An Admin Speaks
by Curve
Today I assist chrome in running a server on DALnet called tiscali.dal.net. In times passed, however, it used to be known as lineone.dal.net - named after the ISP who sponsored it. Whilst running this server, chrome and I had rather a lot of experience of being attacked, and some of this i'm going to pass on here.
LineOne as an ISP no longer exists, it was bought out some time ago by Tiscali along with several other well-known UK ISPs. Whilst it did exist, however, both chrome and I worked for the company - him as a network architect and me as a senior producer. I first linked the server from LineOne to DALnet and, as the months and years went by, chrome and I were in a good position to see just what Denial of Service attacks did.
There came a period I now not-so-fondly think of as 'the first packet kiddie war' - a time when the whole of DALnet was getting attacked by a group of kids (some of whom were later arrested and charged), and for a long period. To this day, I really have no idea what sparked off their attacks but as they did so, and lost their nicknames and channels, that became their excuse to attack even more.
From DALnet's point of view, the effect of these attacks was very much the same as the attacks we have been seeing in recent times. There were lots of netsplits, chatters were unhappy and not knowing what was happening, and servers were out of action left, right and centre. Many servers had to delink from the network for good, the companies who were sponsoring them no longer able to take the punishment and financial losses.
Our lineone.dal.net server was lucky - it survived, but only because of the determination of British Telecom (who owned LineOne), to catch the culprits. However, although it survived, there was a lot of damage.
The most visible sign of problems, to the average DALnet user, was that our server started to split away from the network a lot when attacked. Sometimes it was attacked so heavily that it completely froze up or crashed. As it was one of the servers you would get on if you connected to irc.dal.net - this meant that many thousands of people experienced a lot of lag, and got disconnected constantly. That, of course, makes it rather hard to do the thing IRC is here for - chat with friends and have fun!
Behind the scenes, the effects of these attacks were far worse. LineOne was a large ISP, it had over 1,000,000 members who used it for Internet access and email. The attacks got so bad that, at times, all those members were simply unable to pick up their email or browse the Internet. These are people who, for the most part, had never heard of IRC - let alone DALnet. Some were trying to run small businesses from home, so we can only guess what those attacks did to their livelihood.
It wasn't just the members of course. When an attack happens, it isn't just left unchecked - there are employees who have to try and mitigate the damage the attack is doing and get the ISP's service restored as quickly as possible. Again, those people are not generally DALnet users, yet they get dragged out of bed in the middle of the night - away from their loved ones - and have to put in exhaustive extra hours of work to try and resolve the problems.
The business itself, the ISP, also suffers. If it is a portal as LineOne was, and people can't reach that portal...then it is losing money. It needs page impressions and advertising revenue to survive as a business. If its business keeps suffering as a result of attacks, then the small investors who own shares in it lose money, and employees run the risk of being laid off work. There has been a case in the last year where an ISP in the UK was actually shut down due to sustained Denial of Service attacks - putting people out of work.
So, lineone.dal.net got attacked - over a million people were effected with who knows what consequences to their real lives. Employees of the company were effected as they had to work a lot of unsociable hours. The business was effected as it lost money. The people who chatted on that server were effected as they had to suffer lags, splits and disconnections.
Why? All because a small group of youngsters wanted to prove they could disrupt an IRC network, or because they wanted to blackmail that IRC network to get whatever channel or nickname they wanted. Because they wanted to live outside the rules - rather like someone buying a gun and saying "I have a gun so the laws don't apply to me - I can steal and rape and murder...just because".
All of us here that provide and run servers on DALnet do it because we believe that chat should be free. Because we enjoy giving a free service to the Internet community and we enjoy watching it grow and become bigger than the sum of its parts. Unfortunately, the people who attack IRC networks are destroying IRC as surely as Usenet is being destroyed by spam. What company or individual in their right mind is going to pay a lot of money to host a server that is just going to be attacked, damaging their livelihood and creating misery and suffering on so many more levels than just 'chat'?
The answer is... less and less people. So, if you are tempted to use tools to attack IRC servers for vengeance, or to look cool - just step back and think about what you're destroying in the long run....one of the last non-profit, non-advertising Internet environments that is totally free
©Emma/Curve 2002
