Slashdot Mirror
EFNet on the Rocks Again
Dragonsbane writes: "Things just keep getting better and better on EFNet. Already down to 30-something servers, the network has been hit with a huge denial of service attack, one which seems to have targeted the major hubs and open servers on the network. Information regarding the losses (six servers have been shut down in two days, one of which will not be returning) can be found at the network's news page. Having used EFNet for the last 5 years, I held on for dear life during the last bumpy ride, but I find myself wondering if the oldest IRC network can pull out of this type of situation a second time?"
I think you're missunderstanding the point of the EEF...
ReadThe ReflectionEngine, a cyberpunk style n
I never did anything to harm an IRC server. Nobody did. #warez learned to fear my army of clonebots, and in fact clonebots were the only thing I ever did that upset IRCops.
You "never did anything to harm an IRC server", yet you had an "army of clonebots?" Were these magical clonebots? You know, the kind that can connect to the network without using up connections that would have otherwise been used by legitimate clients? Were they the kind of clonebots that could send nickfloods and tsunamis to #warez directly, without interacting with (or consuming the resources of) the servers?
IMHO, the DDoSers of today are the clonebotters of 6 years ago. The technology is different, but the mentality is the same. 6 years ago, people didn't have the big, fat network pipes that they've got today, and there weren't as many fools running networked, compromised boxes 24/7. 6 years ago, the DDoS attacks of today weren't technically possible. If they were possible, they would have been used.
You sound like you've outgrown the phase, which is good, but I suspect that if you were six years younger, you would be right alongside of the group that is responsible for this.
We're going down, in a spiral to the ground
A clonebot uses no more resources than a single legitimate client.
Legitimate clients don't change their nicks ten times a second, nor do they use TextBox/PhoEniX-style tsunamis (large amounts of text) against users and channels. Unless your clonebots joined the target channel and said "hehehe" and "LOL" every ten seconds or so, I think it's a safe assumption that they used well more than their fair share of resources. I can certainly say that in my years as an oper, I never encountered such benign clonebots.
I disagree strongly. They were more difficult, available to a smaller group of people.
Well, certainly the ability to do a distributed flood existed, but nowhere near to the extent that it exists today. The IRC "floodnets" that were the precursor to the modern DDoS didn't appear until a few years later. The modern DDoS would be an impossibility were it not for the large number of unprotected cable modem/DSL users and wide-open corporate networks, most of which didn't exist at that time.
We're going down, in a spiral to the ground
My favorite IRC server is gone for good cause of these little f*ckers... who can I strangle now?
*sigh* And again, what's the purpose of this? We lose something in exchange for nothing. We should pursue these people more agressively, since we're really losing one of our best communication resources out there... cause I mean, when they're done with IRC, they'll go after whatever else looks ripe... AIM servers, ICQ servers... even Slashdot.
This is a good cause for the EFF to take up... prosecution of these script kiddies. I'll donate to that cause...
Many people still use IRC for many things trading coding tips in C++, developing OS's (#freebsd, #openbsd, etc.), assisting newer users of the OS (#linuxhelp, #freebsdhelp). Many friends also use it as a means to communicate, and it's sad you do have some shitty channels but you shouldn't generalize everyone on IRC as being warez kiddies.
Want Root?
I noticed most of these attacks happening in the summer time which can be attributed to kids being out of school and having too much time on their hands. I've written a paper on stopping DoS attacks which can be found here, which deals with network based (router level), firewall, and kernel tweaks, to minimize a DoS attack.
Some of these idiots should check into a local clinic for psychiatric assistance, and stop ruining things for people who just want to chat.
Want Root?
I usually refrain from posting opinions but I feel on this one I must.
EFNet has been my sole IRC network for years now, its plagued by many things that draw the wrong crowds. However this doesnt make it a bad place, its just not one where you can go telling off some 13 year old that has as they say "500 b0x3n". I dont understand the mentality of attacking a non-profit irc network for any reason.
You lost your channel? So what, go make a new one.
You lost your nick? So what use a deviation.
They wont let you be an oper? So what start your own network.
I mean come on.. this is rediculous.. So what if your upset with efnet, there are so many other alternatives out there that you cant begin to list them. Use one of them.
As far as the attack that efnet is facing, its not just the DDoS, its also the attack of its users. Just like this post on slashdot about efnet... "but I find myself wondering if the oldest IRC network can pull out of this type of situation a second time?" If youve used a network for 5 plus years, and its been through this before, then odds are it will make it though it again, dont show a lack of faith or support like that. You are giving this kids or immature adults exactly what they want. The truth is this, we are giving them exactly what they want, thus they wont quit. If we quit complaining, then what they are doing isnt working any more, or they are not going to get their desired results, thus they will probably quit attacking efnet.
