Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Undernet (and all of IRC) Faces Extinction

By Undernet Admin in Internet
Tue Jan 09, 2001 at 01:16:49 AM EST
Tags: Internet (all tags)
Internet

It's not news that the major IRC networks are in trouble. Agreeing to host an IRC server is like an ISP putting a big "DoS ME!" sign on their website. Yet many still host servers, not because they are revenue-generating, but because they want to contribute to the Internet community. IRC is one of the oldest ways for the community to gather and discuss what's important (what's more important to 14-year-old boys than porn?), but it's in trouble. The big ISPs are tired of putting up with the constant abuse and bad press associated with hosting an IRC server, and the small ISPs simply can't afford it.


So what is there to be done? Is there any way for the IRC networks to be saved? Undernet has been hit hard for the past 5 days, and there is no sign of it ending anytime soon. The kiddies behind it apparently won't be satisfied until Undernet is wiped off the face of the earth. The ISP that hosts the channel services bots X and W, and the operator service Uworld, has taken them offline indefinitely, yet it's still getting hit. Most of the servers have been attacked at some point or another in the past few days, even the relatively unimportant client servers that hold no strategic value for DDoS'ers.

The same thing happens to EFnet on an ongoing basis. They've lost many of their best servers because of DoS (notably @home's server), and nobody is crazy enough to volunteer to pick up the slack. Hosting an IRC server is like throwing your money into a bottomless pit, even without the script kiddies helping you heave it down, but when they lend a hand, it's merciless. And the saddest part is that nobody really cares. Lots of people hang out on the IRC networks, over 150,000 each day on Undernet alone, but when this sort of thing is reported, they just say, "Well, what do you expect? It's only IRC." If this happened to ICQ or AIM, users would be furious. And you can bet the backbone providers and the law enforcement agencies would be concerned too, but with IRC, they don't do anything. We're on our own, and we're running out of ideas and time before the kiddies get their way and all the IRC networks have gone the way of the dinosaur.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Also by Undernet Admin


Display: Sort:
Undernet (and all of IRC) Faces Extinction | 57 comments (51 topical, 6 editorial, 0 hidden)
For real? (3.20 / 5) (#1)
by sugarman on Mon Jan 08, 2001 at 09:30:25 PM EST

Considering slashdot just updated this story, saying the article was ancient, any way of providing some up to date evidence?

--sugarman--
Yeah, for real (4.40 / 5) (#3)
by Undernet Admin on Mon Jan 08, 2001 at 09:35:56 PM EST

If I had any proof, I wouldn't necessarily need k5. :P

No seriously, the news article Slashdot pulled was old, but the story is very much recent. The DoS'ing I refer to is still going on. Coincidentally, it's the same guy responsible for the attacks 4 years ago who was mentioned in the old story, but someone was a little confused. I wish K5 provided a way to edit the story and resubmit, not just rewrite from scratch.



[ Parent ]
Your Username (4.50 / 4) (#5)
by Dacta on Mon Jan 08, 2001 at 09:43:40 PM EST

Are you really an Undernet Admin?

Since you only joined K5 in the last 24 (more likely 12) hours, is there anyway you can prove your qualifications?

I realise that online identity verification is a difficult topic, but just having a username "UnderNet Admin" doesn't neccecarily make it so.



[ Parent ]
My name (4.00 / 2) (#7)
by Undernet Admin on Mon Jan 08, 2001 at 10:06:09 PM EST

Well, yeah, I'm an Undernet Admin. I read k5, but I never had any reason to have an account before (and if I had, it would be with my normal nickname). I have a pretty pathetic net connection, and it's easy for the bad guys to find out my IP. I don't know if there's anyway to prove who I am. You can ask me questions that only an Undernet Admin would know.

[ Parent ]

OK then (4.50 / 2) (#9)
by enterfornone on Mon Jan 08, 2001 at 10:21:30 PM EST

Add the following to the undernet web page:

<!-- I AM Undernet Admin on K5. -->

:)

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]
I am who I am (4.71 / 7) (#12)
by Undernet Admin on Mon Jan 08, 2001 at 10:30:15 PM EST

I got no access to www.undernet.org, but check out www.coder-com.undernet.org. View Page Source, and scroll to the bottom. Good enough?



