|
|
|
|
IRC hackingIRC stands for Internet Relay Chat. It allows a group of people to type messages back and forth on a screen in almost real time. It's more fun than Usenet where it can take minutes to hours for people's replies to turn up. IRC is widely used by hackers. To get on IRC, hackers need both an IRC client program and IRC server program. So you need to know some of the ways you can get kicked off IRC. The simplest way to get in trouble is to accidentally give control of your IRC channel to an impostor whose goal is to kick you and your friends off. The first person to start up a channel on an IRC server is automatically the operator (OP). The operator has the power to kick people off or invite people in. Also, if the operator wants to, he or she may pass operator status on to someone else. Ideally, when you leave the channel you would pass this status on to a friend your trust. Also, maybe someone who you think is your good buddy is begging you to please, please give him a turn being the operator. You may decide to hand over the OP to him or her in order to demonstrate friendship. But if you mess up and accidentally OP a bad guy, your fun chat can become history. One way to keep this all this obnoxious stuff from happening is to simply not OP people you do not know. So how do you know if someone is the person he or she claims to be on IRC?. Just because you recognize the nick (nickname), don't assume it's who you think it is! Check the host address associated with the nick by giving the command "/whois IRCnick" where "IRCnick" is the nickname of the person you want to check. Now this "/whois" command will give back to you the email address belonging to the person using that nick. If you see, say, "d***@wannabe.net" instead of the address you expected, say friend@cool.com, then DO NOT OP him. Make the person explain who he or she is and why the email address is different. But entering a fake nick when entering an IRC server is only the simplest of ways someone can sabotage an IRC session. Your real trouble comes when people deploy "nukes" and "ICBMs" against you. "Nuking" is also known as "ICMP Bombing." This includes forged messages such as EOF, dead socket, redirect, etc. A nuke program sends information over the persons IRC server and then after it hits them, it will cause errors suck as dead socket, connection refused, eof from client, and machine is not on the network. ICMP is an extremely powerfull way to screw up not only the persons IRC session, but their entire connection to the Internet. How it works is this way, it sends ICMP messages, at an extremely fast rate, causing severe line noise, and modem lag. It will cause so much lag, that it will ping somone off an IRC server. ICMP stands for Internet Control Message Protocol. For example, ICMP redirect messages are used by routers to tell other computers "Hey, quit sending me that stuff. Send it to routerx.foobar.net instead!" So an ICMP redirect message could cause your IRC messages to go to bit heaven instead of your chat channel. EOF stands for "end of file." "Dead socket" refers to connections such as your PPP session that you would be using with many IRC clients to connect to the Internet. If your IRC enemy spoofs a message that your socket is dead, your IRC chat session can't get any more input from you. That's what ICMP Host Unreachable Bomber for Windows does. Probably the most devastating IRC weapon is the flood ping, known as "ICBM flood." This is a somewhat old fashiond, but effictive way . Flooding cause a person to send so much information to a server, that it disconnects them. This is accomplised by loading clones. Clones are more connections to a server and often made by copying the IRC client numerous times. Then using a flood script, it tells the clones to simultaniously send massive amounts of information to a person. When there client tries to process this all of it, it sends too much information to a server and kills them. The idea is that a bully will find out what Internet host you are using, and then give the command "ping-f" to your host computer. Or even to your home computer. Yes, on IRC it is possible to identify the dynamically assigned IP address of your home computer and send stuff directly to your modem! If the bully has a decent computer, he or she may be able to ping yours badly enough to briefly knock you out of IRC. Then this character can take over your IRC session and may masquerade as you. The purpose of flooding is to send so much garbage to a client that its connection to the IRC server either becomes useless or gets cut off. There are many floods out there. There are DCC and CTCP floods. Ones less agressive are Text Floods, Notice floods and invite floods. As well as crap floods that don't do anything but look mean. Another factor is the number of clones to use. Now let's consider in more detail the various types of flooding attacks on IRC. Text flooding is the simplest attack. For example, you could just hold down the "x" key and hit enter from time to time. This would keep the IRC screen filled with your junk and scroll the others' comments quickly off the screen. However, text flooding is almost always unsuccessful because almost any IRC client has text flood control. Even if it doesn't, text must pass through an IRC server. Most IRC servers also have text flood filters. Client to Client Protocol (CTCP) echo flooding is the most effective type of flood. This is sort of like the ping you send to determine whether a host computer is alive. It is a command used within IRC to check to see if someone is still on your IRC channel. How does the echo command work? To check whether someone is still on your IRC channel, give the command "/ctcp nick ECHO hello out there!" If "nick" (where "nick" is the IRC nickname of the person you are checking out) is still there, you get back "nick HELLO OUT THERE." What has happened is that your victim's IRC client program has automatically echoed whatever message you sent. But someone who wants to boot you off IRC can use the CTCP echo command to trick your IRC server into thinking you are hogging the channel with too much talking. This is because most IRC servers will automatically cut you off if you try text flooding. So CTCP echo flooding spoofs the IRC into falsely cutting someone off by causing the victim's IRC client to automatically keep on responding to a whole bunch of echo requests. Of course your attacker could also get booted off for making all those CTCP echo requests. But a knowledgeable attacker will be connected in several different ways to that same IRC server. So by having different versions of him or herself in the form of software bots making those CTCP echo requests, the attacker stays on while the victim gets booted off (a "bot" is a computer program that acts kind of like a robot to go around and do things for you). A similar attack is CTCP ping. You can give the command "/ping nick" and the IRC client of the guy using that nick would respond to the IRC server with a message to be passed on to the guy who made the ping request saying "nick" is alive and telling how long it took for "nick's" client to respond. Your attacker can also easily get the dynamically assigned IP (Internet protocol) address of your home computer and directly flood your modem. But just about every Unix IRC program has at least some CTCP flood protection in it. Then there is the old standby, ping flooding. It relies on Internet Control Message Protocol(ICMP). Nick colliding is when 2 people have the same nicks. Servers can't have this because it would be screwing a lot up. So one of the people must die. There are 2 methods of nick collision. Split server colliding and lag colliding. Channel taking is basically what IRC war is about, control of territory. It can be accomplished by channel flooding, riding a netspliy, or asking for ops. How to keep from getting kicked off IRC! SITE OF THE MONTH:
|
|
|
