Took him a long time to type this bless him :)
Simba
Shaun O'keefe,
Home: +44 (0)115 9136164
Cellular: +44 (0)7971 316698
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of VamPyro
Sent: 19 July 2001 07:50
To: [EMAIL PROTECTED]
Subject: [User-Com] map links and notices
I'm not sure if this is the place to go with this questions, but the website
seems to make this as the place to go. I've used undernet for years and
always have thought it was the coolest server with many useful functions,
and now these functions are going away. If I saw lag taking place I could
ping a channel and using there /whois info and /map figure out which link
was having the problem and find a server on the other side. If the net
splits, I could again use map to see which servers left and/or watch server
notices to see when the server comes back. Now some of the servers don't
allow server notices, the map command or links command (which I once
scripted for my client a way to make its output like a map command sorta).
This does not make sense. I understand the need not to want to be under
attack as it has in the past, but this is not the answer. The routing
committee and those in charge of dns and server software has already made it
such that the hubs and services of the network resolve to 127.0.0.1 or not
resolve at all. This eliminates all forseeable attacks on the hubs and
services. The client servers need to resolve for obvious reasons. Thus now
the only thing attackable is individual client servers. While this is still
tragically possible, there is no real way around it. Therefore, the map
command and links command work as well as they can, given that they show
client servers and you can't get to a hub using the name provided. By
removing these commands, you leave the clients only 2 choices for choosing a
server and they are not very good choices. They can do as the reply for the
command suggests and go to a webpage with a list of servers, which is not
only usually far outdated, but does not give a good idea of which servers
are better beyond the name and isp sponsoring, and I for one usually rely
more on word of mouth, experience, and map command for an idea of how the
network is set up to find the potentially most reliable servers. By watching
server notices, I can also see which servers split often to avoid them, or
to see when my favorite server is back from a split so I can rejoin that
server. Quit message from net-splits also lets me have an idea of which
servers left if I have the output from an old map command or links command.
I also do whois commands on either fast clients for a server I might want to
use, or on lagged clients to find which servers to avoid. These now
tragically also show only *.undernet.org and no useful information. While
this also prevents some forms of DoS attacks, noone has seemed too concerned
for this type in years, and have also been patched against most of this form
of attack. Again, the webpage even if it is up-to-date, has the name of the
client servers and these names do resolve to ips to connect to undernet. If
someone wanted to DoS a particular client server, they now have the method,
just as if they had done a map command. The other choice left is to use the
random pools eu.undernet.org and us.undernet.org. This severely hurts load
balancing as without a choice the client is put to one server until it is
full and then to the next. Not only does this overload some servers and
leave others empty, but this also causes clients to take longer to connect
as they have to go through a list of ips. On several occasions, the first
server it connects to is split from the rest of the net. These pools should
really only be used for and by those without a list of other servers to
connect to and now this list is coming to the point of only being found on
the web. This also doesnt solve attacks on individual client servers because
by resolving these names, one is presented with a list of ips that can be at
tacked.
The only security issues I see being resolved by these means is not worth
the hurt this has caused. While I can no longer tell which server you are on
to attack it, I can still see your ip to attack you, which is most often
(unless your name is Bill Gates) easier to take out. I cannot see any
logical reason to take out a server for one persons inconvienience and with
proper load balancing it would require DoS attacks to target several servers
for one particular group. Again it would be easier to attack this group than
a group of servers. The advantage to attacking the server before was to
attack a major hub. By denying certain stats commands to only opers and
having hub names that are unresolvable, this is fixed. If someone attacks a
server now it is probably just to make security teams nervous and make
servers more and more unusable due to all the restrictions and it appears
this is working. I may not require all the knowledge of whats going on with
the servers, but being informed makes my experience much more enjoyable by
allowing me to deduce which servers are (un)reliable, where lag spots are to
find servers in the majority for if/when the split occurs and for finding
which servers my friends use so that I can be closer to them to reduce lag.
Without server notices, without map and links commands, and especially
without usable information in a client's whois information or a netsplits
quit message, I am gradually becoming helpless on a network gradually
becoming over-paranoid about security and attack risks. If you have read
this far I thank you for the time and consideration. If I have emailed the
wrong place I ask you forward this to the proper place. I am only
registering a complaint and looking for explanations and begging that
undernet doesnt become the dull boring security tight place other networks
long ago became (which became the whole reason I enjoyed undernet; friendly
people with workable, efficient and reliable servers). Again I thank you for
your time.
Sincerely,
Daniel Radachi
bka 'VamPyro'
