) It didn't come up! We are going to add to the problem.

Re:More of the same really

[q-soe]

i was going to flame you or go to your site and make comment on your address book but then i thought why bother as you are obviously socially retarded anyway and probably couldn't spell any of the complicated big words i could use.

Oh and PS im not black but i can guess what colour your neck is

Re:More of the same really [f/o]

[q-soe]

for those who seem to have a short attention span and think that everyone else in the world must be inferior because they are not the same i post the follwing point.

I am WHITE morons, WHITE as in anglo saxon and male. Surprise surfucking prize not everyone who cant stand white power fuckwits and racists motherfuckers is black or asian - most of this world holds what you do as one step lower than dogshit.

And as for the theory that if im white im part of the problem - thats almost as offensive as the nazi fucks.

In closing.

Bite me - and have the guts to use a name when you attack someone else's morals and personal convictions - Anonymous Coward is about right for you lot.

More of the same really

[q-soe]

I read this with sadness but very little surprise. I used to be a EFNET user but left in disgust after the channell takeovers by the l33t kiddies and haxors got to the point where it was no longer worth it.

I moved to Austnet (as im an aussie) and all was fine but in the end i bailed from there - as an op and channell owner i spent the last 5 months of my online life in constant flame battles and fights to prevent channel takeovers.

We had numerous DOS attacks and hack attempts which succeeded in downing our service on more than one occasion and wiping out host servers, not to mention mail bombing attacks on channell mailboxes and racist bullshit on broadcasts (yes you white power fuckers know who you are).

I checked the other night when i was rebuilding my PC at home to find the logs of my last session - 2 hours online and over 100 bans - so i just hung up my gunbelt and keyboard and decided it was not worth it.

Im sorry to see this happen - IRC used to be a great place to go with intelligent talk and good fun, now all it is is lame losers and 'i owns joo' crap in many cases. Another piece of web history gone