[IRCServices] Attacks on services

Andrew Church achurch at achurch.org
Thu Jul 29 09:49:36 PDT 2004


>it will be helpful a general limit for the register
>command for nicknames and channels?... something like
>this: X new registered nicknames and channels per X
>minute(s) are allowed.

     The problem with this, of course, is it enables denial-of-service
attacks: bring on X bots, have them each register their nick, and then
nobody can use REGISTER for the next Y minutes.  The bots don't even have
to stay online, making it harder to track them.

>i think an automatic temp ignore for flooding will also help.

     "Flooding", in the sense of "sending too much data for Services to
handle", is unfortunately not that easy to detect--it's largely dependent
on how powerful the machine running Services is.  Services already has an
ignore system (as could have been seen from the log originally posted), but
I'm not at all sure of its effectiveness.

  --Andrew Church
    achurch at achurch.org
    http://achurch.org/