It is currently Mon Jul 24, 2017 7:33 pm




 Page 1 of 1 [ 2 posts ] 
Author Message
 Post subject: little rant about script kiddies
PostPosted: Mon Jun 06, 2005 10:10 pm 

Joined: Mon Jun 06, 2005 9:38 pm
Posts: 1
I've been using Undernet for around 6 years, and one thing which continually suprises/dissappoints me is that Undernet doesn't seem to give a flying *beep* about kids with their h4x0red botnets.

I routinely come across channels filled with 50 or more (100 isn't uncommon) eggdrops/emechs/psybnc connections, running on compromised machines. In the past I've notified Undernet (via email, since the help channels always just tell me to mail the logs/info), but never recieve a reply, and no action is taken.

What's particularly annoying is that i'm trying to do Undernet a favour - I'm not begging them to re-op my channel because I accidently lost ops (in which case I would wait my turn patiently, and appreciate they have better things to do) - I'm simply trying to Do The Right Thing(tm): hundreds of bots sitting on IRC tie up connections (preventing legitimate users from connecting), and consume bandwidth; and I'm sure all of us have been harrassed at some stage in our IRC lives by kids with hacked botnets.

So why doesn't Undernet seem bothered? Perhaps they feel it isn't an IRC matter (in the same way that packeting isn't), or maybe they feel the evidence is inconclusive.: admittidly it's difficult to prove that a particular client is running on a compromised host, but the circumstantial evidence can be very strong. Here's part of the channel list of #l2:

