Documents Project
The Documents Project, formerly known as Doco-Com, is responsible for creating and maintaining useful resource documentation for the Undernet community. Both new and experienced IRC users will find information here on everything from downloading an IRC client to explanation of the various protocols.
Posted on 2nd Jan 2020 14:52:49 in Historical Docs
What is a flood? CHANNEL TEXT FLOODS: multiple lines of text sent to the channel chat window, usually considered a flood if over about 5 lines. FORMAT FLOODS: With the advent of mIRC 4.7, Color Floods and other Format floods are becoming more common (both accidentally and intentionally). OkeyDokey has developed an excellent discussion and FloodPro advice for these, and I include it here. okeydokey's Format Flood Protection v1.2 Format flooding is upon us with the new color/bold/underline/ reverse text formatting enabled by mIRC 4.7. The following provides you with protection from both the eyesore of frenzied multi-coloring, and the malicious use of control codes for flooding purposes. Below is the alias definition: put it in your aliases section. Attach to any flood protect lines in your Events chk^ alias command. Minimally, add /chk^ to your default level ON TEXT and ON ACTION flood protect lines. The alias, if the format flood protect switch is on: Once you get a 'feel' for the number of codes carried by formatted messages, you can remove the echo advising you of the control code: Put this in your popups for easy switching of the format flood protection: After installing, be sure to initialize the script by choosing "Reset." Color controls count for 2 to 3 control codes, depending on the color. I suggest you start with a sensitivity of 20 (the default), run it for a while, and adjust it accordingly. If you don't like watching colors, then /strip +c will prevent the display of incoming colors; I included a popup command to make it easy. You will still see your own, and will still be able to send color-formatted text. The Format flood protection will continue to protect you from other excess formatting, including alternating bold/unbold floods. These floods can slow screen display considerably, and can impair your cpu's ability to process other tasks, if you are on a slow system. NUKES: another class of Denial of Service attacks (the formal terminology for any action by a user attempting to block or disconnect your system from the Internet) include, but are not limited to, the following: Flood Protection You can /silence -*!*@* to turn off the global silence of CTCP later when the flooder has stopped. Set it up as another alias if you want. But beyond that, there is also a second effective step to take. Whenever a user floods you or otherwise is abusive beyond simple rudeness, you should contact their Service Provider (e-mail webmaster@domain -- example: webmaster@concentric.net) and give the the userid@port.domain (from a /whois) of the offensive users together with the date and the exact time (together with timezone) that the abuse took place. This information is sufficient for the Provider to cross-check against their own logs and identify the exact users that are the cause of the problem (even if they use a fake userid). Summarize the problem (and include a log of it if you can). Request that the provider remove the account of the abusive user. Most providers will be reluctant to do so at first, but be firm, polite, and persistant. Remind them that abuse of bandwidth is costly and may result in the entire provider's site being globally k:lined (banned) from all IRC servers. Also remind them that CTCP and ICMP flooding are "denials of service" and are expressly forbidden under Internet guidelines. These simple techniques are all any user needs to defend against most flooders. You should also set your DCC file get to "auto refuse" when you see a flood attack start. New CSCPAC Available! Script Examples Remember -- you should never run a script you didn't write yourself, or at least run one in which you understand every line of code. The only exception should be the officially approved UUS scripts available from HelpBot and ircIIHelp. [Commands] Next, here are some alias key setups (from Tools/Aliases): Some suggested #channel settings to help avoid flooders, especially clonefloods: Here are some additional suggestions provided by other users: It ignores everyone after a CTCP, sends an /away msg to the server so that the server can reply to the user CTCP'ing when a limit is in place, so the server does the work, NOT the user. =) A timer is activated and the person who was CTCP'd turns the /away msg off after 25 seconds. Therefore, the MOST that can happen in 25 seconds is: Also, a handy popup to have is: Note from NudeDude: /ignore only works against CTCP in mIRC versions 4.0 and higher. It is a "client" level command and therefore still allows the CTCP info requests to reach you; it just stops the automatic CTCP reply by your client. Also, the global /ignore *!*@* in this particular example will shut off all channel text from reaching your for 25 seconds each time someone sends any CTCP to you.
