DoS UnrealIRCD 3.2.3

These are old archives. They are kept for historic purposes only.
Post Reply
mus3na
Posts: 25
Joined: Sun Apr 10, 2005 9:53 am

DoS UnrealIRCD 3.2.3

Post by mus3na »

Hello, i just need some advice from experiance ircd operator. I having a problems with my network, there are some person who declaring war agains my network and they able to flood my server. Unreal IRCd not crash but all user got ping time out (PTO). i try quite lot of setting in ircd.conf but none able to solve this problems.

if this person not logged to my server, the network seem verry stable for a long period, but once they log in, all client start to pto. during this time, my internet upload utlization reach 100%.

is there a way to preventing this type of attact, or any tips for me to improve my network stability.

thanks in advance.
Solutech
Posts: 296
Joined: Thu Mar 18, 2004 11:38 pm

Post by Solutech »

In order to better give advice you wil need to tell us how these attacks happen . Flooding and DOS are different things . What exactly is the attacker doing , Is he utilising clones for example .
Yawn. So there's yet another "if the user clicks the button, they're infected" exploit. Why is this news? We already know users are idiots.
mus3na
Posts: 25
Joined: Sun Apr 10, 2005 9:53 am

Post by mus3na »

he do not used clone. he just came in, put some bad word on channel (#Help), then after few minutes, other user start pto. except myself who connecting through local pipe.
Solutech
Posts: 296
Joined: Thu Mar 18, 2004 11:38 pm

Post by Solutech »

ok so he is not cloning , is he flooding the system with commands or plain text . If its text then your flood settings need to be altered . when you say he put a bad word in #help what do you mean .
Yawn. So there's yet another "if the user clicks the button, they're infected" exploit. Why is this news? We already know users are idiots.
static-x
Posts: 28
Joined: Sat Jul 23, 2005 2:43 am

Post by static-x »

get a proxy detector edit the file include/config.h


*
* CLIENT_FLOOD
*
* this controls the number of bytes the server will allow a client to
* send to the server without processing before disconnecting the client for
* flooding it. Values greater than 8000 make no difference to the server.
* NOTE: you can now also set this in class::recvq, if that's not present,
* this default value will be used.
*/
#define CLIENT_FLOOD 8000

or edit this in your unrealircd config

class clients {
pingfreq 90;
maxclients 500;
sendq 10000000;
recvq 8000; <<<<<<<<<<< that 3000 or so
};
Qick_Silver
Posts: 4
Joined: Sun Jan 29, 2006 3:45 am

Post by Qick_Silver »

sounds like this thing i read about, something like a fuzzer, sends bad code but the program thinks it's good and eventually it breaks. that's just a theory so don't go all "that is not possible" on me, anyways i'm just stopping by for this one time until they answer my question.
Jason
Posts: 570
Joined: Mon Jun 14, 2004 5:09 pm

Post by Jason »

We are going that is not it to certain types of attacks. This allows us to narrow down the possibilities of what you are experiencing and give you better information on how to deal with it.

Personally, I think you are being DDoS packeted. Get a new IP. How to do this depends on your ISP.
Why the hell can't my signature be empty?
"Your message contains too few characters."
Post Reply