[ Parent ]
Cool (3.00 / 1) (#16)
by Dacta on Mon Jan 08, 2001 at 11:16:23 PM EST

Okay, I'll vote for the story now!



[ Parent ]
OT sig (4.00 / 1) (#25)
by Gernsback on Tue Jan 09, 2001 at 02:21:14 AM EST

Your sig quote is actually from Arthur C. Clarke.
Matt
[ Parent ]
OT sig (3.00 / 2) (#27)
by tstorm on Tue Jan 09, 2001 at 04:14:55 AM EST

It's actually a reworking of Arthur C. Clarke's statement. Clarke's quote was along the lines of "Any sufficiently advanced technology is indistinguishible from magic." Which has a different meaning from poster's sig.

[ Parent ]
Ummm.... (4.00 / 2) (#30)
by 11223 on Tue Jan 09, 2001 at 09:28:18 AM EST

Given that the contrapositive of a statement is equivalent to the statement, your sig is indeed from Arthur C. Clarke. If you phrase his statement like this:

Any sufficiently advanced technology <-> indistinguishable from magic.

Then the contrapositive is of this form:

Not (indistinguishable from magic) <-> not (sufficiently advanced technology).

Which can be stated as Dacta's sig.

--
The dead hand of Asimov's mass psychology wins every time.
[ Parent ]

Re: Ummmmm (5.00 / 1) (#34)
by F'jord on Tue Jan 09, 2001 at 11:19:36 AM EST

While the contrapostive is an equivelent statement, it would be erroneous to attribute it as a quote of Auther C Clark. A quote is verbatim, and the verbatim was stolen from a /. sig.

[ Parent ]
OK, Ok... (5.00 / 1) (#35)
by 11223 on Tue Jan 09, 2001 at 11:20:29 AM EST

But perhaps just a little credit for Clarke for the sentiment?

--
The dead hand of Asimov's mass psychology wins every time.
[ Parent ]

Actually.... (both wrong!) (4.00 / 1) (#42)
by Dacta on Tue Jan 09, 2001 at 06:15:29 PM EST

Actually, you are both wrong.

I knew about Clarke's statement, of course, which is why I remembered the Slashdot sig (or mis-remembered, as it turns out).

The guy from Slashdot who sig it was actually emailed me about it, and said I had it wrong. His version was something like Any technology indistinguishable from magic is insufficiently advanced.. He thought that magic was something that people used to need wizards to use, and that technology shoudl be accessible to the average user. I can see his point, but I prefer my version.

I guess I should change it to reflect its actually sources, but a full bibliography of it is too long to fit!



[ Parent ]
An interesting note: (5.00 / 1) (#57)
by damion on Sun Jan 14, 2001 at 01:16:47 PM EST

Your version of the sig was used by Emporer Cleon in, I believe, Prelude to Foundation, by Asimov. If not that book, then it was one of the three more recent prequels.

[ Parent ]
it's real (4.66 / 6) (#14)
by Delirium on Mon Jan 08, 2001 at 10:46:05 PM EST

I'm a regular undernet user, and the channel service bots X and W have indeed been absent for the past week or so. I'm not sure what the "ancient news" story was, but I don't recall X/W being offline for any significant period of time in the past so it must have been on some other subject (perhaps an old story about EFNet's problems with DoS attacks).

[ Parent ]
What Does Slashdot Have To Do With Anything? (3.83 / 6) (#23)
by Carnage4Life on Tue Jan 09, 2001 at 01:27:59 AM EST

Considering slashdot just updated this story, saying the article was ancient, any way of providing some up to date evidence?

What does the fact that the article on slashdot contains an error have to do with the veracity of this one?

The fact is that Undernet was recently DoSed as can be seen from the notice on their site, (mirrored here) which was described in vivid detail by one of the Undernet sysadmins in the very Slashdot story you have linked.