One of the most redundant things you will see on the efnet.org forums is the posts regarding the problems efnet is facing where people are whining and complaining about not being able to get on efnet. Instead of that, shut up and move on. So what if you cant get on efnet for a few days, its not like theres not 100 other irc networks that you can use until EFNet gets back up, heck have your buddy on a cable modem load up ircd to support your friends until efnet is back online.
In short, stop making a big deal out of it. In the end your forgetting the people who are really suffering and whining about stuff that dont matter, imagine how much these attacks are costing the hosts of the servers we love, they are doing this for free, and paying out the rear end to keep this thing going. Thats where we come to the poing of loosing efnet, is when it hits the sponsors (servers) in the pocket.
Regards,
Ret
Regards, Ryan McAdams
To get ops. Timestamping makes this more difficult, it does not make this impossible. Consider the case where everyone in the channel is disconnected because their server is flooded off. Now that there are no ops, you can get ops on a split. And of course, you can cause a split by flooding one or more servers. As a bonus, you get to steal the nicks of your enemies.
How is that? When IRC wars moved out of IRC, I stopped. More than that, I vowed to never fight again. I have let the channel I hung out in for 8 years be taken over for months, because I refused to engage in any IRC wars.
Pingflooding had been considered lame for a long time. It hurts noncombatants. It hurts combatants in ways unrelated to IRC. It is unfair to those who have less bandwidth. It creates wars that escalate only through use of more bandwidth, which means hacking hundreds or thousands of machines. Then a new crowd moved in (along with Windows, WSIRC, and mIRC) that didn't see a problem with it. The collective morality changed. It wasn't individuals who's morality changed, it was a new group of people who did not have any respect for anything.
I never did anything to harm an IRC server. Nobody did. #warez learned to fear my army of clonebots, and in fact clonebots were the only thing I ever did that upset IRCops.
Now, people don't care about IRC when they are involved in their IRC wars. Just like using nuclear/biological/chemical weapons in real-life wars, DoS attacks against servers harm innocent noncombatants. This is unconscionable.
DoS attacks against servers is destroying, and will ultimately destroy, EFNet. These people surely know this. They just don't care.
I have never been so disgusted with mankind.
1) Mandate that ISPs filter outgoing traffic from outside their address range. A lot of these attacks won't work or won't work as well due to address forgeries.
1a) Hold ISPs responsible for damages stemming from attacks originating from inside their IP ranges. Allow them to recoup those costs from the users whose hosts are involved in the attack.
A lot of people are gearing up to flame at this point going "But but but you can't hold a user responsible for the security of his machine!" Bullshit. If you want to connect to a public network, you should damn well make sure your system is secure. And security would improve, because someone's money would be directly involved and therefore law enforcement would be much more inclined to pay attention.
2) Give a government organization draconian powers over the net and passwords to all the routers irrespective of what company owns them. "Oh... That DOS is originating from foo.net. Lets just turn down their router until they sort it out." That'd damn well get attention real fast.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
It's not the slashdotting (well, it probably is now) its that everyone on irc has been trying to get an update since yesterday.
You can read the news at this mirror too:
http://www.phule.net/mirrors/efnet-news.html
- JoeShmoe
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
I don't think that the users and admins of EFNet would like the thought of having the government actually being part of their network.
Um, if you don't think the government is already on EFNet (actually, any IRC networks) then you are living in a fairy tale. Think back to the mafiaboy fiasco...he bragged in an irc channel and the next day he was arrested.
Not to mention all the undercover cops in channels like #dadanddaughtersex hoping to catch some kiddie porners.
Since the government can get their hands on any information with a sealed subpoena there is no more or less protection than just everyone using a server like irc.fbi.gov!
The whole EFNet piract scene is a few thousand people at best. There are far larger targets (although they have gone after FTP sites, which in a sense could count as an IRC bust since most siteops are on IRC).
Regarding proof, they don't need prove to make an arrest. That's what a trial is for. Kevin Mitnick was arrested because companies like Sun claimed his copying of source code cost them millions. This was enough to make him guilty of grand-theft computer and get him arrested, even if Sun couldn't prove a single cent of damages resulting from the download. It was just a theory but that's all that matters for an arrest.
I admit that a bunch of WAREZ DOODS don't make a very sympathetic victim, but think about the major ISPs like @Home, C&W, Mindspring, etc that are subjected to constant attacks. If just one of these companies would grow a pair of balls and try to get enforcement instead of pulling the plug then it would send a message.
After mafiaboy I sincerely doubt that anyone would try a major attack against our precious, precious e-commerce sites. So if the same kind of example was made of one of these script kiddies then maybe the rest would think about whether taking that channel was worth years in jail.
- JoeShmoe
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
This is a crime. Where is law enforcement?
No monetary losses? How about bandwidth cost? How about admin time to repair/fix hacked IRC servers?
