[IRCServices] Attacks on services

[Medice]

Ali Sor wrote:
>     # NSRegDelay <time>  [RECOMMENDED]
>     #     Sets the minimum length of time between consecutive uses of the
>     #     REGISTER command.  If not given, this restriction is disabled.
>     #
>     #     WARNING: Not setting NSRegDelay, or setting it too low, will not
>     #              only allow "registration flooding", but, if the
>     #              mail-auth module is also loaded, will also allow users
>     #              to abuse this command to send large quantities of mail
>     #              (mailbombs) to arbitrary users!
> 
>     # NSInitialRegDelay <time>  [OPTIONAL]
>     #     Sets the minimum length of time the user must be connected before
>     #     using the REGISTER command for the first time.  If not given,
>     #     this restriction is disabled.  This option can be helpful in
>     #     preventing malicious bots from flooding your network with
>     #     registrations.
> 
> Dont  those lines do that?
> Although these are for nick register command. 
> 
not really - if I'm right: this are settings concerning a single user - 
so it blocks several registrations by the same user in a short period, 
or it blocks registration for totally fresh users up to a certain time.
This is nothing which is preventing a botnet-cloneflood when every 
member of the attack is a single user on it's own and may handle like 
this...
best strategy might be finding out bad users at connection-time and 
remove them instantly - which needs a great deal of knowledge :(

greets
/medice