[ Parent ]
Why IRC? (3.25 / 4) (#4)
by enterfornone on Mon Jan 08, 2001 at 09:39:41 PM EST

It would seem to me that having any sort of server online 24/7 is inviting some sort of abuse. I would think e-commerce sites, military sites etc. would be far more likely targets. Why would anyone waste their time DoSing an IRC server?

And the saddest part is that nobody really cares. Lots of people hang out on the IRC networks, over 150,000 each day on Undernet alone, but when this sort of thing is reported, they just say, "Well, what do you expect? It's only IRC."

Not sure what you mean by that, but the ISP I work for takes IRC abuse just as seriously as any other.

--
efn 26/m/syd
Will sponsor new accounts for porn.

2 reasons: (4.25 / 4) (#6)
by sugarman on Mon Jan 08, 2001 at 09:46:18 PM EST

Why would anyone waste their time DoSing an IRC server?

From my experience, there's 2 likely reasons:

  • 1. They were a-kicked, kick-banned, /ignored, told to RTFM, etc in one of the channels. Happens lots.
  • 2. Cuz they can. Generally, it's the easiest way to wreak havoc in cyberspace, and that's often enough to prove to their friends that they are an 31eet h4x0r.

    --sugarman--
    [ Parent ]
  • Also (3.50 / 4) (#18)
    by darthaya on Mon Jan 08, 2001 at 11:21:45 PM EST

    Do you think a scriptkiddie would have the guts to wreck down some important websites such as government, e-commerce? The second they do that, FBI(or whoever has the power) will be on their asses, confiscating the last piece of electric device they own, and throw them into jail to live with REAL criminal for a while until they shit their pants.

    I just can't hate scriptkiddies more. A bunch of wussies who have no real intelligence whatsoever.

    LUUUUUUUUUUUSER!

    [ Parent ]

    Script kiddie mentality (3.75 / 4) (#19)
    by J'raxis on Mon Jan 08, 2001 at 11:29:22 PM EST

    If a script kiddie DoSes a webserver, he might affect a million people. But all those people see is "Connecting to www.yahoo.com..." in their status bar for 90 seconds, a timeout, they swear and go away silently.

    If a script kiddie DoSes an IRC server or the people on it, he gets his kicks when he sees 80 people go "Ping Timeout" or "Connection Reset by Peer" and everyone scrambling in confusion in and out of the channel.

    I'm a channel aOp in a DALnet channel called # (the /dev/null of the network so to speak) and we regularly get floodbots -- thirty bots from a dozen different IPs all join-parting and going Beep! Beep! Beep! Beep! Beep! Beep! or whatever, just to disrupt everyone. Some perverse sense of enjoyment out of getting one of the chan ops (usually me) to +i or masskick the place.

    Script kiddies need to be shot. Okay, that was a rant, but... eurkh....

    -- The IRCing Raxis

    [ J’raxis·Com | Liberty in your lifetime ]
    [ Parent ]

    evolution (3.75 / 8) (#15)
    by rebelcool on Mon Jan 08, 2001 at 10:48:11 PM EST

    it was bound to happen eventually. IMO, IRC has been a "bad" place for several years. Though you could find gems of intelligence every once inawhile there, it was full of the idiots who think they are great hackers. the IRC architecture and some obscurities made it quite easily hacked and DoS'd. To really use IRC and protect yourself you had to be a pro at it, and the learning curve was steep.

    The time's come for a replacement to it. Clever programmers should get together, look at the flaws of IRC, and redesign a new system to fix them. This probably isnt the kind of response you were looking for, but sometimes you just have to get rid of the old, and bring in the new to fix problems.

    Stupid kids and computers arent going to be going away anytime soon...

    COG. Build your own community. Free, easy, powerful. Demo site

    How is a protocol supposed to fix DDoS? (5.00 / 2) (#21)
    by Miniluv on Tue Jan 09, 2001 at 12:32:36 AM EST

    There isn't a protocol on earth invulnerable to large quantities of traffic. This isn't a protocol issue as much as one of bandwidth. Undernet and all the others require fairly hefty bandwidth to become leaf nodes, let alone central nodes, but that doesn't prevent people who spend all their time finding machines to turn into zombies.

