Hi,
a new client has set up an irc bouncer (MUH) a couple days ago.
It doesn't seem to be very cpu/bandwidth consuming, so far.

I'm a bit worried, for several reasons:
a-legal reasons, although I don't want to make any judgement until I know a bit more about the client,
b-if somebody tries to flood the client, the middleman (the server!) will be the victim, right?

What would you do? Allow it to stay here, or shut it down?

Thanks,
-Chris.

If it's a hosting server, I would shut it down. Basically he's going on IRC with the server IP. If he's in high attack prone channels, when they /whois him, they will get the IP, which will be your server. When they attack, they attack your server and he won't get affected. The worse thing that can happen is that he loses the connection to the bounce and then he reconnects to another bounce or directly to an irc server.

and the worst thing that will happen to our server?

Sorry, I'm not familiar with IRC, not to mention IRC attacks...:(

Originally posted by cyansmoker
and the worst thing that will happen to our server?

1. They DOS the machine which makes it hug the ground.
2. They hack into your machine and the worst thing they could do is rm -rf :D :(

Yeah, they'll just DoS (Denial of Service) your machine which basically makes it 'poop'. A lot of upstream will then get pissed off since you're attracting these attacks.

Originally posted by Kiwi


1. They DOS the machine which makes it hug the ground.
2. They hack into your machine and the worst thing they could do is rm -rf :D :(

You are taking this way too far with the whole "hacking into machine" bit

The question was "what's the worst that can happen," so I'm not sure that "hacking in to the machine" is taking it too far. Actually I don't think the worst thing they could do is "rm -rf", I think the worst thing they could do is use your server to launch attacks on other servers, or a similarly nefarious act.

I have a question about IRC software running on a server... what port does it run on? Something unique?

ya

I ban IRC bots/bouncers etc from a hosting machine. I even got a separate server that is ONLY for these bots/bouncers/vanity hostnames - where people who will sign up will know that it isn't a guarenteed service (but we aim to keep it up as long as possible, but because of DoS attacks, it might go offline for brief periods).

--James

Originally posted by Kiwi


1. They DOS the machine which makes it hug the ground.
2. They hack into your machine and the worst thing they could do is rm -rf :D :(

Kiwi don't forget the "/" at the end of that "rm -rf" statement. ;)

Your service is in web hosting, not irc chatting, port scanning, game serving (couner-strike anyone?), etc. So focus on that and disallow all other non-relevent activities.

Originally posted by Intelligent Hosting
I have a question about IRC software running on a server... what port does it run on? Something unique?

An irc server will usually run on port 6667 or 7000 (or both). Bouncers can run on any open port.

Originally posted by Planet Z


An irc server will usually run on port 6667 or 7000 (or both). Bouncers can run on any open port.

Hah! But the bouncer has to reach these ports, doesn't it?

I closed 6660-7000/TCP incoming and outgoing,
as well as 194/TCP and 194/UDP.

What d'ya think?

Thanks,

IRC Servers can be on any port really.. just that it is common to be on 6667-7000 :)

--James

Originally posted by cyansmoker


Hah! But the bouncer has to reach these ports, doesn't it?

I closed 6660-7000/TCP incoming and outgoing,
as well as 194/TCP and 194/UDP.


Perhaps. Those are the most common ones. There's a number of irc servers that use weird ports as well, so it's definitely not a definite way of preventing the use of bouncers.

Basically, all you need to do is tell people they can't run them. Warn them once if they do, and if they do it again boot 'em. It's easy to tell if people are running them... so...

Originally posted by Planet Z
Basically, all you need to do is tell people they can't run them. Warn them once if they do, and if they do it again boot 'em. It's easy to tell if people are running them... so...

Thanks Planet, actually that's what I did.
I sent them an email offering a full refund if they only needed their account for IRC, and surprisingly enough, very unlike spammers, they replied something like "oh no, sorry about that. we won't do it again" and they set up their site.

:D :D :D