Login
Login

IRC flood#Types of floods

{{Short description|Denial-of-service attack on Internet chat}}

{{Cleanup rewrite|date=January 2012}}

Internet Relay Chat Flooding/Scrolling on an IRC network is a method of disconnecting users from an IRC server (a form of Denial of Service), exhausting bandwidth which causes network latency ('lag'), or just disrupting users. Floods can either be done by scripts (written for a given client) or by external programs.

History

The history of Internet Relay Chat flooding started as a method of taking over an IRC channel from the original founders of the channel.

The first attacks generally used a modified IRC client or an application to flood a channel or a user.

Later they started to be based on bots and scripts.

This later moved on to starting IRC-based botnets which were capable of DDoS and IRC floods.

Types of floods

File:IRC flooding.PNG" several hundred times]]

=Connect flood=

Connecting and disconnecting from a channel as fast as possible, therefore spamming the channel with dis/connect messages also called q/j flooding.

=CTCP flood=

Since CTCP is implemented in almost every client, most users respond to CTCP requests. By sending too many requests, after a couple of answers they get disconnected from the IRC server. The most widely used type is CTCP PING, although some clients also implement other CTCP replies.

=DCC flood=

This type consists of initiating many DCC requests simultaneously. Theoretically it can also be used to disconnect users, because the target client sends information back about what port is intended to be used during the DCC session.

=ICMP flood=

Typically referred to as a ping flood. This attack overloads the victim's internet connection with an amount of ICMP data exceeding the connection's capacity, potentially causing a disconnection from the IRC network. For the duration of the attack, the user's internet connection remains hindered. Technically speaking, this is not an IRC flood, as the attack itself doesn't traverse the IRC network at all, but operates entirely independent of anything but the raw internet connection and its IP protocol (of which ICMP is a subset). Even so, the actual IP address to flood (the address of the victim's connection) is frequently obtained by looking at the victim's user information (e.g. through the /whois or /dns command) on the IRC network.

=Invite flood=

Sending disruptive numbers of invites to a certain channel.

=Post flood=

This is the simplest type of IRC flooding. It involves posting large numbers of posts or one very long post with repetitive text. This type of flood can be achieved, for example, by copying and pasting one short word repeatedly.

File:Private message flood 2006 freenode.PNG

=Message flood=

Sending massive numbers of private messages to the victim, mainly from different connections called clones (see below). Since some clients separate the private conversations into another window, each new message could open a new window for every new user a message is received from. This is exploitable by sending messages from multiple names, causing the target client to open many new windows and potentially swamping the user with boxes. Sometimes the easiest way to close all the windows is to restart the IRC client, although scripts (client extensions) exist to 'validate' unknown nicknames before receiving messages from them.

=Notice flood=

Similar to the message, but uses the "notice" command.

=Nick flood=

Changing the nick as fast as possible, thus disrupting conversation in the channel.

See also

References

{{More footnotes|date=May 2009}}

{{Reflist}}

{{Refbegin|2}}

  • {{cite web

|url = http://irc.carnet.hr/docs/docs/primer.txt

|title = A short IRC primer

|access-date = 2009-05-25

|last = Pioch

|first = Nicolas

|date = 1993-02-28

|archive-url = https://web.archive.org/web/20090814234709/http://irc.carnet.hr/docs/docs/primer.txt

|archive-date = 2009-08-14

}}

  • {{cite web

|url = http://irc.carnet.hr/docs/docs/abuse.txt

|title = Logging and Reporting IRC Abuses

|access-date = 2009-05-25

|archive-url = https://web.archive.org/web/20090815124832/http://irc.carnet.hr/docs/docs/abuse.txt

|archive-date = 2009-08-15

}}

  • {{cite web

|url = http://irc.carnet.hr/docs/docs/opersguide.txt

|title = IRC Operators Guide

|access-date = 2009-05-25

|last = Brinton

|first = Aaron

|date = August 1997

|archive-url = https://web.archive.org/web/20090814234703/http://irc.carnet.hr/docs/docs/opersguide.txt

|archive-date = 2009-08-14

}}

  • {{cite web

|url = http://irc.carnet.hr/docs/docs/opermyth.txt

|title = The myths of opers....