    "Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'
    [ Parent ]
    What about enforcement? (4.00 / 3) (#26)
    by goonie on Tue Jan 09, 2001 at 02:49:04 AM EST

    I'm aware that it can be difficult, but if a sustained effort was made to track down and prosecute a script kiddy or two it might deter a few others. Laws now exist in many jurisdictions, with quite harsh punishments, why not make use of them?

    [ Parent ]
    What if it were decentralised? (4.00 / 1) (#28)
    by Spinoza on Tue Jan 09, 2001 at 05:23:44 AM EST

    You can't DDoS thousands of machines as easily as a centralised system. Of course, decentralised systems are vulnerable to other problems, such as anyone who has used gnutella will probably have noticed.

    [ Parent ]
    several things can be done (5.00 / 1) (#36)
    by rebelcool on Tue Jan 09, 2001 at 12:00:33 PM EST

    first, for a dos solution look Here (courtesy of that clever steve gibson)

    secondly, a more closed off protocol. It would be unpopular, but one of the problems was the fact you could write scripts, transfer files, easily grab IP addresses and many other things through IRC. It needs to be clamped down. That certainly won't be popular, but it's better than the alternatives. If you want to transfer files, setup a webserver. It's pretty easy nowadays.

    I once wrote a chat server long ago where I addressed many of the fundamental security issues that IRC seemed to have. granted, this was not an IRC server but rather designed for webchat, alot of basic authentications and security still apply. The problem *can* be solved. For every exploit, there is a fix. It may take clever thinking, or clamping down on restrictions, but it certainly can (and should) be done.

    COG. Build your own community. Free, easy, powerful. Demo site
    [ Parent ]

    Missing the point... (3.00 / 3) (#44)
    by Miniluv on Tue Jan 09, 2001 at 11:14:26 PM EST

    Yes, the IRC protocol ought to be updated...and ya know what? NOBODY RUNS the goddamn RFC protocol anymore. No server that I can think of with more than 10 people on it runs a strict RFC compliant server, everybody has made modifications that are mostly undocumented. If you look into your undernet history, this was a large part of the schism that broke undernet off from EFnet.

    That still dodges the question of DDoS, which is one of the most prevalent attacks on IRC. If I'm J. Random Cracker and want chicago.il.us.undernet.org down all you have to do is fill their pipe with traffic. Generating 4.5Mbps of traffic isn't that difficult, and that's the minimum bandwidth to get on Undernet. I don't know the specifics of this attack, but I'm sure the kiddies are doing more than exploiting vulnerabilities in the IRC service itself.

    "Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'
    [ Parent ]

    Re: How is a protocol supposed to fix DDoS? (5.00 / 3) (#40)
    by SEAL on Tue Jan 09, 2001 at 05:14:48 PM EST

    I'll answer some of this for you:

    There isn't a protocol on earth invulnerable to large quantities of traffic.

    While this is true, the biggest problem is in tracking the kidz who launch these attacks. This really boils down to a problem with IP, though -- not the IRC protocol. If measures are taken to improve security and logging, and reduce spoofing, then it will be easier for legal action to be initiated.

    The second part of the problem is a social issue. IRC is designed from the ground up with a power hierarchy in place. The ability to create channels, operator status, ircop status, ... the list goes on. It is human nature for some individuals to want what others have, so they launch attacks... channel takeovers via trickery, bugs, flooding, etc. IRC operators intervene now and then (and are often biased) - and bring on retaliation in the form of DDoS attacks.

    This all brings us back to the fundamental problem: there is no way to guarantee unique identification of someone on the internet. They can change IP addresses, use hacked machines, open proxies, or whatever. I've heard a lot of people mention IPv6, which will probably help reduce the attacks. But as long as there are insecure machines around, you'll still have a problem. The only online services that have somewhat good control over their userbase are ones which require a credit card or other solid form of identification prior to logon (e.g. Everquest).