[list=]ÿ[2]Trotik][_2_Trotika@86.104.177.47 ][n/a]3
[ÿ[Ag]Peace][~piece_mak@86-104-6-99.evolva.ro ][n/a]3
[ÿ[ASN]Clod][~Clod@client11.media-link.ro ][n/a]3
[ÿ[ASN]lily][~mladici@client232.media-link.ro ][n/a]3
[ÿ[BG]Arwen][~xxx@81.196.94.146 ][n/a]3
[ÿ[BG]newbs][~kkk@82.77.39.142 ][n/a]3
[ÿ[CJ]alaMo][_Cj_akadar@85.204.4.79 ][n/a]3
[ÿ[CJ]alara][~scocos@ClubElixir.users.undernet.org ][n/a]3
[ÿ[Cj]Ganda][Gandalff@1439442213.users.cubicnet.net ][n/a]3
[ÿ[cj]icebo][~IHv4.7@217.156.16.38 ][n/a]3
[ÿ[CJ]Masky][~Miranda@81.180.166.200 ][n/a]3
[ÿ[CJ]Morgu][~boardmast@82.79.249.28 ][n/a]3
[ÿ[Cr2]Adho][~lalalala@barariuclaudiu.mediasat.ro ][n/a]3
[ÿ[Cr2]time][~tic2000@82.79.191.145 ][n/a]3
[ÿ[Cr3]SaMu][chronos@82.77.75.116 ][n/a]3
[ÿ[CR]Valki][~tedreq@82.78.75.113 ][n/a]3
[ÿ[DC]Water][~Kriket@82.77.83.61 ][n/a]3
[ÿ[DC]`Ghos][taga@213.164.237.179 ][n/a]3
[ÿ[DC]`Zyra][zyraxes@82.79.201.114 ][n/a]3
[ÿ[DS]Fanto][~fantomas@81.180.16.4 ][n/a]3
[ÿ[DS]Hydro][~no@84.154.100.154 ][n/a]3
[ÿ[DS]Lore ][lore@cattitude.users.undernet.org ][n/a]3
[ÿ[DS]Screa][Scream@85.204.211.150 ][n/a]3
[ÿ[DS]Sterv][~Maliuha_1@81.180.210.11 ][n/a]3
[ÿ[DS]Vener][~Drakon@81.180.16.79 ][n/a]3
ÿ[DW2]dMad][asdas@86.126.74.130 ][n/a]3
[ÿ[DW2]Rari][~NexusUser@83.103.171.139 ][n/a]3
[ÿ[DW]Miky`][user@86.126.32.47 ][n/a]3
[ÿ[DW]Phant][~ereal@193-138-218-134.evolva.ro ][n/a]3
[ÿ[Ed]Matus][dani_chele@80.224.232.25 ][n/a]3
[ÿ[EK]Clitc][Pici@82.78.123.31 ][n/a]3
[ÿ[EK]FoCuS][~Focus@FoCuS.users.undernet.org ][n/a]3
[ÿ[EK]seksi][~etc@ns2.wnahosting.com ][n/a]3
[ÿ[EK}Trish][~hcaskjf@81.180.209.237 ][n/a]3
[ÿ[EK]TSUNA][nimeni@62.231.106.72 ][n/a]3
[ÿ[Eq]Bicu ][~Bicu@83.211.154.214 ][n/a]3
[ÿ[Eq]Shoke][~Rabbit@ip-154-215.sn2.eutelia.it ][n/a]3
[ÿ[F]Eleono][_BF_@host-81-190-0-148.gdynia.mm.pl ][n/a]3
[ÿ[F]hageri][_F_hageri@ajm217.neoplus.adsl.tpnet.pl ][n/a]3
[ÿ[GM]RazZz][Razvan@dont.hello.whois-me.co.uk ][n/a]3
[ÿ[GW]DarXy][~DarXyde@82.77.199.5 ][n/a]3
[ÿ[G]eorge ][~george@81.196.163.4 ][n/a]3
[ÿ[HH]Antic][antich@81-196-97-173.iasi.cablelink.ro ][n/a]3
[ÿ[HR]BolTh][~gigi44ger@213.164.224.15 ][n/a]3
[ÿ[HR]TsukH][~etc@213.164.224.15
ÿ[H]Anarch][~gajos@agl162.internetdsl.tpnet.pl ][n/a]3
[ÿ[H]Moridi][~epeon@83.26.115.144 ][n/a]3
[ÿ[ic]Simso][~Simson@86.104.233.16 ][n/a]3
[ÿ[IGG]Alph][~asd@riga.mediasat.ro ][n/a]3
[ÿ[LOG]depu][aqvrl@82.78.124.197 ][n/a]3
[ÿ[LOG]Eren][~aa@82.76.228.12 ][n/a]3
[ÿ[LOG]Legi][~eug@86.126.24.159 ][n/a]3
[ÿ[Lost]Thi][~diabolik@82.77.76.151 ][n/a]3
[ÿ[LR]Shizy][~justme@82.76.228.72 ][n/a]3
[ÿ[LR]Spell][~carip_bog@atu.pub.ro ][n/a]3
[ÿ[Majax] ][opera@majax.users.undernet.org ][n/a]3
[ÿ[MERE]Mal][~asd@81.180.101.14 ][n/a]3
[ÿ[MERE]Mor][~sad@81.196.97.184 ][n/a]3
[ÿ[M|STER] ][mister@cautat.pt.port.de.frumusete.si.tra][n/a]3
[ÿ[NC]Kamik][~mda@82.77.157.180 ][n/a]3
[ÿ[NW]Lathr][~steem@steem.users.undernet.org ][n/a]3
[ÿ[NW]Turin][_MEREPERE_@82.77.148.113 ][n/a]3
[ÿ[OAE]SM ][OAE@81.181.165.163 ][n/a]3
[ÿ[OFF]Tech][Tech@81.196.70.112 ][n/a]3
[ÿ[OS]Septi][~vladb@81.180.210.213 ][n/a]3
[ÿ[OS]tzet ][~asa@81.180.210.206 ][n/a]3
ÿ[PL]Morga][~morgana@ajx220.neoplus.adsl.tpnet.pl ][n/a]3
[ÿ[PL]Ralar][~maludasek@83.238.211.162 ][n/a]3
[ÿ[SM2]mp5 ][~not4u@81.196.24.193 ][n/a]3
[ÿ[smile]fl][tv@212-41-106-62.adsl.solnet.ch ][n/a]3
[ÿ[smile]_x][_smile_Xaz@t-17-145.athome.tue.nl ][n/a]3
[ÿ[SM]Natal][~iionut25@85.186.66.91 ][n/a]3
[v[SM]Sfant][~dan@82.208.128.19 ][n/a]3
[ÿ[SM]Victu][~rockafell@Draister.users.undernet.org ][n/a]3
[ÿ[SR]belze][_SR_belzeb@81.181.210.10 ][n/a]3
[ÿ[SR]Lalen][~zzz@81.180.209.93 ][n/a]3
[ÿ[SR]LUCKY][~romars@141.85.172.175 ][n/a]3
[ÿ[SR]Overm][~aa@82.76.228.12 ][n/a]3
[ÿ[SS]Kaghe][~skoica0@194.102.56.45 ][n/a]3
[ÿ[TLB]Abom][mocioc@85.204.118.83 ][n/a]3
[ÿ[TLB]Mard][Mmm@p3.pub.ro ][n/a]3
[ÿ[WW]Darkk][~Ghost@212.93.147.93 ][n/a]3
[ÿ[WW]Flios][~dan@81.196.164.45 ][n/a]3
[ÿ[WW]Imort][~OLinkin@81.180.210.199 ][n/a]3
[ÿ[WW]Strop][_WW_Stropi@85.186.59.15 ][n/a]3
[ÿ[]Mode ][~sfd@81.180.208.253 ][n/a]3
ÿ|GRU|Morg][~312we@ant170.internetdsl.tpnet.pl ][n/a]3
[v|SpQR|Fug][~SaFugim@DominiqPCR.users.undernet.org ][n/a]3
[ÿ|SpQr|Itz][yakuza@CyberJerk.users.undernet.org ][n/a]3
[ÿ|SpQR|Sho][~razor_01@abs-tech.mediasat.ro ][n/a]3
[ÿ|SpQR|Sil][sile_x@86.120.133.237 ][n/a]3
[ÿ|SpQR|Tez][Rom3o@86.127.2.197 ][n/a]3
[ÿ|SpQR|Tib][~Tibilone@68.55.99.250 ][n/a]3
[ÿ|SpQR|Xdw][~Xme_2004@82.76.204.255 ][n/a]3
[ÿ|SpQR|Yaz][PeDe@193.226.1.90 ][n/a]3[/list]

