I agree - I run an IRC server, and if I found it to be the target of DoS, no matter how severe, I would take several steps.
Try and isolate the source of the attack - if this is dDos then it's gonna be near impossible, but if it's some freak smurfing off a class C, deny the class C at router level.
The answer proposed by IRCnet - shut the server down, and make my cause known. I am paying for this bandwidth, or at least my ISP is. If somebody wants to abuse it by sending me 10 gigs of ICMP, then well, they can shove it. I know it's like punishing the masses for the acts of a few, but shit happens. This will draw attention to the cause.
If the DoS then continued, I would begin to consider writing an entirely new IRC protocol. It could still employ RFC 1459 to some extent, but a lot of the sensitive information (IP's, hub routes) would be masked from potential flooders. I recognise that this is security through obscurity, but considering the IQ of your average script kiddie is equivalent to that of a cabbage, it could well work.
The trouble is, even if you were to set up a server which would delegate a connection to you, to, say, a local server, then that initial server will be attacked. This is pretty much an inherant flaw within IPv4, but given the status quo, there is not much that can be done.
Bandwidth does not come free, and script kiddies realise this.
The people who are DoS'ing the servers aren't going to be deterred by the servers rejecting connections; if anything it will strengthen their resolve to continue to cause chaos amongst IRCnet as a whole.
Although I have little experience with IRCnet, I can relate with my times on EFnet and Undernet, where groups of kiddies are all to willing to fire up their TFN's and take out a hub or two, causing splits across the whole networks. These splits are just so annoying when you're on IRC, and I agree that anything that can be done to prevent the DoS should be done. While I reckon this stance is a good idea to draw attention to the cause, I can't see that it's going to help prevent the DoS in any way whatsoever.
IRC servers are such easy targets.... with such noticable effects in the form of splits - almost enough to make a script kiddie climax in fact. EFnet has started to employ ways to make it harder - hiding IP's from C: and N: lines, but anyone with a bit of knowledge or skill can find these out.
Maybe it's time to accept that IRC is a medium which will always be plagued by these lamers who get kicks from causing havoc. I doubt it will stop, there are just SO many, and the only way to prevent this sort of thing happening, IMHO, is to either employ high level firewalling techniques, or get to the root of who is causing the problems.
Slashdot Mirror
Don't remarq currently have those keen.com adverts appended to their posts? Got questions? Get answers... type of thing..
:/
personally I don't have time to be reading usenet anyway, so when I do I use remarq
that'll be sol.exe then -in a very pedantic and bored mood
Who the fuck cares, the show is a pile of crap anyway.
:/
It'd be a relief if the Yanks would take it back, and give Chris Tarrant US citizenship
If the DoS then continued, I would begin to consider writing an entirely new IRC protocol. It could still employ RFC 1459 to some extent, but a lot of the sensitive information (IP's, hub routes) would be masked from potential flooders. I recognise that this is security through obscurity, but considering the IQ of your average script kiddie is equivalent to that of a cabbage, it could well work.
The trouble is, even if you were to set up a server which would delegate a connection to you, to, say, a local server, then that initial server will be attacked. This is pretty much an inherant flaw within IPv4, but given the status quo, there is not much that can be done.
Bandwidth does not come free, and script kiddies realise this.
The people who are DoS'ing the servers aren't going to be deterred by the servers rejecting connections; if anything it will strengthen their resolve to continue to cause chaos amongst IRCnet as a whole.
Although I have little experience with IRCnet, I can relate with my times on EFnet and Undernet, where groups of kiddies are all to willing to fire up their TFN's and take out a hub or two, causing splits across the whole networks. These splits are just so annoying when you're on IRC, and I agree that anything that can be done to prevent the DoS should be done. While I reckon this stance is a good idea to draw attention to the cause, I can't see that it's going to help prevent the DoS in any way whatsoever.
IRC servers are such easy targets.... with such noticable effects in the form of splits - almost enough to make a script kiddie climax in fact. EFnet has started to employ ways to make it harder - hiding IP's from C: and N: lines, but anyone with a bit of knowledge or skill can find these out.
Maybe it's time to accept that IRC is a medium which will always be plagued by these lamers who get kicks from causing havoc. I doubt it will stop, there are just SO many, and the only way to prevent this sort of thing happening, IMHO, is to either employ high level firewalling techniques, or get to the root of who is causing the problems.
Not sure either is particularly feasible.
steve