    - SEAL

    It's only after we've lost everything that we're free to do anything.
    [ Parent ]

    OT quibble: learning curve was shallow (4.00 / 1) (#37)
    by G Neric on Tue Jan 09, 2001 at 02:53:35 PM EST

    the learning curve was steep

    in case you ever take economics, you would need to say "shallow". In learning curve "theory", one measures how much productivity improvement takes place through experience. Things that are hard to learn have a shallow slope, i.e. little improvement or learning, and it's generally plotted linear-log. Log is used because you can learn a lot in the first experience, but it takes increasingly long to learn more subtle lessons.

    yeah, I know, most people don't use it that way, but don't you just like being smarter than other people?

    [ Parent ]

    need to know over time (3.00 / 1) (#39)
    by rebelcool on Tue Jan 09, 2001 at 05:14:38 PM EST

    theres is alot you need to know over very little time. Thus the curve is steep.

    COG. Build your own community. Free, easy, powerful. Demo site
    [ Parent ]

    I had no idea ... (3.00 / 1) (#41)
    by G Neric on Tue Jan 09, 2001 at 05:59:19 PM EST

    I had no idea that you would find the learning curve for this subject so shallow :)

    [ Parent ]
    I'll show my age if I'm not careful (3.00 / 2) (#46)
    by flowergrrl on Wed Jan 10, 2001 at 05:55:43 AM EST

    I used to use IRC a lot quite few years ago, and I made a lot of friends, had op status on numerous channels, and sometimes it kept me sane (yes yes, I know, people call me a nethead all the time)!

    I went on some of the old channels about a year ago, and some people were the same, but they didnt have time to talke to me, cause they were too busy booting idiots off the channels, trying desperately to keep the channel fun, I didnt go back after that, if it becomes a chore, why bother!!

    Anywho, thats another pointless rant by me

    Andie

    Meet my son Dylan
    [ Parent ]

    Moving to private channels (4.00 / 1) (#50)
    by Duketor on Wed Jan 10, 2001 at 04:49:03 PM EST

    I went on some of the old channels about a year ago, and some people were the same, but they didnt have time to talke to me, cause they were too busy booting idiots off the channels, trying desperately to keep the channel fun, I didnt go back after that, if it becomes a chore, why bother!!

    One newsgroup that I frequent used to have an open irc channel on Dalnet (and IIRC on efnet and undernet before my time) but the weirdos and lamers and spammers and other assorted riff-raff made it into a place much like you described above. (Having some crackhead letting you know that he's a "CAR STEREO INSTALLER<><><>!!!" every ten seconds gets tired really fast.)

    So one of us made arrangements with friends on a private IRC network. It's changed a few times, but that's where those of us who still use IRC hang out and chat. It's not nearly as lively as the old days, but it works...for the most part.

    Unfort, there was a hit-and-run spammer on our channel yesterday, so maybe it's time to pull up stakes again. I had to actually think about how the commands to bankick someone because I haven't had to do it in nearly 4 years!


    Never play leapfrog with a unicorn.
    [ Parent ]

    DALnet (3.60 / 5) (#17)
    by J'raxis on Mon Jan 08, 2001 at 11:18:04 PM EST

    Four less scr1pt k1ddi3s on DALnet: http://www.dal.net/news/shownews.php3?id=15

    -- The DALnetting Raxis

    [ J’raxis·Com | Liberty in your lifetime ]

    Replacement for IRC (4.22 / 9) (#20)
    by Dacta on Mon Jan 08, 2001 at 11:34:44 PM EST

    A replacement for IRC has been discussed for years, and there are a few attempts to replace it.

    Unfortunaly, most are either (a)vulnrable to the same kind of attacks as IRC, (b)rely too much on central control or (c) are based on propietry protocols.

    The most promising project I've seen is the Corridors project. A memo outlining it can be read at http://corridors.sourceforge.net/ (Project page here). It has been discussed a couple of times on Advogato.

