Zave's Irc War Explanation And Defense Explanation

Mirc War Explanation

Hallo. Good Day to you
I would like to explain several of the war techniques that people adopt in IRC to control and disrupt the peace of a channel. Please sign in my guestbook or drop me a mail involving any questions or comments. Remember, all the information here are for educational purposes only and if you use them against any users and get k-lines, g-lines or any trouble, it got nothing to do with me.
They are as follow :

Ctcp Floods
Dcc Floods
Text Floods
Icmp Unreachable Nuke
Out of Bound Nuke
Netsplit & Netmerge
Channel Takeover

Of course there are ways to stop this people that stop you from enjoying your peace while chatting with your friends. They are as follow :

Detecting Nukes
Stopping Nukes
Detecting Floods
Stopping Floods
Protecting your operator status
Explanation of scripts
Links for you to get your IRC wars and defense scripts or programs.

War Section Ctcp Floods Ctcp Floods are floods that make use of ctcp commands. Ctcp commands are commands that allow you to check out the info of another user in IRC. On normal situations, the latter would reply automatically with a ctcp reply. Therefore take a look at the diagram below :

You ----- Ctcp Command ----- Server ----- Latter
Latter ----- Ctcp Reply ----- Server -----You
(This is a normal ctcp proccess)

On a normal server, when you send too much info to it (normally 300 at most) at a time. The server would exit you with a reason : Excess Flood. Therefore, on Ctcps Flood, the main objective is to flood your enemy out by forcing him to send many information to the server at one time. The Ctcp Reply is considered as sending data to the server. Therefore, if you keep on Ctcp Commanding the latter, the latter will keep on sending information back to you. If he sends too much information before the server can proccess them. The server would exit the latter out. And this is considered as a successful flood.
However, often it is not so easy to flood a person out with you alone as you would also be sending information (the Ctcp Command) to the server and you would often be flooded out first before the latter gets flood out. Therefore to effective flood a person out without your self get flooded out, the next thing would be : LOADING A CLONE.

Basically loading a clone means starting another program of your IRC client. And if you can ask your clone(s) to flood the latter simultaneosly with you, or your clone(s), it would be much easier as the process of sending data to the server is now equally distributed among you and your clones. The diagram below is an example :

You       ----- Ctcp Command ----- Server ----- Latter
Clone     ----- Ctcp Command ----- Server ----- Latter
Clone(2) ----- Ctcp Command ----- Server ----- Latter
Latter     ----- Ctcp Reply       ----- Server ----- You
Latter     ----- Ctcp Reply       ----- Server ----- Clone
Latter     ----- Ctcp Reply       ----- Server ----- Clone(2)
Server    ----- Exits Latter (Excess Flood)

Therefore in the above diagram it is actually 1 against 3 in the Ctcp Flood War.
If you have a flood script, you can assign your clone to automatically flood the latter without you having to do it manually.

