EFnet IRC Network Forum

users machines generally don't get hacked because they IRC. probably >95% of the hacked machines on EFnet are on computers that were never on IRC before the drones were installed.

they get hacked by mass scanning tools, and often the same machine will be hacked 2-5 times by different groups. most of the time the drones are used for xdcc bots, but thats not always the case. anyone with a little bit of time and a scanner can get 100 drones by picking a couple of random cable/dsl netblocks. 100*1.5Mbit will take out most any user on EFnet (or server, for that matter). add to this the fact that many of them do spoofed syn/icmp attacks, and it can be quite difficult to block them without upstream cooperation.

yes that is true. but the thing is we can never totally abolish everything but we can help prevent things. for example bopm will help reduce proxy floods but sometimes it wont totally stop them. it also helps the user's mentality. some users just feel more secure if they have a spoofed adress. yes i know thats a false sense of security.....but these people who have a false sense of security barely bother patching their boxes anyways. also it reduces the amount of blame an oper gets if a user gets packeted. for example someone was blaming me because they got a lot of hits on port 139 and 445. it took me 20 minutes to explain to that person that it was an automatic scanning tool or a worm trying to go around. i do think spoofing is a good idea. it wont eliminate the problem but it can help.

since when was an oper to blame if a user got packeted?

i dont think its an oper is to blame....but the sad truth is that people have blamed me on my server for them being packeted. (not an efnet server)

munky wrote:since when was an oper to blame if a user got packeted?

never, unless it was the oper doing the packeting of course.

on the subject; userspoofing is the stupidest thing any network ever invented and would add to the "reasons-to-quit-being-on-EFnet-if-I-had-the-willpower-to-do-so"-list. people will always be dos'ed anyways, the only thing userspoofing will accomplish is making it harder to deal with abusive clients.

why would you say that people would quit efnet if they had user spoofing?

prefect wrote:

munky wrote:since when was an oper to blame if a user got packeted?

never, unless it was the oper doing the packeting of course.

on the subject; userspoofing is the stupidest thing any network ever invented and would add to the "reasons-to-quit-being-on-EFnet-if-I-had-the-willpower-to-do-so"-list. people will always be dos'ed anyways, the only thing userspoofing will accomplish is making it harder to deal with abusive clients.

User spoofing certianly does make it a bit easier to hyjack other peoples accounts on bots and to masqurade as other users..

But i think most users would be happy if they could get spoofed, since .. i dont even know how many times I've been asked if joe user could get a spoof.

Auriga wrote:But i think most users would be happy if they could get spoofed, since .. i dont even know how many times I've been asked if joe user could get a spoof.

I think a lot of normal users on EFNet want a spoof as a status symbol. It shows that they "know people" and have "connections" ("hey, look at me, i'm special, i know an admin"). I think if everybody had a spoof (tho, it's starting to look like that some places on EFNet), then they wouldn't be nearly as special to people.

-wassup- wrote:why would you say that people would quit efnet if they had user spoofing?

because the hosts some people choose on other networks are EXTREMELY annoying. Yes, I know that people still create incredibly annoying real, valid hosts, but they would be so much more prevalent if all users could choose their own.

one problem i have with user spoofing is that it redirects DoS to the IRC server rather than the user. Usually, a user that gets attacked isn't completely innocent themselves. In my experience, the user who gets DoS'd would have been fine if they had been reasonable, and not pissed people off. Why should the IRC server get hit instead of the user who went around pissing people off in the first place? If they dish it out, maybe they should be prepared to take the consequences instead of pushing it onto the IRC server (tho, i know this doesn't help if the user is using open proxies or another host that they have no relation to).

personally i wish there was a policy that only opers had spoofs.
people usually want them to look cool and show they have oper friends...
or to avoid packets, which to me seems like the stupidest reason ever to give a spoof.
i never had a spoof before i got an o:line, i always used bnc's. i know shell accounts normally cost money, but if irc is that important to a person, they can fork out a little extra money.
i've seen people say 'i'll never use a bnc!!' but not hesitate to beg for spoofs.

lucy wrote:personally i wish there was a policy that only opers had spoofs...

If there was such a policy, would everyone comply?

-douglas

wundr wrote: because the hosts some people choose on other networks are EXTREMELY annoying. Yes, I know that people still create incredibly annoying real, valid hosts, but they would be so much more prevalent if all users could choose their own.

one problem i have with user spoofing is that it redirects DoS to the IRC server rather than the user. Usually, a user that gets attacked isn't completely innocent themselves. In my experience, the user who gets DoS'd would have been fine if they had been reasonable, and not pissed people off. Why should the IRC server get hit instead of the user who went around pissing people off in the first place? If they dish it out, maybe they should be prepared to take the consequences instead of pushing it onto the IRC server (tho, i know this doesn't help if the user is using open proxies or another host that they have no relation to).

yes i can see your point here, and it is making me rethink if spoofing is actually a good idea.

seiki wrote:

lucy wrote:personally i wish there was a policy that only opers had spoofs...

If there was such a policy, would everyone comply?

-douglas

Does everyone comply now?

I think you have your anwser already

I run a free shells provider, and I provide users shell accounts which they can use to run bncs
on for large networks that don't allow spoofed hosts/vhosts.

I quite like it that efnet for example doesn't allow spoofed hosts, despite some form of:
x!y@ip1.ip2.ip3.ip4
becoming
x!y@ip1.ip2.ip3.cloak
being a good idea, becuase having to use bncs makes users aware of OSes other then windows,
helps them learn tech knowledge, and generally makes them more aware of IRC, and a more
enlightened user.

I've been DOSed due to running a free shells provider, yes, but I control my own firewalls
and since I'm colocated it's bloody hard to DOS me offline.
Currently I have about 90-100 users (depending if you count the semiidle ones), and I don't
really have problems on irc.... and neither do my users, incoming attacks are dealt with and
all in all using a bnc on a well maintained server somewhere is a very good way to irc.

I don't even have to ask the efnet server admins for I:Lines or anything, (given the absolute
apathy I have encountered from the admins of many irc servers, I don't even bother asking
anymore)...... I simply add a half-dozen more IPs or so to my Box (each with distinct hosts
and matching rdns so they can get on irc) and my users are fine.

Yeah, I've taken down a few abusive users (one within 2 minitues of the abuse occuring...
ah, thank you perl scripts)..... but all in all, I'd reccomend that user knowledge (be it via bnc
etc) is a better method of combating abuse (you should see the number of users that can't
even use the banmode properly on channels... *shudder*) then ircd features.

However that said, I grew up as a user on unreal ircd networks, and I can testify they are
a LOT better at dealing with most any kind of problem you can imagine then efnet/undernet/
the large networks are.

User knowledge, and sensibly planned ircd features are the way to go, imho.

-Ashen

well jeremy has created a spoofing patch for ratbox, which he implements in his own ircd (freeworld ircd). its available at http://ircd.botbay.net/pub/ratbox/3-Feature/jeremy/. thanks a bunch jeremy

this implements user spoofing in the forum of blah@<netname>-<number>.isp.com or for non resolving users, 4.4.5.3452 or similiar.

lucy wrote:maybe its how you approach opers or something.... cause i've never ever had a problem finding a prison oper.

or maybe its because your nick is lucy ? and theres one squadrillion horny opers out there with no life

no harm meant, just a thought. we see it all the time when someone with a female nick joins, so why not?