[IRCServices] My ideas for WAKILL

calimonk calimonk at gmx.net
Thu Dec 12 11:10:01 PST 2002 

Hey everyone,

Just a brainstorm i had, here goes. (Excuse bad spelling i had a rough sleep)

WAKILL... What the hell is WAKILL you might ask, let me explain.

Recently i've noticed that 'standard' akills just won't be able to ban what 
we need, so i figured we need akills with 'more' or 'better' wildcards.

If not for instance, bots connect with QKGJLKSD, QKLGJLKE, QLKTEFDF, 
QGKLJEGS as ident and all random realname and nicknames, we can only put an 
akill on *Q*@* something which is generally not so great.

Now lets see what they have in common, they all start with teh letter Q and 
have a total of 8 characters, all upcase. Now if we could just add an akill 
as this:
*Q{7,CU}*@*

This would mean, akill all idents starting with a capital Q, and 7 
characters (7,C) after that and all UPPERCASE (U). Now i'm no real wizard 
with making new wildcards and stuff but i'm sure people have already made 
up things like this for other programming languages. With this method you 
could remove the bots you normally can't.

Another example

bots connect with the ident 1234567_, 6364356_, 9589435_ once again all 
random nickname and random nicknames and hosts.

New wakill way of banning this:
*{7,N(0-9)}_@*

Akill all hosts with numbers which have 7 Numeric characters in a row from 
the number 0 till 9. and a _ behind it.

These are ways that imho won't kill massive amounts of users like you would 
normally with for instance *~Q*@*, if the ident isn't resolved at these 
hosts adding a ~ at the beginning makes the chances of a real user having 
that exact mask near to 0%, chances of a user having an ident like 
~84235664_ at host.here is very small, however banning a host like this with 
*~{7,N(0-9)}_@* would remove all the bots you had that were for instance 
flooding.

The reason i call it WAKILL, is because it differs so much from real 
akills, i just figured WAKILL could mean something like Wildcard Akill.

I personally think this would be a real help on banning bots, with the 
current way akills work you can never effectively ban a bot that has a mask 
like
*<7 random numbers in a row here>@*

with the new way you would just do *{7,N(0-9)}@* and you've gotten rid of 
the bots.

This can be combined with Numeric, Characters or Alfa numeric characters of 
course, you could set a thing like

*{7,UC(A-F)}@* to for instance ban idents with 7 characters in a row 
differing from the letter A till the letter F, all being Uppercase.

I personally really don't feel users would be affected with this way of 
akilling but bots would get removed alot faster and easier. If a botnet 
with idents like the one i just said connect, with over 500 bots all random 
hosts, nicknames and realnames you can't effectively ban them at all. With 
this new way you can.

I hope you all get my point.

- CaliMonk

---------------------------------------
CaliMonk
Network Administrator
Axenet IRC Network
http://www.axenet.org
ICQ#: 12000049
MSN: calimonk at gmx.net
---------------------------------------