What I fail to understand is how some Canadian teen ping floods Yahoo! and has the entire wrath of the FBI, NSA, CIA, DIA and Canadian Monties on his ass...meanwhile EFNet servers are subjected to coordinated 3Gbps attacks and the only solutions seems to be give up?
What the hell kind of logic is that? Okay, give up because it is easier. If you ask me, every EFNet server should lodge a formal complain, claiming $10million in monetary losses. If we learned anything from Mitnick, it's that companies can claim any bogus amount of losses and get results.
Or maybe the FBI/CIA should just host an EFNet server themselves. We all know they are caching the whole damn thing anyway to run through Echelon. If EFNet goes down then were are news organizations going to go for their pithy quotes?
- JoeShmoe
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
First a DOS on their irc network, now a slashdot on their web server....
We should ALL send out our support though LOADS of email to let me know we care... err wait
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
I run a chat for people with depression and similar disorders.
We find great comfort in chatting with eachother and are happy that the various IRC-networks gives us this upportunity.
But when this kind of childish behavior sets in, it's not just the various networkoperators and sponsors who pays.
There are real people behind all those nicks. People who have come to depend on it. And suddenly find themselves alone, again. Alone to deal with their pain.
Once we have relocated to yet a new network, next step is at get contact to all the users. Mostly impossible, few trust others to get close enough to give out personal datas (like email).
Third step is to get people to change their client. Almost as impossible, many of the users aren't your run-of-the-mill powerusers.
Bottom line is that every time this pre-teen-kidz feel an urge to show off their l337-status, *real* people with *real* life and *real* problem.
But those script-kiddies doesn't care, to them we are just faceless nicks.
My wish is, that once those kids grow up they will learn of the harm they had done. Know that when they trashed a network, someone was left alone... crying in the dark...
... and know *they* are to blame for nonexistance of IRC and free chats.
Bjarne
Believe it or not, EFnet would vastly improve its situation with more open servers. Having to spend a considerable amount of time searching for a server that will let you connect is VERY annoying. I have spoken with a number of other people who agree with me on this. People don't want to have to do this, and I find it impossible to blame them.
Like it or not, EFnet is pissing off its user base. Not that this warrants DDoS attacks, but the basic principle is that if you treat your users well, they'll treat you well. Likewise, if you piss them off, they're not going to be so likely to be friendly towards you.
---
DOOR!!
I pledge allegiance to the flag...
of the Corporate States of America...
that I could lay my hands on that 13 yr old freak whos behind this. To hell with Non-violence, I would bash his head open.
These idiots would never stop, until someone hit them with a baseball bat over their head. And its time someone did.
Rapid Nirvana
The root DNS servers at [a-l].root-servers.net are just as vulnerable to this stuff.
It will take a number of the following measures to limit and reduce the number of attacks EFNet faces.
:P
Hostmask mirroringthat would at the irc server level protect you from hostile users out there, making it virtually impossible for them to gain your IP address via IRC.
Nickserv/Chanserv allows you to reserve your own nickname and reserve your own channels for personal use.
Invisible hub servers, these invisble hubs means it is possible for one or two servers to be taken down but it will be individual servers on instead of entire branches
By implementing these features you will see the irc wars lessen and eventually die out for the most part. The nick and channel services would protect the channels reguardless of the warbots and denial of service attacks. The masked ip's would mean you could not attack other users of the network unless they did something stupid like accept a dcc connection. EFNet may have the invisible hubs already however the rest of the possible solutions they do not have and seriously need to consider.
--
When I'm good I'm very good, when I'm bad I'm better, But when I'm evil you better run
"GET / HTTP/1.0" 200 51230 "-" "Mozilla/4.0 (compatible; Setec Astronomy)"
What is the point of attacking an IRC network with a DOS attack anyway?
It's not going to give you ops, your not going to achieve anything besides slowing down the network.
I have to wonder what the script kiddies problem is with EFNET, what's their beef with them? I'd like to see that posted here, or are they just doing it because they can.
I've seen some severs disappear off efnet and go private or join other networks too. People don't want to be associated with the unstable network, and they can't pay the bandwidth bills of a DOS atack. Remember, DOS sends a whole lot of information, which translates to bandwidth, which on servers, costs a pretty penny. And unless you own a telecom, that's money that your never going to see.
Whoever is doing this, just quit it. Attacking an IRC network (Which is free for people to connect to and use by the way) is just lame and stupid.
[Something witty and intelligent should have appeared here.]
[Something witty and intelligent should have appeared here.]
{Traicovn}
"Seriously though, why on earth would anybody want to run an IRC server on a major network? Is it for the money, or is it just for the women?"
Hey, don't knock "for the women"... I knew of a guy who was the SysOp of one of the largest BBSes in Phoenix, something like 50 lines when it finally just ended, and he used his "cool bbs" routine to get laid...
