Note: This is not an official document. Please check
http://voting.efnet.net/us-guidelines/new-server-guidelines.shtml
to make sure you have the latest.
Last Updated: Tue Jul 5 15:34:54 EDT 2005
This document obsoletes all older versions.
Below are the agreed-upon guidelines for linking new servers to the
United States' portion of the EFnet. If, after reading these guidelines,
you feel that the US portion of EFnet should consider linking your
server, cut out the application at the bottom, respond to each
of the questions. To submit it, contact an administrator of a
current US-EFnet server to submit the application for you.
If your server is located outside of the United States (i.e.
Canada or Europe) this is not the application you should be
submitting. Please fill out and submit the new server
application for those portions of EFnet.
What the US EFnet admin body looks for when considering
linking a new server:
a) The IRC Server must be permitted and supported by the
administration of the machine and network that it
is sitting on.
If a server is not being linked by the hosting
organization, or employees of the hosting
organization (i.e. it is a colocated server),
uplink support MUST be given prior to applying
for an EFNet link. In addition a contact address
for an individual at the hosting entity should
be given when applying to verify uplink support.
b) The server administrators must be reasonably knowledgable
about IRC and UNIX. They should be willing and able
to answer most user questions that they encounter
regarding IRC. Additionally, server administrators
should be familiar with general internet topology.
At the minimum, they should know how their network
reaches major internet backbones.
c) The machine that the server is running on must be dedicated
only to irc and adequate for the job.
It should be dedicated for security reasons. Users
that are not irc server administrators are not to
have any machine level access to the irc server.
The machine should be reasonably modern and should
have at least a 500MHz or faster CPU and 512M or
more of total RAM.
In general, the only services that should be running
on the ircd machine are those directly related to
irc. This includes SSHD, and xntpd*. Services such
as ftpd, telnetd, httpd, and so on must NOT be
running on an EFNet irc server.
(*) xntpd is not a requirement but clock synchronization
is. ntpdate run on a regular basis should
suffice (at least once a day).
The irc machine MUST be firewalled from external
logins. SSH should be firewalled to only allow the
IPs of the irc administrators to connect, and deny
all other connection attempts. If at all possible
sshd should listen on a different IP than what ircd
listens on (your public IP), but this is not a
requirement.
All vunerabilities in your irc servers OS should
be patched and updated as soon as possible. Likewise,
if a vunerability arises in any of the running
daemons such as sshd or ircd, those should be
updated as soon as possible as well.
The nameserver that the machine should be running
a current secure version. Information on which version
of BIND is current and secure can be found at
http://www.isc.org/products/BIND/bind-security.html.
d) Running a server requires that the rest of the IRC network
put a lot of trust in you. People who are known not to be
trustworthy or who a history of not acting in the best
interests of the IRC networks will typically be denied
server links.
e) New servers will be "L:lined" - meaning that they cannot link
in other servers until such a time as it is deemed that
the server and its administration are ready for such
a load and the server's network location would provide
a well-placed hub server.
f) New servers may not be compiled in debug mode and their
operators are not to be given global /kill or
remote squit/connect access during the 45 day trial
period.
g) These days, a large EFnet client server can utilize
a few mbits/s, which is a large amount of bandwidth
for most small ISPs. This should be taken into
consideration when applying.
New servers MUST be on a multihomed network.
This multihomed network should have a minimum
of 200mbit to at least two different ASN's.
We must also be able to verify that your server
is on a multihomed network, via BGP announcements.
EFnet IRC Servers tend to attract frequent Denial
of Service attacks and hack attempts. These
attacks can often times be several hundred mbit/sec,
with several hundred thousand packets per second.
Often times these attacks are also not directed
at irc servers directly, but at neighboring
routers or machines.
These attacks can often times cripple even the
most robust and diverse networks. New applicants
must be aware of this, and not only be ready to
deal with it, but must be versed in methods of
combating and protecting your server from Denial
of Service attacks.
h) The server MUST be protected from attacks resulting
from ARP hijacking. One way to accomplish this is
by utilizing static arp addressing on your router.
