Re: IRC: Attack From Killer 'HaX0rZ'

[Darren Reed <darrenr () REED WATTLE ID AU>]

FWIW, I've been using IRC since 1990 and wrote its first RFC...
and for some reason I have a very pesimistic view of it and I'm
even more cynical about proposals I've read to make it "better".

In some email I received from InfoSec News, sie wrote:
> http://www.wired.com/news/culture/0,1284,41077,00.html
[...]
> But in recent years, IRC has been replaced for many with more
> mainstream alternatives such as AOL's chat rooms and instant messaging
> clients.

The IRC protocol is also being used behind other web chat sites...
you just don't know it due to subtle changes, etc.

[...]
> Others, such as an IRC user who goes by "Spotz," say that IRC is
> controlled by "noxious geeks who think they are God," which leads to
> "an overwhelming desire to behead the false king, steal the women and
> burn down their virtual house."

I wish I could say that were completely untrue.

[...]
> Launching a DoS attack on IRC isn't very difficult. Since almost
> anyone can sign up to host a server, it's impossible to ensure that
> every server is properly secured. The problem is also compounded by
> what many claim is "total disinterest" on the part of ISPs.

FWIW, I've talked to people who run IRC servers at Uni's who have
reported *large* DoS/DDoS attacks _before_ the eBay saga...their
reaction was to black hole that IP# for months.  It's sad, I know.

[...]
> "I find it amazing that people like me, people who for all intents and
> purposes have no life, are killing the one thing that we have that
> amuses us," Bandit said.

> "Undernet is under attack now and will probably die if something isn't
> done. Once they kill Undernet they'll go for efnet or Dalnet. No one
> seems to know what to do. Eventually, there will be no major IRC
> servers left. Then what?"

Who's to say they aren't under attack now ?  When I was last involved
with EFNet in a significant manner there were close to 150 servers...
now less than half that.  The number of users' has increased significantly,
sure but why aren't there more people running servers ?  Rather, you see
servers staffed 24x7 by operators, something that didn't happen "way back
then".

> "The IRC ops are evil. They put people down, and they are out to hurt.
> It's not hard to see why someone would want to blow them off the face
> of the Internet. If someone takes crap all day from idiots, they don't
> want to have to take more crap at night from people who are supposed
> to understand what it's like to be a geek, a leper, a reject," said
> Luzor.
>
> "Make IRC a place that doesn't make people angry and maybe you'll stop
> getting attacked," he added.

Here here.

> Miz Ery, a former channel operator, agreed that IRC isn't always the
> friendliest place.

[...]
> she said. "Maybe the admins can fix the DoS problem with technical
> things like router filters and the much-help from the ISPs.

The only real thing that can help IRC, in this respect, is deployment
of a RSVP (Resource reSerVation Protocol) - and even then that'll only
help server to server traffic get through.  If someone is sending
bucket loads of junk over the IRC network using clients, you've got
an even worse problem.

> But the
> real problem is the kids, and I think we need to really look at why
> they are so angry."

Which kids ?
The ones who run channels/servers or the ones who attack them ?

> Miz Ery thinks that a mentoring program for computer-savvy kids might
> help
[...]

What's needed is a program to educate those in positions of responsibility
on IRC about how to behave and treat people like poeple.

> "If we don't do something, IRC will die just like Usenet did. Spammers
> and idiots have all but killed Usenet. I think IRC is next. It's sad
> to see the Internet turned into nothing but a mall, sad to see all the
> conversations between folks about all the important and silly things
> dry up."

No, IRC is "not next".  The problem is people think IRC must be made up
of large networks to work.  There couldn't be anything further from the
truth.  Large networks are easy to attack...what needs to happen is for
people to realise that maybe they can run smaller chat networks and maybe
not attract so much attention...so much desire to "shut them down".  But
it does take an attitude change by people in control too.  Large chat
networks are hugely over-rated.  With 20,000 chat rooms, what chance
have you got of being able to browse them in a meaningful manner?  If I
make that 200 rooms, much easier...maybe there's only 500 people on a
handful of servers, but is that such a loss ?

Darren

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".