Page 2 of 3 FirstFirst 123 LastLast
Results 26 to 50 of 56
  1. #26
    Join Date
    Jun 2002
    Location
    Waco, TX
    Posts
    5,623
    I used IRC for years and years before ever getting into hosting, I used it via a shell from a BBS when they had a live link for a few hours a night even.

    However, it was, and seems forever will be filled with a lot of people that are quick to DDOS over the most petty things. After I moved from BBS to an online service (not quite full net) flooding people off their dialups and watching them get disconnected was a 'fun' thing to do and it has progressed since then. one of my first forays into servers was setting up my own ISDN line at age 15 and hooking up 4 machines at 144k (dual channel ISDN) on static IPs for shell connections. That is about where I'd stop allowing IRC at that point, as anything more is putting every other client at risk. Yes even an IRC client attracts DOS attacks at times, especially when you are an oper on a large network, or if you allow IRC and an oper joins your services.

  2. #27
    Join Date
    Nov 2009
    Location
    Ringtown PA
    Posts
    27
    Well, then it would not only benefit IRC users, but users overall if said "scared" company would invest in a good router/firewall, as one of my vps hosts have. (Look at linode, i bet they get ddosed everyday with no noticable affect)

  3. #28
    Join Date
    Jun 2002
    Location
    Waco, TX
    Posts
    5,623
    Quote Originally Posted by JoeK1337 View Post
    Well, then it would not only benefit IRC users, but users overall if said "scared" company would invest in a good router/firewall, as one of my vps hosts have. (Look at linode, i bet they get ddosed everyday with no noticable affect)
    a good router/firewall does nothing when you get multi gigabit DDoS attacks.

    it just gets flooded.

  4. #29
    Join Date
    Oct 2009
    Posts
    138
    As much as I still use IRC and find it annoying that many hosts will not tolerate it, I completely understand where they are coming from -- DDoS likelyhood increases drastically! It's a fundamental flaw in our current Internet infrastructure. If/when that gets sorted out, every provider will allow IRC because there will be no such thing as DDoS so they have nothing to lose.

  5. #30
    Join Date
    Oct 2006
    Location
    /usr/src/linux/
    Posts
    700
    Very few people even use IRC now days. It's just paranoia, most public irc servers offer IP/host spoofing anyway, the only problem is ircd servers. Private/small irc servers get idle/forgotten allowing botnet herders to park their ddos bots there.
    DDoS likelihood will not increase drastically I'm speaking from experience. IRC == DDoS is a thing of the past.
    Code:
    [root@node6 ~]# netstat -nap | grep -c 6667
    178
    Last edited by DigitalLinx; 11-14-2009 at 02:21 PM.
    VPSnoc.com offers high quality Xen® OpenVZ & Windows® Virtual Private Servers at affordable prices.
    99.95% Uptime | 24/7/365 Support | Unmetered bandwidth.
    Follow us: twitter.com/VPSnoc

  6. #31
    Quote Originally Posted by DigitalLinx View Post
    Very few people even use IRC now days. It's just paranoia, most public irc servers offer IP/host spoofing anyway, the only problem is ircd servers. Private/small irc servers get idle/forgotten allowing botnet herders to park their ddos bots there.
    DDoS likelihood will not increase drastically I'm speaking from experience. IRC == DDoS is a thing of the past.
    Code:
    [root@node6 ~]# netstat -nap | grep -c 6667
    178
    Exactly!

    Another important aspect which VPS providers don't consider is that VPS clients don't wanna be ddosed either as they pay for bandwidth and this is main difference between VPS clients personal IRC usage and IRC shell users, where many clients of IRC shells specialized companies use same IP.
    VPS clients on "irc is allowed" vps's usually aren't irc shell providers but limited on non problematic personal usage.