Of course, I've got to wonder about the girls who'd screw a guy whose claim to fame is a computer with a lot of modems plugged into it (or even an array of them)
IBM had PL/1, with syntax worse than JOSS,
IBM had PL/1, with syntax worse than JOSS,
And everywhere the language went, it was a total loss...
Why do schoolyard bullies put a nerd's head in the toilet? They don't get anything for it. It doesn't make them any money, it can't improve their lot in life, it teaches them nothing so it's not even a learning experience.
Frankly, they do it because they ENJOY DOING IT. They get a cruel (I would say sick but sick is a hard word to apply to something practised by the vast majority of the human race), a cruel thrill off of beating up someone weaker than they. And then the tortured nerd goes home. And then he either torments pets, or he goes on the net and DDoS's some perfectly cool site. Because he has learned to be a bully, by example and by reaction to his own treatment.
Why not DDoS Microshaft or whatever, while he's at it? Because he does not have any sort of economic or political goal for this attack. He's not doing it for that reason. He's doing it to piss off as MANY people as possible. DDoS'ing Microsoft pleases too many people, so he could care less about doing it. What better way to piss off a whole bunch of netters than attacking their community where it hurts?
-Kasreyn
Kasreyn: Cheerfully playing the part of Devil's Advocate to hairtrigger
You guys... really... the whole idea behind the web is hypertext. Hypertext with hyperlinks. I mean good god, you're going to http://www.efnet.org/index.html or something, and you'll notice that http and html are both acronyms that deal with hypertext. Hypertext with hyperlinks. Like the one that michael or whoever the hell put on the article that he posted. If efnet's servers can't handle the "/. effect" then they should take the fuckin' things offline. That's just how the world wide web works... by one hypertext page linking to another, and it makes no sense to leave out a link because the guy at the other end can't handle it.
And one more thing... if there's anything it's not, it's not poor journalism. Journalism has nothing to do with being considerate to the other guy by not linking to his stupid website. Slashdot is making things easier for it's users by putting in a damn hyperlink, and you can't deal with it.
VERY poor complaint, dude.
it took me 5 minutes to get on there. take some load off their shoulders and read it here instead:
/stats o first ;P
madmax @ 2001/07/11 21.16 irc.ins.net.uk / dianora
Just incase the rumours are true and somebody's attacked all the servers dianora opers on, can I point out that Diane hasnt been opered on irc.ins.net.uk for about a week... If you're going to DOS servers because you dont like their opers, at least
hardy @ 2001/07/11 16.05 ircd.solidstreaming.net / irc.solidstreaming.net
SolidStreaming's irc client and hub servers have been null routed at the moment due to a massive core router flood. Currently, there is no ETA for return.
madmax @ 2001/07/11 12.44 irc.ins.net.uk / irc.hub.uk
C&W INS has been under such a large attack that they have now null routed the irc servers. We do not know at this stage if or when they'll be returning.
madmax @ 2001/07/11 09.31 Efnet's broken
You heard it here first. To those concerned, quit with the attacks, learn not to shit where you sleep. You know who you are.
madmax @ 2001/07/11 09.25 irc.lightning.net
Lightning is disconnecting from efnet for the immediate future due to DOS attacks. They will look at the situation again as soon as possible and hopefully make a comeback.
hardy @ 2001/07/10 21.49 irc.emory.edu
irc.emory.edu has officially de-linked from EFNet as of today due to excessive Denial of Service Attacks for unknown (but most likely IRC-Related) reasons. It's a great loss for the EFNet community as Emory University's IRC server has for 5 years been a very stable, reliable, and open one. We would like to thank the irc.emory.edu staff for their time and dedication to EFNet, you will be missed.
keep it simple.
Poor EFnet, first the IRC DOS attack... ...now their www server getting the slashdot effect...
I read this with sadness but very little surprise. I used to be a EFNET user but left in disgust after the channell takeovers by the l33t kiddies and haxors got to the point where it was no longer worth it.
I moved to Austnet (as im an aussie) and all was fine but in the end i bailed from there - as an op and channell owner i spent the last 5 months of my online life in constant flame battles and fights to prevent channel takeovers.
We had numerous DOS attacks and hack attempts which succeeded in downing our service on more than one occasion and wiping out host servers, not to mention mail bombing attacks on channell mailboxes and racist bullshit on broadcasts (yes you white power fuckers know who you are).
I checked the other night when i was rebuilding my PC at home to find the logs of my last session - 2 hours online and over 100 bans - so i just hung up my gunbelt and keyboard and decided it was not worth it.
Im sorry to see this happen - IRC used to be a great place to go with intelligent talk and good fun, now all it is is lame losers and 'i owns joo' crap in many cases. Another piece of web history gone
I refuse to argue with Anonymous Cowards - if you want a discussion get an account....