[Help] Drones removal.

Ask your general or IRC related questions.
User avatar
Dude
Posts: 64
Location: Brasov

[Help] Drones removal.

Post by Dude »


:classic: Sorry old friends but drones are not kewl any more...

for ircu coders: is there a way for you to modify the source code so that the irc network blocks connections from drones ? I mean is it possible to scan certain ports, to verify some predefined wildmarks (hosts/nicks/fullnames), to check the version of every client and so on ON EVERY CONNECTION ?
I bet not.. this could seriously slow down the servers... But if it IS posible then am I the first one that writes here about scanning on connect ?

(This could stop all unwanted bots/drones/users...)
Dudes & dudettes

User avatar
evi|one
Posts: 211
Location: Netherlands

Post by evi|one »

1) Undernet already scans for proxies. What ports do you think undernet should scan for?
2) There is a tool that scans for weird nicks (and not only that). It's called mod.dronescan (it's a gnuworld module)
3) Most of the drones don't answer to ctcp version, and when they do, they usually answer as mIRC, or another legit client.

Suppose all those features are implemented the way you want them. How will that stop ALL the drones?
I am a signature virus. Copy me into your signature to help me spread.

User avatar
Dude
Posts: 64
Location: Brasov

Post by Dude »

Undernet should perform all kind of scans possible and autokill unwanted connections (maybe even automail abuse@provider.net)
ports huh ? Undernet is NOT scanning! eg: subseven - 27374. There are plenty of bots loaded even at this time and I can easily find some of them.
While using drones, I had no problem with Undernet. Only that the code was weakly protected and someone DID closed that channel. Again and again and again.
It seems there is no evidence of drone channels.
And no filters, as I said.
Dudes & dudettes

User avatar
c0derz
Posts: 11
Location: Tampa FL USA.

Post by c0derz »

Like i said once i think all the opers on undernet should pick one day, for all of them or most to have that day dedicated to wipe out drones , it would make the net better, and by gawd it would be fun to see, like i said i have offerend the assitance of my faq but it was rejected so i can do nothing, anyways laters guys
Friends come and go while enemies accumulate!

User avatar
evi|one
Posts: 211
Location: Netherlands

Post by evi|one »

You didn't answer my question Dude. How will scanning rid us of all the drones?
I am a signature virus. Copy me into your signature to help me spread.

User avatar
Dude
Posts: 64
Location: Brasov

Post by Dude »

so.. the drone tries to connect to undernet on port 6667...
the server filters its data, its info and then, if it SEEMS to be a drone, adds an interdiction for that host/provider.
It can be done. I've seen it done in an expensive ircd.
Dudes & dudettes

User avatar
evi|one
Posts: 211
Location: Netherlands

Post by evi|one »

Yeah, you could get rid of lots of harmless users that way :)
I am a signature virus. Copy me into your signature to help me spread.

User avatar
Ceasium
Posts: 7
Location: Toronto, Canada

Post by Ceasium »

well Evilone has a point and plus.. if they scan for drones.. they will be back within no time .. it is usless really..therefore i think undernet already scans for proxies and stuff.. so there can be little done about it..
well ... yeah.. :devious:
......Listen to your mind......

User avatar
Dude
Posts: 64
Location: Brasov

Post by Dude »

JUST LEAVE IT. Think about your own problems. I shouldn't have started this. There will always be drones on Undernet. Even now, I see about 800 of them. I guess you have to work first with drones to see what I see.
Dudes & dudettes

User avatar
wensu
Posts: 83
Location: Sydney, Australia

Post by wensu »

well the best solution is to really ban the ip that is infected for more than the stupid minimal times that are enforced atm.

if an ip is banned once for a specific reason, like flooding, drones, clones, abuse, they then get a point, more points for more severe reasons. once a certain amount of points are reached, the g:line time increases.

example: if a static ip is infected and it's been g:lined as a "drone" 3 times in 5 days, then 3 points equals 30 days of a g:line and so on.

if on the 3rd time a 30 day g:line has been set, then either an auto e-mail to the provider of that IP, and/or a larger g:line mask should be set.

if it is a larger ISP, you'd quickly see that abuse dept of that ISP take more interest in their infected customers machines. no isp likes to have their customer base swamp their helpdesk saying the whole of *aol.com for example has been g:lined.

unhappy internet customers equal customer leaving that ISP which in turn equals loss of cash flow.

- wensu

User avatar
Dude
Posts: 64
Location: Brasov

Post by Dude »

I'm starting a comunity for programmers, hackers, script kiddies, admins,
smart ppl intrested in hunting botnets and their masters. I've already been doing this since january 2002 when wicked and his edited evilbot attacked grc.com.
I have already installed phpbb on a server, all I need is ppl with experience and/or ideas and/or resources.
I'm starting it because I want to avoid critics that can't see the activity of 1000+ drones in a simple mIRC log. Daahhh.

If you're intrested, please contact me @

http://underworld.dap.ro/for/index.php


Thanks.
Dudes & dudettes

User avatar
BaZz
Posts: 23
Location: Montréal, Canada

Post by BaZz »

I don't think there's a "magic" way to remove all drones.
Intelligent coders will install the drone, and close all ports after that, and update the drone if needed through an IRC channel, generally on a private IRC server. So you can scan all the ports you want, it won't change anything ...
There's only one way : use your hands
:)
-BaZz-
[0] infected! Advertising infecting web sites. Clean this computer! http://www.moosoft.com http://housecall.trendmicro.com/

Irku
Posts: 206
Location: bucharest

Post by Irku »

Yeah that is obvious. What about ppl that can't use their hands ? What about ppl that pay for an antivirus license, ppl that feel safe, but have been infected with something that will only be detected in 2 or 3 years ? What about their credit cards ? There are 20k drones that have all subseven functions... and that means the MAIN irc bot, a keylogger, a sniffer set to filter passwords and so on.
This seems to be the new wave for them who have already tried the old stuff and are not bored YET.
If you're a microsoft user, you really should install a firewall, a well known antivirus, learn to run msconfig > startup (and/or edit the registry (run regedit)) :wink: and NEVER, NEVER open unsecure mail attachments.

And one more thing: Read as much as you can. On Google, you can find whatever you might ask. Read anything about the subject if you want to get rid of / fight against drones...

OUTsider
Posts: 435
Location: Netherlands

Post by OUTsider »

So you wanna donate all users brains and teach them how to use it ? Good luck!!

The issue with killing/preventing drones is retarted. Why ? Coz you can't !
The ones launching drones are always a step further. The only thing you can do is to attempt to cure the disease, but it remains an endless cat & mouse game. Somehow however I think the mouse wins.

Then how to end this madness ? Even that you can't. For that you would need to create computers and software that cannot be hacked in any way, that cannot be infected with trojans in any way , internet being continuesly monitored line by line just to detect abuse. All isp's immediately sharing information about lamers that they are never ever able to get an account anywhere, all computers being equipped with fingerprint and iris scanners to verify the user. And even then there is still a chance that someone is able to go around the security and have his 'fun'.
Don't bother reading, I'm just the lame botlender, right ?

Irku
Posts: 206
Location: bucharest

Post by Irku »

Microsoft releases the mouse, Symantec crushes it. It's a whole industry here. Hackers will never be stopped, even if a bugless operating system could be achieved. In theory, at least.