DCC Flood Basically a DCC flood is done by DCC chatting, or sending to someone repeatedly. This is done by a clone script or a clone program. If the DCC flood is successful, the latter would have multiple DCC chat windows open and would be flooded out. If not the person would have a hard time closing all the windows. There might be a chance that the IRC client would be hanged too. Text Flood Text Flood is one of the most useless flood as modem speeds are getting more effiency nowadays. Lagging is seldom present and therefore text flood is not that easy. Basically a text flood is done by loading multiple clones and typing lines and lines of ascii characters into the latter's private chat window all at one time. A script would allow this work easier. If you know a person is lagging extremely (type /ctcp nick ping, and wait for the reply, a reply over 10 seconds is an extreme lag), it would be easier to flood the person out. As I had said before, if the server recieved too much info from a user, it would exit the user, so vice-versely, if the server had to send much info to the user, it would exit the user too. Therefore if the latter is lagging, you juz have to type multiple sentence of words into the person's chat window and when the latter receives the info latter, it would be expelled from the server for excess flood. ICMP Unreacheable Nukes ICMP Unreacheable Nuke is a program that sends info to a server that tells the server that the user is already disconnected from the server. Thus the server would automatically exit the user while actually the user is still online. However, for this nuke to succeed, the nuking would have to hit the correct port that the user is connected to the server. There are 2 different nukes. One is the nuke to server and the other is the nuke to client. Both can work as well. In the server section put in the address of the server. For eg : Bestweb.galaxynet.org.sg. For the client put in the users address or IP, for example do a /whois nick. The @this.is.the.address would be the thing to enter into the client section. Or else type /dns nick and find the ip address. Both would have the same effect.
WARNING : NUKING IS CONSIDERED ILLEGAL AND THIS SECTION IS SOLELY FOR EDUCATIONAL PURPOSES. Out Of Bound Nukes Out Of Bound Nukes , commonly known as OOB nukes, is done by sending a crash to a Win95, WinNT, and Win3.11(Less Common)system. The system registry of the windows operating system has a bug that does not know how to manage this crash. Therefore the system would go haywire and all communications would be cut off. A blue screen would often show upon the nuking saying that a fatal error had occured. A warm/cold boot would set things well again.
WARNING : NUKING IS CONSIDERED ILLEGAL AND THIS SECTION IS SOLELY FOR EDUCATIONAL PURPOSES.
Netsplit and Netmerge When two or more servers of a net stops commuicating for whatever reasons, a netsplit occurs. Normally the most obvious sign is when a large number of users suddenly exit without any reasons. If you are lucky enough, you would be the only one left in the channel. This is when you can get operator status. Therefore when a netsplit occurs, part the channel. Then rejoin it. Upon rejoining if you are the only person, you will get operator status. At this point it would be best to load a clone and give it operator status as most channel services would deop you upon a net merge. When the net merges together again(many users suddenly join the channel), you would have your operator status and be free to do what you want to do with the users of the net. Channel Takeover A channel takeover occurs when you becomes the sole op of a channel with the rest of the users being normal users. Normally, this could be done by the following ways :
1) Asking for ops from another operator and deop everybody once you get your op status.
2) Make use of a netsplit and netmerge to get operator status and deop everybody.
3) During a netsplit if there is still another user left, icmp or oob nuke the user out.
The above actions would be best suitable when the channel service is not around for what ever reasons. Basically I do not encourage channel takeovers and if you get k-lined or g-lined or any trouble it would get nothing to do with me.

Defense Section

Detecting Nukes Basically nukes of all kinds could be detected by downloading many programs that is available all around on the world wide web. I recommand using Nuke Nabber. Once you detect a nuke and know the person's IP address. You can lodge a complain to the server or your local governing laws(depending on your local laws). Remember, never nuke the person back. Nuking is ILLEGAL! Stopping Nukes Nukes could be stopped by downloading patches all around the world wide web. However for ICMP nukes, the is basically no defense,. however you can prevent nukes by joining a port with multiple ports and connecting to a port other than 6667. If you have a firewall, log in behind that firewall. In this way, the nuker would not know what is your real address and unable to perform a nuke. For nukes that send a crash to your system registry, you should download patches from either the Microsoft Homepage or other places that offer them. Detecting Floods Floods could be detected from by using a script. By adding a counter to your script when ever some one do a ctcp command on you, it would be easy to detect a flood when a person repeatedly send info to you. Stopping Floods Floods could be stop by ignoring a person that is detected flooding you. Next choose a non-lagged server. Upgrading to a faster modem is also advised. Protecting your operator status Protecting an op status often requires the user of a clone or more. Normally, this clone would protect you. That is when someone kick or ban you, your clone would rekick the person and op you back. And if someone deop your clone, you would protect your clone the other way. In this way you would be interprotected. Loading a clone would also help in preventing channel takeovers with a suitable script as if one person trys to mass-deop and if your script detects it, your clone or u will deop that person before he/she can mass deop everybody. What are scripts? Scripts is actually a list of IRC commands that is grouped together like a program for automatation procedure when you are not around or not noticing. It can protect you automatically and and ease many functions with just a click of the mouse. I personally promote the use of Armor. It is a very good defense script with many flood protections.

Links To Places for Irc war and Defense programs and scripts

This page would be upgraded soon and is still under construction.
Zave '98

Back to Zave's Fun Page