    The last update on Corridors I heard was this (29 Dec 2000):

    Corridors has not seen much progress, due to the press of other activities, but we seem to keep borrowing little bits and pieces of the design and infusing them back into IRC. I guess that will have to do for the moment.

    Another project (one of many incremental improvements on IRC) is irc++.

    Possible solution (4.50 / 4) (#24)
    by enterfornone on Tue Jan 09, 2001 at 01:58:01 AM EST

    If you want to read Usenet you either have to use your own ISPs server or shell out for a pay server. Why can't IRC use the same model, ie firewall the server from anyone but trusted servers and users. If you are getting DoSed then you just cancel the script kiddies account.

    --
    efn 26/m/syd
    Will sponsor new accounts for porn.
    [ Parent ]
    fragmentation (4.33 / 3) (#32)
    by mikpos on Tue Jan 09, 2001 at 10:20:01 AM EST

    Usenet is a single network; IRC is not. DALnet people don't want to have to put up with Undernet; Undernet people don't want to have to put up with EFnet. An ISP would probably have to run near a hundred different servers, and even then most of the (almost completely unheard of) specialty nets would get left out.

    [ Parent ]
    somethign.... (5.00 / 1) (#55)
    by use strict on Sat Jan 13, 2001 at 10:55:54 AM EST

    As some of you may know, OPN (openprojects.net) has been having similar problems as well -- lilo and crew have done a good job at keeping it at bay, and in truth, OPN is a much smaller network.

    One of the solutions that they are discussing is to enforce nickserv registration on connection. As we all know, ident doesn't really solve jack shit (efnet is a prime example here) and at least flooded requests to register nickserv names will give IRC operators a few minutes to handle the problem. It also slows down the dynamic flooding that can happen.

    If the routers are being attacked -- well, this is a fundamental problem in IP in general, especially on routers that have heavy filtering systems. In my personal experience, I've seen very simple requests (like pings to hosts behind the firewall) kill a router simply because it couldn't keep up with the filtering that it was supposed to be doing. Ironically, these were to popular chat servers as well (but not IRC).

    The big thing is, is that flooding a chat server is easy and has a high area of effect even if killing the server wasn't successful. People who do this are either trying to experiment with their new toy (hacking, in the traditional sense of the word), or going to piss off as many people as possible.

    Anyone who plays online games knows this all too well. Any place where an anonymous person can roam amongst thousands if not more people in realtime is going to be a target for stuff like this regardless of the protocol.





    [ Parent ]
    more (4.00 / 2) (#31)
    by mikpos on Tue Jan 09, 2001 at 10:17:48 AM EST

    SILC. IRC3.

    [ Parent ]
    Replacement to what? IRC is not under attack here (5.00 / 4) (#33)
    by zagor on Tue Jan 09, 2001 at 10:35:21 AM EST

    A replacement does not help, unless you replace IP as a whole. It's not the IRC servers that are targetted by the (D)DOS attacks, it's the hosting networks. In fact, in this last Undernet attack they even disconnected the IRC server (yes, physically pulled the plug). The attackers didn't stop.

    The problem is a social one. People with little sense of responsibility have too powerful tools and too little accountability. I don't pretend to have a solution.

    [ Parent ]

    Group punishment ? (4.00 / 4) (#29)
    by redelm on Tue Jan 09, 2001 at 09:04:26 AM EST

    I've tried it, and `chat` services don't work for me. Too disjointed. Worse S/N than USENET. But IRC does seem to attract alot of scriptkiddies rather like a lightening rod. Do they vent their frustration there, or just get worse? Rather like the vent-or-foment debate around violent games.

    Punishment on the Internet is a difficult thing. Many people will not cooperate in shutting down offenders. They then become part of the problem, accomplices of the offender. So their domain needs to get blocked at the router.

    Many "innocents" get blocked out too. There are ethical problems with group punishment, but there are no true innocents. Certainly not the dude with the insecure Linux box. Or even the ISP user -- s/he pays for and supports the ISP which refuses to block.