|access-date = 2009-05-25

|last = Powers

|first = Ray

|date = 1998-07-30

|archive-url = https://web.archive.org/web/20090815124846/http://irc.carnet.hr/docs/docs/opermyth.txt

|archive-date = 2009-08-15

}}

  • {{cite ietf

| last = Reed

| first = Darren

|date=May 1992

| title = A Discussion on Computer Network Conferencing: 5.2.6 Network Friendliness

| rfc = 1324

| publisher = IETF

| url = http://tools.ietf.org/html/rfc1324#section-5.2.6

| access-date = 2009-05-25

}}

  • {{cite ietf

| last = Oikarinen

| first = Jarkko

| author-link = Jarkko Oikarinen

|author2=Reed, Darren

|date=May 1993

| title = Internet Relay Chat Protocol: 8.10 Flood control of clients

| rfc = 1459

| publisher = IETF

| url = http://tools.ietf.org/html/rfc1459#section-8.10

| access-date = 2009-05-25

}}

  • {{cite ietf

| last = Kalt

| first = Christophe

|date=April 2000

| title = Internet Relay Chat: Server Protocol: 5.8 Flood control of clients

| rfc = 2813

| publisher = IETF

| url = http://tools.ietf.org/html/rfc2813#section-5.8

| access-date = 2009-05-25

}}

  • {{cite book

| last = Mutton

| first = Paul

| title = IRC Hacks

| edition = 1st

| date = 2004-07-27

| publisher = O'Reilly Media

| location = Sebastopol, CA

| isbn = 0-596-00687-X

| pages = 302, 98, 134, 170–172, 268–269, 300

}}

  • {{cite book |last = Grimes

|first = Roger A.

|title = Malicious Mobile Code: Virus Protection for Windows

|date = August 2001

|publisher = O'Reilly Media

|location = Sebastopol, CA

|isbn = 1-56592-682-X

|pages = [https://archive.org/details/maliciousmobilec00grim/page/188 188, 239–240, 242–243]

|url = https://archive.org/details/maliciousmobilec00grim/page/188

}}

  • {{cite book

| last = (anonymous)

| title = Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network

| date = June 1997

| publisher = SAMS Publishing

| isbn = 1-57521-268-4

| pages = [https://archive.org/details/maximumsecurityh00anon/page/140 140–141]

| url = https://archive.org/details/maximumsecurityh00anon/page/140

}}

  • {{cite book

| last = Crystal

| first = David

| title = Language and the Internet

| url = https://archive.org/details/languageinternet00crys_700

| url-access = registration

| edition = 2nd

| date = 2006-09-18

| publisher = Cambridge University Press

| isbn = 0-521-86859-9

| page = [https://archive.org/details/languageinternet00crys_700/page/n173 160]

}}

  • {{cite book |last = Rheingold

|first = Howard

|title = The Virtual Community: Homesteading on the Electronic Frontier

|edition = 1st

|date = October 1993

|publisher = Basic Books

|isbn = 0-201-60870-7

|page = [https://archive.org/details/virtualcommunity00rhei/page/185 185]

|url = https://archive.org/details/virtualcommunity00rhei/page/185

}}

  • {{cite book

| last = Surratt

| first = Carla G.

| title = Netaholics?: The Creation of a Pathology

| date = 1999-08-01

| publisher = Nova Science Publishers

| location = Hauppauge, New York

| isbn = 1-56072-675-X

| page = 156

}}

  • {{cite book

| editor1-last = Gibbs

| editor1-first = Donna

| editor2-last = Krause

| editor2-first = Kerri-Lee

| title = Cyberlines 2.0: Languages and Cultures of the Internet

| edition = 2nd

| date = 2006-06-01

| publisher = James Nicholas Publishers

| isbn = 1-875408-42-8

| pages = 270–271

}}

  • {{cite book

| last1 = Piccard

| first1 = Paul

| last2 = Baskin

| first2 = Brian

| last3 = Edwards

| first3 = Craig

| last4 = Spillman

| first4 = George

| editor1-last = Sachs

| editor1-first = Marcus

| editor1-link = Marcus Sachs

| others = foreword by Kevin Beaver

| title = Securing IM and P2P Applications for the Enterprise

| edition = 1st

| date = 2005-05-01

| publisher = Syngress Publishing

| location = Rockland, Massachusetts

| isbn = 1-59749-017-2

}}

  • {{cite book

| last1 = McClure

| first1 = Stuart

| last2 = Scambray

| first2 = Joel

| last3 = Kurtz

| first3 = George

| title = Hacking Exposed 5th Edition: Network Security Secrets And Solutions

| edition = 5th

| date = 2005-04-19

| publisher = McGraw-Hill Professional

| location = New York, New York

| isbn = 0-07-226081-5

| pages = 494–497

}}

  • {{cite book

| last1 = Scambray

| first1 = Joel

| last2 = Shema

| first2 = Mike

| last3 = Sima

| first3 = Caleb

| title = Hacking Exposed: Web Applications

| edition = 2nd

| date = 2006-06-05

| publisher = McGraw-Hill Professional

| location = New York, New York

| isbn = 0-07-226299-0

| pages = 370–373

}}

  • {{cite book

| editor1-last = Tipton

| editor1-first = Harold F.

| editor2-last = Krause

| editor2-first = Micki

| title = Information Security Management Handbook

| edition = 5th

| volume = 2

| date = 2004-12-28

| publisher = Auerbach Publications

| isbn = 0-8493-3210-9

| page = 517

}}

  • {{cite book

| editor1-last = Tipton

| editor1-first = Harold F.

| editor2-last = Krause

| editor2-first = Micki

| title = Information Security Management Handbook

| edition = 6th

| date = 2007-05-14

| publisher = Auerbach Publications

| isbn = 978-0-8493-7495-1

| author = Harold F. Tipton, Micki Krause.