  7. #32
    Join Date
    Apr 2008
    Location
    Tulsa, OK, USA
    Posts
    376
    Quote Originally Posted by JoeK1337 View Post
    Well, then it would not only benefit IRC users, but users overall if said "scared" company would invest in a good router/firewall, as one of my vps hosts have. (Look at linode, i bet they get ddosed everyday with no noticable affect)
    A box running vyatta with recent CPU, etc can handle DDoS just fine. The issue isn't the router, it's that DDoS attacks cost money by raising your 95% utilization, and if they are larger than your upstream capacity, they take your network down. But in the modern age of most people getting at least a gig-e handoff from their upstreams, it's mostly the 95% jumps that are the problem with DDoS.

    Most of the VPS providers which allow IRC are very quick to get rid of people who cause trouble. You yourself can attest to this fact, as you know how I handle people who attract DDoS consistently (read: termination). I know for a fact that Linode has the same policy I do.

    Now days, though, IRC is not any more of a DDoS risk than running a forum or anything else. Look at Steadfast for example, they have DDoS protection on their VPS plans, and yet they do not allow IRC on them. There is a reason for that.

    I think instead of banning IRC, just saying "Do not attract DDoS attacks" in your TOS is good enough these days, and it covers ground in a generic fashion which is a good idea anyway.

  8. #33
    Join Date
    Nov 2009
    Location
    Ringtown PA
    Posts
    27
    In my career of IRC<-> VPS, none of my vpses have NOT been ddosed once, and theres an irc network and a bouncer on most, if not every one, and they are on networks that disable cloaking(see:EFNet). As nenolod said, anything attracts ddos; If you forbid outgoing access to uncloaked networks where people ddos to get nicknames, there shouldnt be much of an issue. IRC enabled vpses are a big PLUS for customers, at least me anyways.

  9. #34
    Join Date
    Nov 2009
    Location
    Ringtown PA
    Posts
    27
    Quote Originally Posted by JoeK1337 View Post
    In my career of IRC<-> VPS, none of my vpses have NOT been ddosed once, and theres an irc network and a bouncer on most, if not every one, and they are on networks that disable cloaking(see:EFNet). As nenolod said, anything attracts ddos; If you forbid outgoing access to uncloaked networks where people ddos to get nicknames, there shouldnt be much of an issue. IRC enabled vpses are a big PLUS for customers, at least me anyways.
    have not been ddosed once* didnt mean to double negative

  10. #35
    Join Date
    Jan 2005
    Location
    Darwin, Australia
    Posts
    1,339
    Personally if a host allows IRC, I steer well clear of them.
    Web Hosting Plus
    Premium Australian Web Hosting

  11. #36
    Join Date
    Apr 2008
    Location
    Tulsa, OK, USA
    Posts
    376
    Quote Originally Posted by SSHocker View Post
    Personally if a host allows IRC, I steer well clear of them.
    Why? Honestly, I've noticed that the biggest DDoS risk on my network is gameservers (especially counterstrike ones), not IRCd.

    All of the major DDoS attacks in the last year on my network have been against IPs running CS servers.

  12. #37
    Join Date
    Jan 2005
    Location
    Darwin, Australia
    Posts
    1,339
    Same deal if they allow game servers. I couldn't be bothered hosting with a company that allows high DDoS risk customers. If they're targeting that young a customer demographic and risking my business, I'll take my dollars elsewhere.
    Web Hosting Plus
    Premium Australian Web Hosting

  13. #38
    Join Date
    Jun 2009
    Location
    Baile Átha Cliath
    Posts
    186
    There does seem to be the impression that a lot of would-be-genuine IRC use tends to gravitate to IM (MSN, ICQ, etc), rather than contend with IRC's issues.

  14. #39
    I don't perceive an IRC Client as being a problem at all. Hosting an IRC Service, however is for the many reasons stated in this thread. I don't necessarily believe that "new startups" don't have experience, however. There are a lot of hosts out there who have operated servers, etc for a very long time and just decided to create a business with their knowledge, that doesn't mean they don't know what they're doing.
    Windows / Linux VPS
    Xen Virtualization
    RockVPS.com

  15. #40
    Quote Originally Posted by JoeK1337 View Post
    In my career of IRC<-> VPS, none of my vpses have NOT been ddosed once, and theres an irc network and a bouncer on most, if not every one, and they are on networks that disable cloaking(see:EFNet). As nenolod said, anything attracts ddos; If you forbid outgoing access to uncloaked networks where people ddos to get nicknames, there shouldnt be much of an issue. IRC enabled vpses are a big PLUS for customers, at least me anyways.
    That's good to know. So, firewalls do nothing. But if you still want to offer IRC, does anyone have any more solutions on how to limit the risk of ddos attacks?