    When s/he complains about an IRC server blocking them, they should be politely told they've been blocked because their ISP is lax. They should complain to their ISP or find a new one. That _will_ get the ISP's attention. Customers can apply much more pressure than some remote IRC provider.

    could router protocols add in "firewall" (4.66 / 3) (#38)
    by G Neric on Tue Jan 09, 2001 at 03:11:23 PM EST

    could router protocols add in a "firewall" feature, or could there be a distributed firewall layer on top?

    the way it would work is this: when I block your packets, I could transmit that rule back to routers along the way to say, "this packet is going to get dropped on the floor when it gets here, so don't bother sending it". This rule could leapfrog its way back as close to the source as the various ISPs wanted, and could generate punishments or charges if they wanted.

    Yes, I'm aware of the obstacles. Packets arriving wouldn't necessarily route the same way back and you'd really need to know the route they took. But, without just throwing the whole idea out, could you consider it in "brainstorm" mode: is there merit to the idea? would their be any other benefits?

    It's potentially a lot of rules for routers to keep track of, but they could be LRU or weighted some way that only persistent DoSers would stay in the table. I haven't really thought about how to handle timeouts...

    There is the potential for spoofing abuse--but it's actually a way to find spoofing abusers.

    ISPs or backbone providers could transmit it without observing it, but observing would be in their interest: why carry the packets that don't need to be carried? Their own users would benefit too.

    It would be useful for more than just IRC or other singular protocols, blocking spam, etc. It would have been a way for kuro5hin to transmit the info that it was being DoSed to a bunch of routers along the way. The humans out there in admin land didn't care or couldn't be bothered, but machines are friendlier servants in this respect. I like this sort of solution because it is not centralized, but it does not lose the individual (person, server or network) in the ocean of the internet.

    The beginning of a new idea... (3.66 / 3) (#43)
    by ejbst25 on Tue Jan 09, 2001 at 07:01:33 PM EST

    See..I thought about this a while ago...but I have sadly made other things which I deemed more important as my major project. At one point I even drew up a design spec (like 2 years ago) on how I would implement this to make servers use minimum resources.

    First of all..Two things that I dislike...AOL Instant Messenger and ICQ are the key. Developing something that needs less and less active server involvement..a peer to peer chat group thingee. Developing one would not be that difficult...take the fundamentals that you can learn from an AOL IM clent and an ICQ client...and mesh them with the fundamentals of a Gnutella or Napster.

    All that you *really* need a server to do is to provide checking in services (for people and channels)(if that). That would not take a lot of resources if done right. Then, once you check in you look up your channel or group...connect to it by contacting who was marked as being there (if you have been in the channel the longest you check yourself as the lead of the group)...and the server is no longer needed because the person who has been in the channel the longest would hold the keys to communicating with the others. Which would be direct or indirect messages...avoiding server contact unless the lead leaves...at which time all clients contact the server with who they think has been there the longest...which allows the server to select a new lead...a hopefully short amount of down time.

    Well..needless to say its an idea I had that I never bother implemented..Someone will find/write a peer to peer solutions...one day.

    It has been done, but is not in the wild... (5.00 / 3) (#45)
    by benjy on Wed Jan 10, 2001 at 03:16:12 AM EST

    See dml's iFlame Message System thesis for the full details (3.7M postscript file). iFlame does exactly what you describe, and handles different MIME types in addition to text. I do not believe that dml ever got around to releasing the code, but someone could probably convince him to do so.

    "I Flame, You Flame, We All Flame for iFlame"

    [ Parent ]

    Good paper! (3.00 / 1) (#48)
    by ejbst25 on Wed Jan 10, 2001 at 09:47:24 AM EST

    Well..I feel useless. That was a good thesis and more descriptive than mine, which I finished the spec in January 1998. I guess I lose points for originality. :-)

    Another good idea never realized.

    [ Parent ]
    just an update... (4.00 / 2) (#47)
    by unstable on Wed Jan 10, 2001 at 09:21:08 AM EST

    MSNBC has a story on it here.