}}

  • {{cite book

| last = Maynor

| first = David

|author2=James, Lance |author3=Spammer-X |author4=Bradley, Tony |author5=Thornton, Frank |author6=Haines, Brad |author7=Baskin, Brian |author8=Bhargava, Hersh |author9=Faircloth, Jeremy |author10=Edwards, Craig |author11=Gregg, Michael |author12=Bandes, Ron |author13=Das, Anand M. |author14=Piccard, Paul

| title = Emerging Threat Analysis: From Mischief to Malicious

| url = https://archive.org/details/syngressforceeme00greg_378

| url-access = registration

|date=November 2006

| publisher = Syngress Publishing

| location = Rockland, Massachusetts

| isbn = 1-59749-056-3

| page = [https://archive.org/details/syngressforceeme00greg_378/page/n200 170]

}}

  • {{cite book

| last = Bidgoli

| first = Hossein

| title = The Internet Encyclopedia

| url = https://archive.org/details/internetencyclop00bidg

| url-access = registration

| edition = 1st

| date = 2003-12-23

| publisher = John Wiley & Sons

| location = Hoboken, New Jersey

| isbn = 0-471-22201-1

| pages = [https://archive.org/details/internetencyclop00bidg/page/n239 209], 213

}}

  • {{cite book

| last1 = Northcutt

| first1 = Stephen

| last2 = Novak

| first2 = Judy

| title = Network Intrusion Detection

| edition = 3rd

| date = 2002-09-06

| publisher = SAMS Publishing

| isbn = 0-7357-1265-4

}}

  • {{cite book |last1 = Douligeris

|first1 = Christos

|last2 = Serpanos

|first2 = Dimitrios N.

|title = Network Security: Current Status and Future Directions

|date = 2007-06-15

|publisher = John Wiley & Sons

|location = Hoboken, New Jersey

|isbn = 978-0-471-70355-6

|url = https://archive.org/details/networksecurityc00doul

}}

  • {{cite book

| last1 = Skoudis

| first1 = Ed

| last2 = Liston

| first2 = Tom

| title = Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses

| edition = 2nd

| date = 2006-01-02

| publisher = Prentice Hall

| isbn = 0-13-148104-5

}}

  • {{cite book

| last1 = King

| first1 = Todd

| last2 = Tittel

| first2 = Ed

| last3 = Bittlingmeier

| first3 = David

| title = Security+ Training Guide

| date = 2003-04-06

| publisher = Que Publishing

| isbn = 0-7897-2836-2

}}

  • {{cite book

| last1 = Baskin

| first1 = Brian

| last2 = Bradley

| first2 = Tony

| last3 = Faircloth

| first3 = Jeremy

| last4 = Schiller

| first4 = Craig A.

| last5 = Caruso

| first5 = Ken

| last6 = Piccard

| first6 = Paul

| last7 = James

| first7 = Lance

| editor1-last = Piltzecker

| editor1-first = Tony

| title = Combating Spyware in the Enterprise

| edition = 1st

| date = 2006-09-19

| publisher = Syngress Publishing

| location = Rockland, Massachusetts

| isbn = 1-59749-064-4

| page = 19

}}

  • {{cite book

| editor1-last = Höök

| editor1-first = Kristina

| editor2-last = Benyon

| editor2-first = David

| editor3-last = Munro

| editor3-first = Alan J.

| title = Designing Information Spaces: The Social Navigation Approach

| edition = 1st

| date = 2003-01-31

| publisher = Springer Science+Business Media

| location = Germany

| isbn = 1-85233-661-7

| page = 266

}}

  • {{cite book

| last1 = Schiller

| first1 = Craig A.

| last2 = Binkley

| first2 = Jim

| last3 = Harley

| first3 = David

| last4 = Evron

| first4 = Gadi

| last5 = Bradley

| first5 = Tony

| last6 = Willems

| first6 = Carsten

| last7 = Cross

| first7 = Michael

| title = Botnets: The Killer Web App

| url = https://archive.org/details/botnetskillerweb00schi

| url-access = registration

| date = 2007-02-15

| publisher = Syngress Publishing

| location = Rockland, Massachusetts

| isbn = 978-1-59749-135-8

| page = [https://archive.org/details/botnetskillerweb00schi/page/n97 80]

}}

{{Refend}}

External links

  • [http://www.mircscripts.com mIRC script database]
  • [https://web.archive.org/web/20050120085737/http://www.irchelp.org/irchelp/mirc/flood.html Flood protection and ignoring information]

{{IRC topics}}

Flood