How come all the datacenters doesn't provide IRC servers?

**whcdavid** · 08-03-2004, 11:54 AM

Hi Guys,

What are the main reasons that all the datacentes doesn't provide IRC servers?.

Thanks
David

**Tris** · 08-03-2004, 12:46 PM

They are vunerable to DDOs atacks and they use up a lot of traffic...

**Pixelation** · 08-03-2004, 01:00 PM

Most don't only refuse IRC servers, but alot of them also refuse IRC clients (BitchX, Bots, Bouncers, ...). Imagine a server with about 200 connections to IRC servers. Those are 200 potentional DDoS targets. Also mostly, people that access IRC via the shell account (so via the dedicated servers) think they are harmless because people don't know their real IP, so they aren't afraid to make some scriptkiddies mad and let them DDoS him. Now keep in mind, a strong DDoS can almost put down the whole backbone of a datacenter!

So, when dedicated server providers provide access to IRC, they need:
- a special connection for all IRC traffic
- auto-nullrouting routers and other security related material to prevent DDoSes
- ...

Mostly, dedicated server providers who provide IRC access, have a less stable network. Those datacenters are almost under attack by DDoS'ers DAILY. Yes indd, DAILY. So you can imagine it's alot of work and requires alot of money and stress to try and keep the network stable and online.

Here's a affordable datacenter that allows IRC access: www.staminus.net
It's relativly stable

I used to have a dedi with them.

Pixel

**Tris** · 08-03-2004, 01:44 PM

HeyI heard something to block DDOS, a way they deal with it in China.

If you are under heavy DDOS on port 80 (KEY POINT) and you KNOW (KEY POINT) which domain that is. What you can do is to change the A record (www) of that domain to 127.0.0.1 and leave it for 1 hour. All DDOS bots will die eventually because they will send all the traffic to themselves no matter the IP is spoofed or not.

I have done a small test on a spare server I have lieing around and all the bots died instantly. They killed themselves.

**whcdavid** · 08-03-2004, 02:09 PM

Tris, Thank you for explanation. It is very useful for everyone.

**Pixelation** · 08-04-2004, 07:12 AM

Mostly, people first resolve the IP and then use that as target, so no domain name is involved. Then what do you do?

**Tris** · 08-04-2004, 07:29 AM

if its at port 80 you can still do the above. But like i said this is only for port 80. I mean they can do it on other ports. As also said you have to know which IP/domain they are going for.

**Pixelation** · 08-08-2004, 07:18 AM

Tris, that's only if they let the bots resolve the domain...
Let's suppose he wants to DDoS this board. He resolves webhostingchat.com, which results in 69.57.150.97. He lets his bots do a connection-flood on 69.57.150.97:80. The only thing you can do now is nullroute that IP.

**Tris** · 08-08-2004, 07:19 AM

Well use an external hardware solution at the router

**Syneticus** · 08-30-2004, 12:24 PM

With IRC comes script kiddies, with script kiddies come packets... with packets come excessive use of bandwidth and network latency, none of which are fun.

Thread Tools