In addition to static arp addressing, an EFNet
server should be on its own IP subnet and VLAN.
i) The server must have their bots/abuse policies clearly
stated in the motd and contact information must be
stated in the A:lines. The server administration
should be willing to take measures to minimize
clones and drones by the use of connection limits
in the I/Y lines and/or the use of tcms
(monitor bots) or live operators.
j) All new servers must run an ircd approved by the US-EFnet
admin body. The current US-EFnet approved IRCD's
are:
ircd-hybrid - http://www.ircd-hybrid.org/
ircd-ratbox - http://www.ircd-ratbox.org/
cs-ircd - http://www.codestud.com/ircd/
k) Servers that intend to be "closed" servers either by
means of I:lines, of network announcements, or
by any other means must state this intent truthfully
at the time that the server application is submitted.
Very few servers (if any) are able to justify being
a "closed" server. Servers that intend to only
hold a couple of hundred clients due to I:line
limits or closed announcements are typically seen
as servers not pulling their own weight, and may
be denied a trial or full link.
l) Any server downtime or period of absence must be
announced to the us-admins list prior to
going down (if applicable). If there is an
unforseen incident that renders your server
absent, notice must be sent to the us-admins
list as soon as possible.
m) Failure to comply or meet one or more of these guidelines
may end with the denial or termination of your link
to EFnet.
n) Last, but not least, there must be a need for a server
in your network location.
All new servers will be on a 45 day period during which
time the server and administration will be watched closely.
At the end of this 45 day trial period, a vote may be called
by any us-admin to determine whether or not to admit you as
a full server. If no questions or votes are called at the
end of your trial period, you will be considered a full
server and eligable to all rights that that includes.
Note that denied applicants will not have the privilege of
reapplying for 6 months. As such, it is in the applicant's
best interest to do their homework on what applications have
been approved in the past and which ones haven't and, more
importantly, why they were approved or denied.
---------- CUT
1. Contact Info
1a. Server Admin Name:
1b. Server Admin Phone:
1c. Server Admin Email:
1d. Relationship to server hardware and network (ie: employee,
colocation, etc):
1e. Type of organization:
1f. Sysadmin Contact:
1g. Network Admin Contact:
1h. Server Name:
2. Network Info
2a. Connectivity
Please list the connectivity your network has to various other
uplinks and providers, and this size of the connection to them.
Please also include the IP address of the irc server, or an
IP address close to it for testing purposes. Any additional
relevant information may also be included:
2b. Does this server utilize static ARP addressing?:
2c. Is this server on its own IP subnet and/or VLAN?:
2d. Do you have uplink network support?:
2e. Hosting networks ASN:
2f. Please describe how (D)DoS attacks will be handled:
3. Machine Info
3a. Processor:
3b. OS and Version:
3c. RAM:
3d. Who has access to run processes on the machine:
3e. What other services are running on the machine (ftp, www,
smtp, pop3, imap, etc):
3f. Please list the name servers located in resolv.conf
and specify the name and version that each runs:
4. IRCD Info
4a. IRCD name and version:
4b. Site IRCD obtained from:
4c. Person resposible for compiling and upgrading ircd:
4d. Will this server be a "closed" server (via I:lines,
network announcements, etc.) after the completion of
the trial period?:
5. Bot and Abuse Policies
Please detail your policies on Bots and Abusive users, and how you plan
to implement these policies:
6. Initial Opers
Please list the full names, nick names, and e-mail addresses of the
people who will be operators (local or global) and/or TCM operator
when your server goes online:
7. The Essay Question
How will EFnet benefit from your server being linked?
8. Traceroutes
Please include the output of traceroutes to the following sites. Note
that many EFnet servers filter ICMP packets. Run the traceroutes as
far as you can and make a note that they stopped before reaching the
destination.
a) irc.blessed.net
b) irc.choopa.net
c) irc.colosolutions.net
d) irc.easynews.com
e) irc.eversible.com
f) irc.he.net
g) irc.mindspring.com
h) irc.mzima.net
i) irc.nac.net
j) irc.paraphysics.net
k) irc.prison.net
l) irc.servercentral.net
m) irc.shoutcast.com
n) irc.umich.edu
o) irc.umn.edu
p) irc.wh.verio.net
9) Who is your closest EFnet Hub admin ? (server name and
administrative contact):