prevention of collide abuse.

[Donald Quixote VI <holeekow@xxxxxxxxx>]

hi again syrk..

Many thanks for implementing the nick lockout on error quit I recommended
to help prevent channel takeovers by op cheating, stealing the nicks on quit.

Since those changes, clone and warbot attacks in our channels has dropped
dramatically.

Attacks now are targeted to exploit well known eggdrop bugs and since we
use few if any eggdrop bots, that is of little concern to us.

However, even though the opcheating takeover technique seems to be history
now,, the lamers never rest but merely go on to plans b and c.

In our channels, collides, usually from hacked servers or open proxies are
the biggest threat for takeovers.

Collides can be from either a split or a severely lagged server, 2
different techniques.  Since takeovers by collides can be the juicy prize
the lamest are seeking, nuking or smurfing of servers has become the normal
modus operandi.

DoS attacks can disrupt the net, no doubt about that.  But if The lames are
denied the fruits of nuking why will they waste time?

Prevent collides and nuking servers will diminish, guaranteed, just like
the nick lockout on error quits has reduced massive clone flooding.

How can collides be prevented?  Simple.  Just use the same tools the
colliders are using.  Multiple connections.

Colliders on splits merely relay the targets by either manual or automated
connections.  This is often augmented by lag colliders.  If the targets are
running anti-collide protection, they will try to change nicks to avoid the
split type collision.  Then the lag collide spies relay those changes to
well lagged servers, servers lagged many times because the warclan is
smurfing it intentionally to create the conditions needed for the lag
colliders to work.

Stop the collides and you'll stop most splits and nukes.

How?  I have outline a few ideas before.  I am not a coder at all.  I know
nothing about coding in C or whatever it is.  I know a few linux type
comands like cp, mv, ps, top, chmod and rm.  Not very helpful for what you
must do.

Colliders require multiple connections to work, usually clones connected
via dcc or dde and automated or scripted for duplicating the nicks of the
targets.

How can you stop it?  interface ircd servers with a client function.
design the client function for multiple connections, like clones.  I have
seen scripts that allow 1 mirc slient be connected to 2 different chatnets
at the same time.  and another, called Multi-Con I think that allows one
mirc client to connect to 10 servers at the same time.  That function, if
interfaced to the ircd would provide very effective collide prevention.

How would it work?  The Ircd server makes it normal server to server
connection.  The interfaced client function makes say 16 connections as
clients to prime hubs around the world.

I don't know much about the hubs but on ircnet it seems stealth and
webbernet are key in North America.  in Europe it appears major hubs are in
.fi, .se, .uk and .de.  Other hubs that might be monitored would be .ru,
.hu, .it, .jp. .nl and .no.  A dozen hubs to monitor for starts.

The function would be this:
1]	server gets a nick change request or nick on connect:  /nick new123
2]	server causes each of the interfaced clients on direct connect to the 16
hubs to do /whois new123.
3]	if any of the 16 clients report a return on nick123, user making the
nick change request gets "nick already in use globally" msg
4]	if /whois new123 returns "no such nick" on all 16 hubs, then server sets
user to new123.

you might have much simpler techniques to accomplish this task, but if each
server does a global hub test before assigning nicks, it appears to me it
would impede colliders greatly.

happy coding..

"TomColllns"
"LoBo^LoCo"
reportedly voted most hated of the week by the lame warclans of IRCnet ;)
and proud of it :p