  16. #41
    Quote Originally Posted by onestopnetwork View Post
    That's good to know. So, firewalls do nothing. But if you still want to offer IRC, does anyone have any more solutions on how to limit the risk of ddos attacks?

    You need to know what exactly you want, to understand differences. IRC connections/clients? IRC servers? IRC shell provider service?
    I saw recently in some VPS hosting company reasonable TOS line where they allow IRC for personal usage (this is usually limited to few IRC clients/connections) but not for professional (irc shell provider) usage.
    This drastically limit the risk of ddos attacks as being shell provider with many many IRC users really require ddos protected network, but some VPS customer which use some IRC client (or channel guarding bot) connencted to some network really doesn't introduce some high ddos threat.

  17. #42
    Join Date
    Jan 2006
    Location
    Worldwide
    Posts
    150
    IRC isn't a big deal.

    Just don't host e-trash that piss script kiddies off on networks such as efnet.

    Regardless if you "allow" IRC or not, it's not going to matter. If you're going to get DDoS'd, you're going to get DDoS'd regardless if you're "blocking" IRC or not.

    Ya know, since IRC is such a huge threat, lets block sshd too. Since theres so many brute force bots out there that waste so much bandwidth, and can even act as a DoS. Or heck, lets block GoogleBot too. We all know they crawl sites and cause unneeded httpd load.

    Like I said, IRC is not the problem. It's who you host.
    IRC is no different than any other service you might run on your network. So don't blame the amazing protocol that pretty much every large tech-related company uses.

  18. #43
    Join Date
    Oct 2008
    Location
    J
    Posts
    299

    Thumbs up

    Quote Originally Posted by sticky View Post
    Like I said, IRC is not the problem. It's who you host.
    IRC is no different than any other service you might run on your network. So don't blame the amazing protocol that pretty much every large tech-related company uses.
    like this
    - do it your self.

  19. #44
    Join Date
    Feb 2004
    Location
    Sacramento CA
    Posts
    3,513
    Working in IT the last job that used IRC was more then 10 years ago, besides the point I know.

    @sticky:

    I don't think anyone was arguing (in this thread or anywhere else that I've been reading since this topic has spurred my interest) that by not providing IRC a host was eliminating the risk of DDoS attacks. I'm not sure where the logic in that is. Again no one is saying that anything that causes some load on your network/systems should be banned there are things that are required and needed and yes some of these come with risks so you try to mitigate them and hope for the best. IRC is not required or needed (99%+ of my customers do not need it) so no big deal. Each host is free to make their own decision on what they think is best for them.

    And yes there are some hosts out there that do not give you SSH access. Many hosts disable every service that is not absolutely required. Many hosts do custom patching of base installs/scripts/settings/etc... to enhance security. So some do not allow IRC? THEN FIND SOMEONE WHO DOES. That is the free market, if there was enough demand everyone would be offering it.

  20. #45
    It's actually great that someone started this discussion.
    Some hosts which reading this might realize and understand now what this "irc isn't allowed" under their illegal VPS usage TOS means and that IRC usage isn't illegal act, that IRC isn't some terrible virus spreading tool or something like that but simply old internet relay chat protocol with great history.

  21. #46
    Join Date
    Nov 2009
    Location
    Fairfax, VA
    Posts
    10
    Quote Originally Posted by Daniel_G View Post
    ...Especially since most of the major networks allow you to mask your hostname.
    I would imagine because the VPS host can't check if you're on a network that has masking services and whether or not you even use it.