Good question. Flood attacks are unfortunately not a rare enough occurrence on the Undernet. Flooding comes in several varieties, including:
NICK FLOODS: changing nicks over and over rapidly causing the channel window to be flooded with nick change notices. Recent versions of ircd (the software that links IRC servers together into a net) have limited the number of nick changes possible by a user within a short time so as to effectively end this form of flood.
FLASH FLOODS: these are when a user on a shell (Unix) account sends a command code that causes the other shell (Unix) users on the channel to have their screen codes reset so that it becomes unreadable. You can protect against it by typing "mesg n" (no quotation marks) at the shell prompt before running IRC. This will stop anyone from resetting your screen codes while you are on IRC.
DCC FLOODS: attempts to send rapid and massive amounts of DCC chat requests and/or files to you. It is also possible to have your system overwhelmed by DCC text dump to you from a fast shell connection. The symptoms of that are to open a DCC chat and find your chat window filled with scrolling text characters and your system unable to respond to anything you do.
CTCP FLOODS: where a user rapidly sends CTCP info requests to you. These are usually in the form of /ping, /version, /time, etc. Most client programs are setup to automatically respond to such requests by sending back the requested info. Therefore, your own system rapidly exceeds its sendq buffer allowance and causes you to disconnect. This is why the CTCP flood is the most troublesome for you. The other floods are annoying, but do not usually cause disconnects (with their associated loss of presence -- and therefore ops) on your channel.
ICMP FLOODS: these floods are initiated when a user sends a huge series of data packets that directly attacks your winsock (or other dialer). The ICMP sends a series of ping packets directly to your dialer (bypassing your client program) and keeps it busy so that it isn't able to reply to server ping activity requests. The result is that the server thinks you've left and your connection eventually times out and disconnects. You will notice abundant activity in your modem lights if someone is ICMP-flooding you. If you use a winsock dialer that has IP tracing capability enabled, your winsock will display a log of the actual ICMP flood. A shareware program called netXray is available for use in Win95 that can do the same thing (and more). Other packet sniffers are also available. For more info on using firewalls, join #ICMP or ask your service provider for information for configuring your clients to connect to a firewall on the ISP's server.
LOCAL PORT FLOODS: mIRC has a bug in it that makes it possible for someone to flood your modem or printer port. I won't go into just how it's done, since it's too easy and I don't teach abuse, only how to prevent it. To correct the bug, add the following to your permanent ignore list by typing in at the command line:/ignore -p com1*!*@*
/ignore -p com2*!*@*
/ignore -p com3*!*@*
/ignore -p com4*!*@*
/ignore -p prn!*@*
/ignore -p lpt!*@*
chk^ if %ctrlchk = ON
{ if $strip($parms) != $null
{ echo $chan %diff control codes } | if ( %diff > %max^codes )
{ ignore -u20 $wildsite | raw mode $chan +b $wildsite
| raw kick $chan $nick :excessive formatting
| timer 1 300 raw mode $chan -b $wildsite
| unset %diff } | if (( 0 isin $parms) |
| ( 16 isin $parms))
{ echo 4 $chan $nick said: $strip($parms) } } }
count -- if ( %diff > 0 ) { echo $chan %diff control codes }
| if you wish.Format Flood Protect...
.Status:echo -a Format flood protection is %ctrlchk - maximum
permitted control codes is %max^codes
.Enable:set -s %ctrlchk ON
.Disable:set -s %ctrlchk off
.Set Sensitivity:set -s %max^codes $$?="Maximum permitted control
codes:"
.Reset:set -s %ctrlchk ON | set -s %max^codes 20 | set -s %clrstrip
off | strip -c | echo -a Format flood protection is active, maximum
allowable control codes are 20.