    Apparently some of the admins think that the attacks are based in Romania. Unfortunatly Romanian laws do not cover this type of crime so for right now nothing can really be done (at least legally).





    Reverend Unstable
    all praise the almighty Bob
    and be filled with slack

    What about permanent channels? (3.50 / 2) (#49)
    by cathryn on Wed Jan 10, 2001 at 02:54:03 PM EST

    It would be nice, if you could just own a channel. Maybe pay a small fee, like a DNS registration fee, and then like I would always be channel operator on '#cathryn' no matter what. That way there's no question as to who runs a channel.

    you can set up your own channels (4.50 / 2) (#52)
    by flowergrrl on Fri Jan 12, 2001 at 06:06:37 AM EST

    in fact some friends and I used to run a channel called #kryten on dalnet, and you can set it up so you can only enter on invite, (or at least you could then) set up your own ban ideas, kick out who you want to should someone join, you could have the channel moderated so that only those with +v and op status could talk.

    But that is the thing about chatting on the net, you dont want to block strangers, you want to chat to new people as well as old friends.

    Andie

    Meet my son Dylan
    [ Parent ]

    Why not just stop it? (3.50 / 2) (#51)
    by job on Fri Jan 12, 2001 at 05:28:24 AM EST

    Please explain to me what I don't understand: why is DoS impossible to stop?

    In my simple mind, you just look up who's responsible for the network (after all, that's why have have the whois databases), phone them immideately and ask them to shut down whoever is misusing their network.

    Or are the source adress of the DoS packets bogus? You can still see which way they come in to your network. Call the proper ISP and ask them to trace the attacks further. A bit more complicated of course, but that's why have abuse departments on ISPs.

    So, why can't it be stopped? After all, DoS attacks are nothing new. They have always been there and will always be there.



    law enforcement not doing anything about IRC... (4.00 / 2) (#53)
    by motty on Fri Jan 12, 2001 at 08:53:17 AM EST

    Is this the kind of not doing anything you mean?
    s/^.*$//sig;#)
    Criminal Profiling (5.00 / 1) (#54)
    by Seumas on Sat Jan 13, 2001 at 12:29:02 AM EST

    An Internet security expert said Kastning fits the profile of a person who causes problems in cyberspace: a 16- to 22-year-old single white male raised in an unsupervised or broken home.

    Wow. That's some deep stuff. Single white males in broken homes are the type who cause problems online? Gee, that accounts for some 85% of the internet, no?

    This is precisely why criminal profiling in police precints, government agencies and public schools is so frightening -- aside form the fact that it is not justified to punish or persecute someone for something they have not yet done, the people they wish to harass and stigmatize rarely fit the true 'profile' even remotely.

    After all, there is a reason why criminal profilers never solve crimes. It takes foot-work, interviews, research and a ton of investigation to find the person who is responsible for a crime. If you could just point your finger and say "every black guy" or "every white single guy with a black coat" or "every teenage girl with sad days", then there wouldn't be cops -- just these pansy-ass profiler types.
    --
    I just read K5 for the articles.
    [ Parent ]

    f00d 4 7h0ugh7 (1.00 / 8) (#56)
    by spleen on Sun Jan 14, 2001 at 12:11:47 AM EST

    A great man once said the phrase, "Dear friend, I accidently hit you with my car, killed you, threw you in my intersteller dream machine down in my basement and been raping you ever since...sorry." Correct me if I'm wrong but I believe the man who said this was Jesus Christ our savior. Either way it's a great quote.
    "I am ready to meet my maker, but whether my maker is prepared for thegreat ordeal of meeting me is another matter." Winston Churchill
    Undernet (and all of IRC) Faces Extinction | 57 comments (51 topical, 6 editorial, 0 hidden)
    Display: Sort:

    kuro5hin.org

    [XML]
    All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
    See our legalese page for copyright policies. Please also read our Privacy Policy.
    Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
    Need some help? Email help@kuro5hin.org.
    My heart's the long stairs.

    Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!