    It's a real shame... Been paying close to $40/month for a VPS service I'm not getting enough out of.. I need to host a bouncer damn it!

  22. #47
    Join Date
    Jan 2003
    Location
    Chicago, IL
    Posts
    6,957
    As a provider that does not allow IRC services on VPSes or shared hosting account, though we do on dedicated servers, I figured I should comment.

    We do not allow IRC on shared hosting accounts for the obvious reason that most shared hosting accounts use a shared IP. We cannot null-route dozens if not hundreds of customers because of a DDoS against one customer. For VPSes, it is because of the following reasons:

    1) Greater affect of DDoS - Even though a customer will have a dedicated IP on a VPS, which we can null route, a DDoS has a greater affect on our VPS environment than on a dedicated server. All of our dedicated server aggregation switches are fed with multiple GigE circuits, whereas a VPS server will only have a single public GigE circuit, that makes it easier to congest the single circuit and in both cases, roughly the same number of customers would be affected.

    2) The smaller dollar amount paid by the VPS customers is less likely to cover the costs associated with the DDoS attacks and other illegal activity that often follows IRC. Here, the issue is primarily botnets, not pirating, etc.

    3) All of our VPS servers are on the same VLAN to make it easy to move VPS accounts between servers. This means there is significantly more traffic going through the VLAN, making broad filtering more difficult and more CPU intensive than with a single dedicated server.

    4) VPS accounts are lower end/lower value accounts. We do include full management, but IRC is not one of the covered services. That then leads to the issue of people running IRC services that are unfamiliar with them or are just playing around. Those types of systems are then more likely to be compromised or to be taken over to be used for illegal purposes.

    Yes, I agree that most IRC traffic is legitimate, but we needed to make an overall business decision. When IRC was allowed, we saw multiple DDoS attacks on VPS accounts within a couple months. We banned it about three years ago and have not seen a major DDoS on VPS accounts since. We are willing to risk losing those customers that need IRC instead of dealing with those DDoSes in a shared hardware environment. I fully understand the decision that was made and am not going to potentially compromise a good portion of our business and reputation for a couple extra customers.

    Things are made a lot simpler to manage overall with dedicated servers and colocation, so we do allow IRC on those services.
    Karl Zimmerman - Founder & CEO of Steadfast
    VMware Virtual Data Center Platform

    karl @ steadfast.net - Sales/Support: 312-602-2689
    Cloud Hosting, Managed Dedicated Servers, Chicago Colocation, and New Jersey Colocation

  23. #48
    I think it's all about risk vs. reward. Speaking from experience, there's %1 of customers that want to use IRC (and related services), and probably %.01 of those customers that will cause a DDoS affecting %100 of your client base at one point or another. There's simply no incentive to put the rest of your customer base at risk for that %1 market of legitimate IRC users.

    Maybe there's a niche for IRC-Only hosting?
    Brian Emerson

    KickAss Virtual Private Servers
    http://www.kickassvps.com/

  24. #49
    Join Date
    Feb 2004
    Location
    Sacramento CA
    Posts
    3,513
    Well said Karl.

  25. #50
    I agree with sticky. Its who you host. I think it's somewhat silly completely restricting IRC (the one major downside is that you're actually driving away potential customers who are going to use the VPS for their corporate or shared hosting company's IRC). Adding restrictions on how to use IRC would make much more sense though.

Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Whats the deal?
    By BostonGuru in forum Colocation, Data Centers, IP Space and Networks
    Replies: 6
    Last Post: 02-12-2008, 04:56 PM
  2. Whats so bad about irc?
    By TarballX in forum Dedicated Server
    Replies: 17
    Last Post: 08-05-2007, 04:33 PM
  3. Urchin 5, Whats the big deal?
    By That 70's Hacker in forum Hosting Software and Control Panels
    Replies: 0
    Last Post: 09-22-2004, 09:34 AM
  4. Okay whats the deal?
    By Raptor-Host.com in forum Web Hosting
    Replies: 14
    Last Post: 09-09-2004, 03:52 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •