little rant about script kiddies

Here is where you can post your comments about the network, give ideas for changes and what live-events you would like to see.
kermit1
Posts: 1

little rant about script kiddies

Post by kermit1 »

I've been using Undernet for around 6 years, and one thing which continually suprises/dissappoints me is that Undernet doesn't seem to give a flying *beep* about kids with their h4x0red botnets.

I routinely come across channels filled with 50 or more (100 isn't uncommon) eggdrops/emechs/psybnc connections, running on compromised machines. In the past I've notified Undernet (via email, since the help channels always just tell me to mail the logs/info), but never recieve a reply, and no action is taken.

What's particularly annoying is that i'm trying to do Undernet a favour - I'm not begging them to re-op my channel because I accidently lost ops (in which case I would wait my turn patiently, and appreciate they have better things to do) - I'm simply trying to Do The Right Thing(tm): hundreds of bots sitting on IRC tie up connections (preventing legitimate users from connecting), and consume bandwidth; and I'm sure all of us have been harrassed at some stage in our IRC lives by kids with hacked botnets.

So why doesn't Undernet seem bothered? Perhaps they feel it isn't an IRC matter (in the same way that packeting isn't), or maybe they feel the evidence is inconclusive.: admittidly it's difficult to prove that a particular client is running on a compromised host, but the circumstantial evidence can be very strong. Here's part of the channel list of #l2:

