IRC takeover
   HOME

TheInfoList



OR:

An IRC channel takeover is an acquisition of
IRC channel operator Internet Relay Chat (IRC) is a text-based chat system for instant messaging. IRC is designed for group communication in discussion forums, called '' channels'', but also allows one-on-one communication via private messages as well as chat an ...
status by someone other than the channel's owner. It has largely been eliminated due to the increased use of
services Service may refer to: Activities * Administrative service, a required part of the workload of university faculty * Civil service, the body of employees of a government * Community service, volunteer service for the benefit of a community or a p ...
on IRC networks.


Riding the split

The most common variety of channel takeover uses disconnections caused by a
netsplit In computer networking, specifically Internet Relay Chat (IRC), netsplit is a disconnection between two servers. A split between any two servers splits the entire network into two pieces. Cause and effects Consider the graph to the right, which ...
; this is called riding the split. After such mass disconnections, a channel may be left without users, allowing the first rejoining user to recreate the channel and gain operator status. When the servers merge, any pre-existing operators retain their status, allowing the new user to kick out the original operators and take over the channel. A simple prevention mechanism involves ''
timestamp A timestamp is a sequence of characters or encoded information identifying when a certain event occurred, usually giving date and time of day, sometimes accurate to a small fraction of a second. Timestamps do not have to be based on some absolut ...
ing'' (abbreviated to ''TS''), or checking the creation dates of the channels being merged. This was first implemented by
Undernet The Undernet is the third largest publicly monitored Internet Relay Chat (IRC) network, c. 2022, with about 36 client servers serving 47,444 users in ~6000 channels at any given time. IRC clients can connect to Undernet via the global round rob ...
(ircu) and is now common in many IRC servers. If both channels were created at the same time, all user statuses are retained when the two are combined; if one is newer than the other, special statuses are removed from those in the newer channel. Additionally, a newer protection involving timestamping is used when a server splits away from the main network (when it no longer detects that
IRC services Internet Relay Chat services (usually called IRC services) is a name for a set of features implemented on many modern Internet Relay Chat networks. Services are automated bots with special status which are generally used to provide users with a ...
are available), it disallows anyone creating a channel to be given operator privileges.


Nick collision

Another popular form of channel takeover abuses nickname collision protection, which keeps two users from having the same nickname at once. A user on one side of a netsplit takes the nickname of a target on the other side of the split; when the servers reconnect, the nicks collide and both users are kicked from the server. The attacker then reconnects or switches nicks in a second client while the target reconnects, and proceeds to jupe (or block) the target's nickname for a period of time. User timestamping is often used to detect these kinds of attacks in a fashion similar to channel timestamping, with the user who selected that nickname later being kicked from the server. Another protection method, called ''nickhold'', disallows the use of recently split nicknames. This causes fewer kicks, but causes more inconvenience to users. For this reason, timestamping is generally more common. Some servers, such as ircd-ratbox, do both.
IRC services Internet Relay Chat services (usually called IRC services) is a name for a set of features implemented on many modern Internet Relay Chat networks. Services are automated bots with special status which are generally used to provide users with a ...
and bots can also protect against such attacks by requiring that a password be supplied to use a certain nick. Users who do not provide a password are killed after a certain amount of time.


Other methods

Other methods can be used to take over a channel, though they are unrelated to flaws in IRC itself; for example, cracking the computers of channel operators, compromising channel bot
shell account A shell account is a user account on a remote server, traditionally running under the Unix operating system, which gives access to a shell via a command-line interface protocol such as telnet, SSH, or over a modem A modulator-demodulator o ...
s, or obtaining services passwords through social engineering.


Smurfing

Smurf attack A Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address. ...
s have been used to take over IRC servers.Ganor, Boaz; von Knop, Katharina; Duarte, Carlos A. M. (2007)
''Hypermedia seduction for terrorist recruiting''
IOS Press IOS Press is a publishing house headquartered in Amsterdam, specialising in the publication of journals and books related to fields of scientific, technical, and medical research. Established in 1987, IOS Press publishes around 100 internationa ...
.
These exploit ICMP ping responses from broadcast addresses at multiple hosts sharing an Internet address, and forge the ping packet's return address to match a target machine's address. A single malformed packet sent to the "smurf amplifier" will be echoed to the target machine.


References

{{IRC topics Takeover, Internet Relay Chat