Perhaps it can't be proved that these hosts are all compromised (without mailing the admin of each one), but opers routinely set g-lines on less evidence.

The only other explanation I can think of is that Undernet don't want to upset the kiddies because they are worried about retaliatory packetting (as happened to Dalnet last year). If there was any truth in this, it really would be a sad state of affairs.


Offline
 Profile  
 
 Post subject:
PostPosted: Tue Jun 07, 2005 8:29 am 
User avatar

Joined: Sun May 23, 2004 7:43 pm
Posts: 323
Location: Nowhere
Well kermit, first of all that channel is registered, so better send an e-mail at cservice-abuse@undernet.org and explain everything, mentioning some whois`, or the /names of that chann, or any sort of proof, and i assure you cs-abuse does it`s job. And about the glining thingy, well as you said, those are hacked boxes and opers can`t do much about them coz if they gline them, they will rejoin in a short while back. So there`s nothing much we CAN do about them. And i doubt it`s coz they are afraid of upsetting those abusers. But aside from this, thank you for atleast trying to warn any kind of abuse that u have discovered, and i hope you shall do the same in the future. We all are trying to do our best for undernet.
Cheers!



_________________
I'm an angel, honest! The horns are just there to keep the halo straight
Offline
 Profile  
 
Display posts from previous:  Sort by  
 Page 1 of 1 [ 2 posts ] 


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: