IRC Bot attacks and what to do against it

Talk about pretty much anything here, but DO NOT USE FOR SUPPORT.

Moderator: Supporters

Post Reply
HeXiLeD
Posts: 25
Joined: Mon Jan 16, 2017 8:07 pm
Location: online

IRC Bot attacks and what to do against it

Post by HeXiLeD » Fri Jun 02, 2017 4:18 pm

If you have been around irc for a while, you have seen a bot attack of some sort.

I though about opening a topic here to discuss what do we do to prevent, deter, slowdown and or stop these attacks and what are your common practices for such.

Questions:

1: Is your network public/known listed on irc search engines ?

2: Do you allow insecure connections ie: non-ssl ?

3: How many connections per/ip (non-ssl & ssl) ?

4: Do you allow bots ? If yes which type and under what rules.

5: Do you run hidden services ? If so how to do you control potential bot attack ?

6: Do you allow proxies ? Yes? No ? Protective and or control measures ?

The Evolution of Malicious IRC Bots - Symantec
Constructive criticism leads to evolution and progress. Negative criticism leads to obsolescence. We should not be living in 1990s irc management & developing standards just because it was cool.

rcschaff
Posts: 52
Joined: Sun Jan 15, 2017 5:06 pm

Re: IRC Bot attacks and what to do against it

Post by rcschaff » Tue Jun 06, 2017 3:49 am

1: Is your network public/known listed on irc search engines ?
- Yes
2: Do you allow insecure connections ie: non-ssl ?
- Yes
3: How many connections per/ip (non-ssl & ssl) ?
- 3/ip with exceptions
4: Do you allow bots ? If yes which type and under what rules.
- Depends. We do have some bots, but restrict usage by version reply
5: Do you run hidden services ? If so how to do you control potential bot attack ?
- Nope. Just standard Anope
6: Do you allow proxies ? Yes? No ? Protective and or control measures ?
- Only secured proxies, that have been verified with our administration team.

floffy
Posts: 39
Joined: Tue May 05, 2015 9:55 pm

Re: IRC Bot attacks and what to do against it

Post by floffy » Mon Jun 12, 2017 1:23 pm

HeXiLeD wrote:
Fri Jun 02, 2017 4:18 pm
If you have been around irc for a while, you have seen a bot attack of some sort.

I though about opening a topic here to discuss what do we do to prevent, deter, slowdown and or stop these attacks and what are your common practices for such.

Questions:

1: Is your network public/known listed on irc search engines ?

2: Do you allow insecure connections ie: non-ssl ?

3: How many connections per/ip (non-ssl & ssl) ?

4: Do you allow bots ? If yes which type and under what rules.

5: Do you run hidden services ? If so how to do you control potential bot attack ?

6: Do you allow proxies ? Yes? No ? Protective and or control measures ?

The Evolution of Malicious IRC Bots - Symantec
I use Unrealircd, Question :
1- Yes
2- Yes
3- 3
4- Yes
5- Yes, some security build in unreqal does the job , i see sometime and unreal take care , i never get ddos
6- No

daldal
Posts: 2
Joined: Mon Jul 17, 2017 10:06 am
Location: Soho, London

Re: IRC Bot attacks and what to do against it

Post by daldal » Mon Jul 17, 2017 10:23 am

What are the pros of using bots?
To want to, is to be able to.

rcschaff
Posts: 52
Joined: Sun Jan 15, 2017 5:06 pm

Re: IRC Bot attacks and what to do against it

Post by rcschaff » Tue Jul 18, 2017 3:43 pm

daldal wrote:
Mon Jul 17, 2017 10:23 am
What are the pros of using bots?
There are no pro's to using bots. But people connect bots to networks. They are known as botnets. Some are used to DDoS servers. Some are use for File sharing. There's many "Uses" for them, most not legal. So the question is how to deal with them.

CrazyCat
Posts: 51
Joined: Thu Apr 28, 2005 1:05 pm
Location: France
Contact:

Re: IRC Bot attacks and what to do against it

Post by CrazyCat » Fri Aug 11, 2017 7:07 am

1: Is your network public/known listed on irc search engines ?
Yes

2: Do you allow insecure connections ie: non-ssl ?
Yes

3: How many connections per/ip (non-ssl & ssl) ?
3

4: Do you allow bots ? If yes which type and under what rules.
Yes. No real rules nor filtering of type, most are eggdrops

5: Do you run hidden services ? If so how to do you control potential bot attack ?
I just use Anope, with tne module dnsbl

6: Do you allow proxies ? Yes? No ? Protective and or control measures ?
No particular check, but dnsbl blocks insecure proxies.
And I add a global protection on my server to block ToR (using iptables) and some countries.
I'm currently Image

Post Reply