I still have difficulties about the concept of considering the idea of showing IPs to ops on a channel a security breach, but i heard some interesting ideas in the few last days...
Some were talking about complaining to Undernet autorities so they would be able to retrace who's who and contact ISPs. That's nice in theory... but sincerely, i don't think this could work. First of all, i'm not sure there opers that have that much time to offer... And he would need to act during the attack, fact that is quite problematic since the pples who are attacked aren't online at the moment of the attack. (peer or timeout casualties) But if you want to try it i'll try this. Some talked about a dedicated channel, but this is also unpracticle, it would very likely be submerged, attacked, etc etc. (and none 'officialy exist' for this purpose yet... About /Gen comment. We do not have any op of flood problem, the problem is the DDoS one and since you admit that a user cannot directly act upon this, at least when we contacted responsible ISP, those computers wheren't use anymore to flood us. Yes this could seem pointless since attackers will find new one... I know... but ifnobody complains to ISP, if this does not became suffisently annoying, ISP will not take seriously the problem, law suit will not force them to be carefull about security, etc. Anyway, maybe i am the only one, but in my little world, since there isn't real securiy in TCP/IP and that i know it, i decided a long time ago to inform by one mail each and every ISP that are being used for DDoS or illegal activities that they were. Hoping (maybe i'm simply stupid but i don't see an other way to make internet work) that someday this movement will have some level of impact. My sole point is that Undernet is now trying to help their users and that's nice, but they are misguided by bloking any trace option on abuser. (My humble and respectfull opinion) For Chris Crowther [[EMAIL PROTECTED]] argument stating that "That's a specious argument, if law enforcment want information, they'll just ask for it.". Can i simply say that your quite right, but that your comment is purely a theoric one? If i go to the police station stating that DuDe123 on the undernet network was attacking my internet connexion (from 100 proxies but that he was claiming it) and that i do not know his ISP, IP or anything about him else than the fact that he is using alternatively username1 username2 or username3 on undernet this won'T go very far? Maybe after a while they'll contact the Undernet administrators ang get the email that was use to register those mails... maybe they'll go back until they stop on a free emaila ccount somewhere in Tombouctoo. This will not help very much... anyway not as much as a solid IP+timestamp would. But you know what, i promise i will try this also... we'll see :o) About X command for complaining.. this could ad least give us a tool for complaining... But i have an even better suggestion for you... That would work simply and still cover the privacy of anyone... By a simple procedure, you could create a forwarding email address for every account in real time... - This would be triggered when a email would be sent to [EMAIL PROTECTED] or when a person would enter text and a username into a form into http://ISPabuse.undernet.org. - The mail would be sent to abuse@ for the ISP of the online person who is using the username, using a simple rule of 'the 2 last sections of any domain name unless the 2 last sections are 2 letters each and then use a tree section domain name'... I know this is not an universal solution... - You could preface the mail by a warning from the undernet stanting how the email was sent and why (...). I think this could be use to contact over 80% of the ISPs... helping a lot and giving the choice to ISP of how or if they want to disclose their IPs (...) by responding to the email... All without giving away the identity of the person behind the username. About a special channel mode. I see one way of doing it that wouldn't be too hard to create... - Assume that the mode is +h (i don't have a list of used channel mode for all networks...) - When a +x person try to join a +h channel, do 3 things. 1- issue a msg, something like: BW WARNED: if you join this channel, your real hostname will be seen by all channel operators. 2- stop the person from joining the channel 3- issue an invite on the nickname One last comment... About those who say that we could maybe manage with a channel for reporting abuse, or sending emails to [EMAIL PROTECTED] Do you realise that there is no proof on the undernet side of such an abuse? What i mean is that if SomeIdiot come to my channel saying 'You shouldn't have banned me, see what happened?' and i send this to an oper or [EMAIL PROTECTED], will you take me seriously? I can as well provide a server log showing 100 IPs DDoS-ing ... but the probability of the IP of SomeIdiot being into that log is about 0. So.. is that case, will oper act anyway? What about forged logs? Don't forget that at least ISP can see in their log if the user was contacting the IPs used for the DDoS. Yes there could be some other level proxies, but at least then can give along the informating to the other ISP(?). What can an oper do... will they send the complaint to the ISP automaticaly stating the original complaint without regard to the nature of the proofs? Those questions will maybe seem trivials but i must state that the last times i contacted [EMAIL PROTECTED] i received either no answer or some comment asking for solid proof, such thing aren't possible... about all logs can be forged :-I Well, on this point also i promise i'll try it again before anything else. Don't worry, i'm not making a point to create too long mails :o), i'm just trying to be torough. I try to avoid answering to each mail by sending a complete mail responding to each objections. Regards, - Alocin
