Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

What do people use IRC for that causes a lot of providers to ban it?

What do people use IRC for that causes a lot of providers to ban it?

rchurchrchurch Member
edited October 2012 in Providers

What do people use IRC for that causes a lot of providers to ban it?

Given that is call Internet Relay Chat and users appear to be "chatting" on it which seems fairly harmless to me, what else does it, or how does it work which causes it to be banned?

Tagged:

Comments

  • Not sure if this still happens, but kiddies get banned from servers and ddos/attack it. A bit like with Minecraft.

    Thanked by 1rchurch
  • JTRJTR Member

    Botnet hubs, IRC networks in general attract DDoS, etc...

    Thanked by 1rchurch
  • INIZINIZ Member
    edited October 2012

    There are also irc botnets which basically means they can send out ddos commands from a virus on your pc to its target in its thousands of pcs controlled under a irc server

    http://www.kaspersky.com/images/waldecker,bernhard-_a_review_on_irc_botnet_detection_and_defence-10-98487.pdf

    Thanked by 1rchurch
  • rchurchrchurch Member
    edited October 2012

    @StormVZ You mean IRC clients are easily controlled by the servers and put to nefarious purposes?

    @AsadHaider @JTR Why do people like to DDOS IRC servers, is there something going on in IRC servers that cause people to want to DDOS them, or is just some weird underground social phenomenon that some kids enjoying doing?

    The whole things seems mystifying to me. What are the DDOSes meant to accomplish anyway?

  • @rchurch er nope, take a look at page 2 on the link above. The diagram should explain it, victim being the user with a infected pc

  • So that means that the service provider is afraid the customer could be controlling a botnet, right?

    1. Private network of about 100 people chat happily, nothing happens
    2. Script kiddie gets banned from network or typical IRC drama of the week
    3. Large DDoS attack hits the IRC server
    4. Server comes online, attacker's ego is hurt still
    5. Attack hits VPS node, affecting all customers of hosting company

    Seen it way too many times.

    The whole botnet excuse is pretty lame because a botnet operator would likely run it on 443/tcp, 80/tcp, or something to fly it under the radar and not 6667/tcp or any of the standard IRC ports.

    PrismaVPS - Kansas City and Romania OpenVZ VPS Hosting. Plans start at $4/mo
  • @ChrisPV said: The whole botnet excuse is pretty lame because a botnet operator would likely run it on 443/tcp, 80/tcp, or something to fly it under the radar and not 6667/tcp or any of the standard IRC ports.

    Or the fact that botnets don't even have to use IRC, they could easily run under some other existing or custom protocol...

    Also, not all IRC networks frequently get DDoS'd. For example, a network of around 200-250 users that I'm an admin of has been around since late 2006, (almost 6 full years) and to this day has not received a single DoS attack.

  • mojedamojeda Member
    edited October 2012

    As someone who runs an IRC network DDoS or botnet attacks generally come from when someone gets butthurt because they didn't get their way, for example an admin banning them because they broke the rules.

    I find that botnet attacks are far more common than ddos attacks, probably because kiddies think they are so cool with their ClonesX, which are easily thwarted.

  • Honestly, I'm always a bit disappointed when hosts don't allow IRCds, simply because I've been running them for a long time and have never get DDoSd. And I believe that if some hosts can offer it without problems, other hosts should be able to as well.

    Thanked by 1Kuro
  • It's a trust thing.

  • It's a shame that providers have to disallow IRC usage because of this. Especially when I see that they completely disallow it; not even letting personal BNCs run on a VPS.

    I don't even know why they do that. Maybe they aren't familiar with the situation and just go ahead and block everything so they have no hassle.

    Thanked by 1luxor
  • In short. IRC attracts skids as they like to see servers drop/delink.

    Ishaq
  • Same reason as game server hosting. A mare ban turns into a DDoS as if someone violated their freedom of speech or something... skidds these days...

  • Generally when a provider disallows certain type of usage (IRC) there are bunch of people who start bashing this provider and the provider looses these people as potential clients. On the other hand there are other people who then like this provider more and prefer to be with him. So you loose some clients and gain some other clients. Some providers prefer the former type of customers, some providers prefer the later. I personally prefer the second type.

  • Also one of the main reasons is most of us don't own our own Datacenters and the DC's tos and aup's alot of the time say that we do not allow irc over our network.

  • Basically IRC, like gameservers and webservers (!) attracts DDoS - but because it's not as "mainstream" as webservers they can get away with banning it.

    And no, running an IRC network is not a guarantee of DDoS.

    Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

  • Top 5 customers who get DDoS'd: 1. gameservers 2. teamspeak servers 3. irc / ircd customers 4. vpn customers 5. torrent customers

    I deal with it 12 hours a day, 6 days a week and for the past 15 months (past and current employers).

    typical customer's VPS plan: gameserver customer = $10 - 20/mo teamspeak customer = under $7/mo irc customer = under $5/mo vpn customers = under $5/mo (usually a company reselling OpenVPN servers) torrent customer = $5 - 10/mo range

    That's pretty much why companies don't deal with gameservers, teamspeak and irc/ircd customers because I've been lenient in the past with customers thinking it was a one time deal and less than 24 hours, sometimes even as less than 4 hours later, another DDoS attack comes in just as bad or even worse. If you guys only knew how it feels to have a 100Gbps attack hit a $20/mo customer then everything else you had to deal with such as your data center complaining, your network technicians paranoid of what is going to happen next, IPs nullrouted and that may need to be reissued not to mention nullrouted ones on already hard to get IP addresses but all of you would change your mind if you worked for a hosting company for awhile.

    PrismaVPS - Kansas City and Romania OpenVZ VPS Hosting. Plans start at $4/mo
    Thanked by 1djvdorp
  • I can (theoretically) understand banning irc servers, but why ban irc clients?

    Thanked by 1luxor
  • qjqqjq Member

    > op ban butthurt skid > skid whois op and get ip ddos, and vps node hosting the client dies some irc network do not have host cloak

  • About the same amount of fun as dealing with spam/DNS BLs: IRC network owners are just as bad to deal with to get unglined on large networks. Some customers may threaten to leave your company when they cannot connect to Freenode / EFNet / wherever because of a previously abusive customer.

    PrismaVPS - Kansas City and Romania OpenVZ VPS Hosting. Plans start at $4/mo
  • I must concur with @breton and have to add that at least Freenode allows host cloaks for irc clients so when properly configured the VPS address shouldn't be visible and will be unable to be DDOSed.

    Anyway I've never been DDOSed despite using irc for years so the irc client DDOS excuse seems a poor one to me.

Sign In or Register to comment.