[list=]ÿ[2]Trotik][_2_Trotika@86.104.177.47 ][n/a]3
[ÿ[Ag]Peace][~piece_mak@86-104-6-99.evolva.ro ][n/a]3
[ÿ[ASN]Clod][~Clod@client11.media-link.ro ][n/a]3
[ÿ[ASN]lily][~mladici@client232.media-link.ro ][n/a]3
[ÿ[BG]Arwen][~xxx@81.196.94.146 ][n/a]3
[ÿ[BG]newbs][~kkk@82.77.39.142 ][n/a]3
[ÿ[CJ]alaMo][_Cj_akadar@85.204.4.79 ][n/a]3
[ÿ[CJ]alara][~scocos@ClubElixir.users.undernet.org ][n/a]3
[ÿ[Cj]Ganda][Gandalff@1439442213.users.cubicnet.net ][n/a]3
[ÿ[cj]icebo][~IHv4.7@217.156.16.38 ][n/a]3
[ÿ[CJ]Masky][~Miranda@81.180.166.200 ][n/a]3
[ÿ[CJ]Morgu][~boardmast@82.79.249.28 ][n/a]3
[ÿ[Cr2]Adho][~lalalala@barariuclaudiu.mediasat.ro ][n/a]3
[ÿ[Cr2]time][~tic2000@82.79.191.145 ][n/a]3
[ÿ[Cr3]SaMu][chronos@82.77.75.116 ][n/a]3
[ÿ[CR]Valki][~tedreq@82.78.75.113 ][n/a]3
[ÿ[DC]Water][~Kriket@82.77.83.61 ][n/a]3
[ÿ[DC]`Ghos][taga@213.164.237.179 ][n/a]3
[ÿ[DC]`Zyra][zyraxes@82.79.201.114 ][n/a]3
[ÿ[DS]Fanto][~fantomas@81.180.16.4 ][n/a]3
[ÿ[DS]Hydro][~no@84.154.100.154 ][n/a]3
[ÿ[DS]Lore ][lore@cattitude.users.undernet.org ][n/a]3
[ÿ[DS]Screa][Scream@85.204.211.150 ][n/a]3
[ÿ[DS]Sterv][~Maliuha_1@81.180.210.11 ][n/a]3
[ÿ[DS]Vener][~Drakon@81.180.16.79 ][n/a]3
ÿ[DW2]dMad][asdas@86.126.74.130 ][n/a]3
[ÿ[DW2]Rari][~NexusUser@83.103.171.139 ][n/a]3
[ÿ[DW]Miky`][user@86.126.32.47 ][n/a]3
[ÿ[DW]Phant][~ereal@193-138-218-134.evolva.ro ][n/a]3
[ÿ[Ed]Matus][dani_chele@80.224.232.25 ][n/a]3
[ÿ[EK]Clitc][Pici@82.78.123.31 ][n/a]3
[ÿ[EK]FoCuS][~Focus@FoCuS.users.undernet.org ][n/a]3
[ÿ[EK]seksi][~etc@ns2.wnahosting.com ][n/a]3
[ÿ[EK}Trish][~hcaskjf@81.180.209.237 ][n/a]3
[ÿ[EK]TSUNA][nimeni@62.231.106.72 ][n/a]3
[ÿ[Eq]Bicu ][~Bicu@83.211.154.214 ][n/a]3
[ÿ[Eq]Shoke][~Rabbit@ip-154-215.sn2.eutelia.it ][n/a]3
[ÿ[F]Eleono][_BF_@host-81-190-0-148.gdynia.mm.pl ][n/a]3
[ÿ[F]hageri][_F_hageri@ajm217.neoplus.adsl.tpnet.pl ][n/a]3
[ÿ[GM]RazZz][Razvan@dont.hello.whois-me.co.uk ][n/a]3
[ÿ[GW]DarXy][~DarXyde@82.77.199.5 ][n/a]3
[ÿ[G]eorge ][~george@81.196.163.4 ][n/a]3
[ÿ[HH]Antic][antich@81-196-97-173.iasi.cablelink.ro ][n/a]3
[ÿ[HR]BolTh][~gigi44ger@213.164.224.15 ][n/a]3
[ÿ[HR]TsukH][~etc@213.164.224.15
ÿ[H]Anarch][~gajos@agl162.internetdsl.tpnet.pl ][n/a]3
[ÿ[H]Moridi][~epeon@83.26.115.144 ][n/a]3
[ÿ[ic]Simso][~Simson@86.104.233.16 ][n/a]3
[ÿ[IGG]Alph][~asd@riga.mediasat.ro ][n/a]3
[ÿ[LOG]depu][aqvrl@82.78.124.197 ][n/a]3
[ÿ[LOG]Eren][~aa@82.76.228.12 ][n/a]3
[ÿ[LOG]Legi][~eug@86.126.24.159 ][n/a]3
[ÿ[Lost]Thi][~diabolik@82.77.76.151 ][n/a]3
[ÿ[LR]Shizy][~justme@82.76.228.72 ][n/a]3
[ÿ[LR]Spell][~carip_bog@atu.pub.ro ][n/a]3
[ÿ[Majax] ][opera@majax.users.undernet.org ][n/a]3
[ÿ[MERE]Mal][~asd@81.180.101.14 ][n/a]3
[ÿ[MERE]Mor][~sad@81.196.97.184 ][n/a]3
[ÿ[M|STER] ][mister@cautat.pt.port.de.frumusete.si.tra][n/a]3
[ÿ[NC]Kamik][~mda@82.77.157.180 ][n/a]3
[ÿ[NW]Lathr][~steem@steem.users.undernet.org ][n/a]3
[ÿ[NW]Turin][_MEREPERE_@82.77.148.113 ][n/a]3
[ÿ[OAE]SM ][OAE@81.181.165.163 ][n/a]3
[ÿ[OFF]Tech][Tech@81.196.70.112 ][n/a]3
[ÿ[OS]Septi][~vladb@81.180.210.213 ][n/a]3
[ÿ[OS]tzet ][~asa@81.180.210.206 ][n/a]3
ÿ[PL]Morga][~morgana@ajx220.neoplus.adsl.tpnet.pl ][n/a]3
[ÿ[PL]Ralar][~maludasek@83.238.211.162 ][n/a]3
[ÿ[SM2]mp5 ][~not4u@81.196.24.193 ][n/a]3
[ÿ[smile]fl][tv@212-41-106-62.adsl.solnet.ch ][n/a]3
[ÿ[smile]_x][_smile_Xaz@t-17-145.athome.tue.nl ][n/a]3
[ÿ[SM]Natal][~iionut25@85.186.66.91 ][n/a]3
[v[SM]Sfant][~dan@82.208.128.19 ][n/a]3
[ÿ[SM]Victu][~rockafell@Draister.users.undernet.org ][n/a]3
[ÿ[SR]belze][_SR_belzeb@81.181.210.10 ][n/a]3
[ÿ[SR]Lalen][~zzz@81.180.209.93 ][n/a]3
[ÿ[SR]LUCKY][~romars@141.85.172.175 ][n/a]3
[ÿ[SR]Overm][~aa@82.76.228.12 ][n/a]3
[ÿ[SS]Kaghe][~skoica0@194.102.56.45 ][n/a]3
[ÿ[TLB]Abom][mocioc@85.204.118.83 ][n/a]3
[ÿ[TLB]Mard][Mmm@p3.pub.ro ][n/a]3
[ÿ[WW]Darkk][~Ghost@212.93.147.93 ][n/a]3
[ÿ[WW]Flios][~dan@81.196.164.45 ][n/a]3
[ÿ[WW]Imort][~OLinkin@81.180.210.199 ][n/a]3
[ÿ[WW]Strop][_WW_Stropi@85.186.59.15 ][n/a]3
[ÿ[]Mode ][~sfd@81.180.208.253 ][n/a]3
ÿ|GRU|Morg][~312we@ant170.internetdsl.tpnet.pl ][n/a]3
[v|SpQR|Fug][~SaFugim@DominiqPCR.users.undernet.org ][n/a]3
[ÿ|SpQr|Itz][yakuza@CyberJerk.users.undernet.org ][n/a]3
[ÿ|SpQR|Sho][~razor_01@abs-tech.mediasat.ro ][n/a]3
[ÿ|SpQR|Sil][sile_x@86.120.133.237 ][n/a]3
[ÿ|SpQR|Tez][Rom3o@86.127.2.197 ][n/a]3
[ÿ|SpQR|Tib][~Tibilone@68.55.99.250 ][n/a]3
[ÿ|SpQR|Xdw][~Xme_2004@82.76.204.255 ][n/a]3
[ÿ|SpQR|Yaz][PeDe@193.226.1.90 ][n/a]3[/list]

Perhaps it can't be proved that these hosts are all compromised (without mailing the admin of each one), but opers routinely set g-lines on less evidence.

The only other explanation I can think of is that Undernet don't want to upset the kiddies because they are worried about retaliatory packetting (as happened to Dalnet last year). If there was any truth in this, it really would be a sad state of affairs.

User avatar
Wolfyx
Posts: 323
Location: Nowhere

Post by Wolfyx »

Well kermit, first of all that channel is registered, so better send an e-mail at cservice-abuse@undernet.org and explain everything, mentioning some whois`, or the /names of that chann, or any sort of proof, and i assure you cs-abuse does it`s job. And about the glining thingy, well as you said, those are hacked boxes and opers can`t do much about them coz if they gline them, they will rejoin in a short while back. So there`s nothing much we CAN do about them. And i doubt it`s coz they are afraid of upsetting those abusers. But aside from this, thank you for atleast trying to warn any kind of abuse that u have discovered, and i hope you shall do the same in the future. We all are trying to do our best for undernet.
Cheers!
I'm an angel, honest! The horns are just there to keep the halo straight