.Color...
..Status:echo 2 Color stripping is %clrstrip
..Strip color:strip +c | set %clrstrip ON | echo -a Colors will NOT
be displayed - format flood protection does NOT include colors.
..Display color:strip -c | set %clrstrip off | echo -a Colors WILL
be displayed - format flood protection includes colors.
Fortunately, every user has the tools already available to combat flooders in a responsible way. First of all, never retaliate against a flooder by flooding back. All flooding is wrong and abuses Undernet resources. Here is some advice to stop flooders:
Good luck, and pass this info along to your friends AND enemies. :)
Now there is a new CSCPAC for mIRC that is a one-stop solution for all your needs. It includes sophisticated flood protection, clone detection/protection, all of the X/W commands thru PopUps and aliases, and an extensive PopUp help section for X/W command syntax and other FAQs. You can obtain the latest version of CSCPAC from many of the URLs listed here in the NoFlood*.txt series. Many of the helpers in Cservice also have it available to distribute. Or e-mail me at one of the addresses shown below to request a copy.
Below are some examples of mIRC scripting that I use in my Level 1 flood protection. You can follow the advice above withOUT setting up a script like the one shown below. The following scripts and aliases are a bit more advanced, and you can play with them if/when you feel up to it.
The following lines are from the tools/remote/commands secton of CSCPAC (versions 4.7x, slight modifications need to be made for 5.x). They allow only one CTCP/site each 60 seconds. 1:*:{
/auser =99 *!*@* $+ $site | /timer 1 60 /ruser *!*@* $+ $site
if ($chan) { echo 10 -a [[ $+ $nick $parm1 $+ ] to $chan | halt }
}
99:*:{
/raw silence *!*@* $+ $site | /ignore -pintu60 *!*@* $+ $site |
echo 10 -s $nick in $chan | /timer 1 60 /ruser *!*@* $+ $site |
/timer 1 60 /raw silence -*!*@* $+ $site | echo 4 -a $nick at $site
on $chan has triggered floodpro for $parm1
halt
}
-tu15 *!*@*
[sets F10 key to global ignore for 15 seconds]*!*@*
[sets F11 key to global silence to stop all CTCP sends at the server]-*!*@*
[turns off the global silence]
*1:on nick:#channel:/kick $newnick | /msg $knick no nick changes allowed in the channel
From AngelBaby, an mIRC script for channel text flood protection:
Auto Kick ON Channel flood (by AngelBaby):*1:on text:*:#silverlocke:/auser 2 $nick | /timer 1 6 /ruser $nick
*2:on text:*:#silverlocke:/auser 3 $nick
*3:on text:*:#silverlocke:/auser 4 $nick
*4:on text:*:#silverlocke:/kick $chan $nick Flood detected! Lose
the screen scroll!!! | /ruser $nick
From |VOID| -- a few other simple flood protect script and alias suggestions (similar to some of the features that are in CSCPAC):
Flood protection that is added to mIRC remote/commands window:1:*:/ignore -tu25 *!*@* | /away One CTCP reply every 25 seconds
... Wait...The default user level at, say, 10. the default user
level MUST be the same as the number at the start of the line
| /timer 1 25 /away :>
(that all goes on a single line)
FLooD PRoTeKTioN
.TuRN oN:/creq ignore | /sreq ignore | /silence +*!*@*
| /ignore *!*@*
.TuRN oFF:/creq auto | /sreq auto | /silence -*!*@* |
/ignore -r *!*@*
I want to thank users that have written to offer their appreciation, suggestions, and comments. Your continued interest and support are appreciated and have inspired the creation of the CSCpac for mIRC.
This advice on making the net safe from flooders has been brought to you by NudeDude (Senior Cservice Admin - Retired. Abuse admin for KidsWorld.org IRC network. Author of the NoFlood*.txt series and the CSCPAC/ OperPac series for mIRC)