On Wed, Nov 01, 2000 at 11:39:45PM -0500, John Fraizer put this into my mailbox:
This begs to question: Why do they still do it? (Put the targets....er IRC servers on their networks?)
[...]
Why do people set their network up as a target? I just don't understand.
[...] Any high-profile site is a target. How about you ask that same question of Yahoo, eBay, CNN, or any of the other sites that were massively attacked early this year? How about Slashdot, which seems to get attacked regularly? Maybe they'll realize that they're setting themselves up as targets by being so popular and will shut down simply to protect the networks that host them.
While I agree that it is unprofessional for your contact at a provider to ignore or be disrespectful of you regarding a DoS against an IRC server, it is just a fact of life that attacks against commercial entities will be treated with much higher priority than attacks against a non-revenue producing "service." Quite frankly, the pizza man comes in WAY above an IRC server in my book.
Something I've found in my time doing security work is that IRC provides an extremely useful 'early warning system'. What attacks and exploits get tried against IRC networks/servers today are the ones that are used against the internet at large tomorrow. This maxim seems to have been coming true with DoS attacks in general now. Apparently these sorts of tools are being used between Israeli and Palestinian web sites, and have been in use against web sites of and in various eastern european countries, not to mention the various attacks discussed above. In my time working at a particular ISP, I helped deal with several attacks against customers that simply hosted web sites. Last I checked none of these folks had anything at all to do with IRC. I would strongly recommend that instead of berating people for 'setting themselves up as targets' you concentrate your efforts on curing the disease -- not the symptom. If for whatever reason some script kiddie decides to attack someone on your network, you won't be able to say "But I'm not running an IRC server!" and expect the attack to go away. You'll have to deal with it, the same way us folks who participate in the 'early warning system' have had to for quite some time now. (Yes, DALnet still mails administrators of open broadcast networks; yes, we still mail admins of hacked boxes; yes, we still try and do whatever we can to help secure the internet. It would be nice if we had help instead of people who think we deserve it for running 'targets', who sit back while we do their work for them.) -Sven -- Dalvenjah FoxFire (aka Sven Nielsen) I bet living in a nudist colony takes Founder, the DALnet IRC Network all the fun out of Halloween. e-mail: dalvenjah@dal.net WWW: http://www.dal.net/~dalvenjah/ whois: SN90 Try DALnet! http://www.dal.net/