Recent Posts
Archives

Archive for July, 2009

PostHeaderIcon DDoS, Hackers & You

July 15th, 2009

A popular topic going on all over the network in recent times, has been the increase in DoS activity against gamers. Another heavily discussed topic seems to be channel takeovers, or “hackings” as IRC users seem to refer to them as.

This article will cover both these topics, as well as provide some background information on what they involve and how to “protect” your self (protect being a loose term as there is not much to do once a DoS attack is initiated against you).

Distributed Denial of Service attacks (DDoS)
Most likely the most malicious of all acts on the Internet is the Denial of Service attack.
A DDoS is (as quoted from Wikipedia) defined in the following manner;

A “denial-of-service” attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service.

What does this involve?
In layman’s terms, it means that a host of infected computers/servers are being used to send a lot of data at your IP in an attempt to fill up your connection, if you’re receiving too much information you are unable to send/receive anything until it stops.

Although there’s not a lot you can do if you are being targeted, there are a few steps you can (and should) take to reduce the risk of ending on the receiving end of such malicious actions.

  1. Don’t go to random websites that you don’t trust.
  2. When joining voice servers (such as TeamSpeak, Ventrilo, Skype etc.), be aware that anyone with access will be able to get your IP.
  3. Be wary of phishing sites/links (such as popular sites like imageshack.us being linked with imageshack.tk).
  4. Don’t accept friend invitations on IM networks such as MSN, AIM or Yahoo unless you know beforehand who the individual adding you is.

For RuneScape players specifically; you should avoid clicking on links and going to unknown servers and similar while in danger zones.
You should also second guess links on forums as well as in chats, as you cannot always be sure where they may refer you. If possible use a service that lets you preview a website before visiting it, or use the Google site cache feature to check the site before visiting it.

Of course there is no way to protect your self 100% without disconnecting the modem and never going online at all, as all actions taken online sends your IP to a remote party of some kind.

What to do should you find your self being attacked?
There isn’t much to do except wait it out, although if you have no security on websites and the likes that limit logins to your IP address you may “end” it quicker by contacting your ISP (Internet Service Provider) and informing them of the situation, as they will know what to do in such situations and should be trained to handle it in an appropriate manner.

Channel Takeovers (”Hacks”)
This part of the article handles channel takeovers, as they are becoming more and more of a nuisance to network staff all over, as well as the channel owners who have been victimised by this.
First things first, the term “Hacking” has been heavily misused in such situations, again a quote from Wikipedia will hopefully make it a bit clearer what hacking really is

Hack has several related meanings in the technology and computer science fields. It may refer to a clever or quick fix to a computer program problem, or to what may be perceived to be a clumsy or inelegant (but usually relatively quick) solution to a problem. The term is also used to refer to a modification of a program or device to give the user access to features that were otherwise unavailable, such as DIY circuit bending.

The main focus of this part of the article will be on “do-s” and “don’t-s”  in channel management, as these takeovers are primarily based on poor channel management implementations from the beginning.

Let’s start with the most important, the DON’Ts

  • Do not disable the function called “secureops” set by services upon registering your channel.
  • You don’t need to give everybody that joins your channel access (We will go in depth on this later on).
  • The channel password is a last resort for the channel owner, this should NOT under ANY circumstances be handed out to other people.

And of course, here comes the DOs

  • Enable “signkicks” to let you know who is kicking/banning users
  • Enable “opnotices” to let you know who is setting/removing modes in your channel
  • You should set the modelock (mlock) in your channel to something sane (such as +rnt-ik)
  • Enable “securefounder” to stop anyone else from attempting to identifying as the channel owner

Of course these points are only guidelines and should not be seen as the only way of securing a channel.

Next part; Channel access.
It has become a custom to add everyone that joins your channel to some kind of access, we see a lot of channels that reward people with higher and higher access the more people they refer to the channel.
Although we appreciate your wish to make large communities and creating a fun place to hang out with your friends, this is not an ideal way of doing so.

Channel access should be appointed based on actual need, a good way of doing this is  is using the following layout:

OPs: 1/2/3/4/5
HalfOP: 2/4/6/8/10
Regulars: 4/8/12/16/20

As you can see, the amount grows exponentially, keeping the halfop count at double the OPs, and regulars at twice the halfops again. There are no voices added in this layout as voice is a relatively pointless mode in most cases (unless used in anti-spam situations).

Shared “ownerships” of a channel is something we also see quite often. Although it has often been advised to share your channel password in these situations, we do not endorse such actions, as they lead to large amounts of abuse. Instead we recommend adding whoever as a successor of your channel, and appointing them 9999 access (this is the highest possible access level that can be assigned to a nickname).

Following the above steps should keep your channel safe. This leaves just one more kind of “takeover” to deal with; akicks.

An akick (or auto kick) is set on a nickname or host in a channel as a means to keep them out even when no OPs or HalfOPs are available. This mode is often abused in “takeovers”, by automatically banning the hostmask *!*@* which bans all users in a channel.

If you find your channel banned, please do use the /cs akick list and /cs akick view #entrynum commands to see who set the akick, as well as to remove it.
If you have found an akick on this host, the channel founder can clear all bans on a channel using /cs clear #channel bans after removing the akick, and everyone will be able to join the channel again.

This concludes our quick runthrough of the current highlights within IRC (and to some degree, computer) security when using the SwiftIRC Network. Should you wish to add to your knowledge of network commands and how to efficiently run your channels and similar, check out the SwiftIRC WiKi or ask the SwiftIRC HelpBot.

Marius

5 Comments »
Categories
Links:
(c) 2010 SwiftBlog
All Rights Reserved.