To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- On Thursday 01 June 2006 04:57, Jakob wrote: > i'm running an irc server on one of the large networks. what you say isn't > true (anymore) - fairly recent ircd software includes features against > hammering clients and the like. besides, there are quite a lot of packages > out there to monitor ircd and auto k-line/install acl against drones or > hammer clients. Kudos to you and your staff if you are running an IRC server with lots of drone monitoring and an aggressive set of terms of use. I have only experience with hybrid based IRCs, but in the past I have seen IRC servers drop like flies from hammering drones (about 2 years ago).
But regardless of what IRCD software you run, having tens of thousands of drones hammering port 6667 is more of an operating system problem. This type of activity isn't so far removed from an all out deliberate DOS attack. Although, granted, most DOS attacks don't bother to complete the 3-way handshake. I must stress though, most drones will not do this. Most use a pre-set retry time that is a minute or more. Even having a million drones reconnect to your server at a rate of once per 60 seconds will not bring a server down. Some drones have connect code running in a 'while (1)' loop with NO retry time. > for the ddos, as soon as you run a public irc server you should be > prepared to get hit. that's a fact. wether or not you k-line drones > doesn't matter a lot. if not for a k-line, they will ddos you because > someone on your server insulted them or whatever. Some DDOS attacks are bigger than others. I agree completely IRC servers are prone to DDOS attacks more than pretty much any other service. That being said, if you haven't been hit with a DDOS attack big enough to knock your IRC server offline, than you haven't been running it very long or you run it on a less hostile IRC network (I.E. gamesurge, freenode). Craig _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
