I got an Unreal irc server and i'm an ircop in there so I can make what @host adress I want, with no clones or something like this. I'll test today 3 bots to 10-15 flooders, all with diferent adresses, on sentinel v2.60 (29 March 2001) and I'll report back what happend.
Well.. I tested 1 eggdrop with 10 flooders, with diferent hosts. My test results are: the ctcp flood protection works very fast with +mi and bans + kicks.. the join part flood works very good as the ctcp protection, but the avalanche/tsunami flood is not so good. He only puts a +mi and that notice to the channel.. flooders are still there with no bans at all.
I'm @ of a big channel in a brazilian irc network. We suffer with attacks like this. When the attacker has many proxys, bncs, and even wingates, with a lot of IPs, is dificult to stop the atack. The best way i've found is to set the channel in +R mode, where only registered users can join the channel, and start banning the IPs in the Bot perm Ban list
This is not the perfect way, but it handles the attack and prevent further ones with those hosts.
<font size=-1>[ This Message was edited by: hmelo on 2002-01-01 23:00 ]</font>
I'm @ of a big channel in a brazilian irc network. We suffer with attacks like this. When the attacker has many proxys, bncs, and since wingates, with a lot of IPs, is dificult to stop the atack. The best way i've found is to set the channel in +R mode, where only registered users can join the channel, and start banning the IPs in the Bot perm Ban list
This is not the perfect way, but it handles the attack and prevent further ones with those hosts.
--- Setings ---
# Bot CTCP flood.
set sl_bcflood 1:60
# Bot MSG flood.
set sl_bmflood 4:20
# Channel CTCP flood.
set sl_ccflood 1:60
# Channel avalanche/tsunami flood.
set sl_avflood 3:60
# Channel text flood.
set sl_txflood 10:60
# Channel bogus username join flood.
set sl_boflood 3:20
# Channel join-part flood.
set sl_jflood 3:20
# Channel nick flood.
set sl_nkflood 3:20
set sl_tsunami 10
set sl_ban 1440
set sl_boban 1440
set sl_globalban 0
set sl_wideban 1
set sl_banmax 100
set sl_igtime 240
set sl_ilocktime 120
set sl_mlocktime 60
set sl_shortlock 1
set sl_bfmaxbans 19
I noticed that the flooder has always the same part of the nick
eg. ABCxxxxx (in this case _0wn3d...) so we could code something that
will just ban the first part of the nick in case of flood...
caesar, thanks for doing what you could, but results/logs from current version aren't really useful to me. In any case, I now have an ircd with some other people helping.
killer, regarding bans on similar nicks(ABCxxxxxx, etc.), it's far too easy to get around such bans using truly random nicks. You can bet every flooder would soon switch to random nicks if they know their semi-random ones will be automatically banned by a script, so its usefulness would be short-lived.
These days the Bulgarian IRC Network (UNIBg) is also suffering attacks like this one showed above. Many big channels got flooded off and even channel #Bulgaria was so badly flooded with abot 200 different bots from different hosts (bncs, proxies). The flood there was about 30 min and no one could do anything to stop it. Even one server got splitted due to the flood. The bots are msg-ing the channel with different msgs, when you set mode +m the begin nick flood. slennox if you want channels to test your script - I suggest you visiting this network:) I found this forum by chance while I was looking for script to prevent this thing happen again. Now I've downloaded sentinel1.54 and I hope to works