Denial-of-service attacks still plague Undernet chat network

The free Internet Relay Chat (IRC) network run by the Undernet is continuing to be assaulted by distributed denial-of-service attacks, leading some of the companies that operate the group's servers to terminate their hosting agreements.

In an updated notice posted yesterday on its Web site, the Undernet's administrators said it's still uncertain when they will be able to restore the IRC network to full working order. The networks of the Internet service providers that host Undernet servers in the U.S. and Europe "have been subjected to continued denial-of-service attacks," the statement said.

Such attacks have been a frequent problem with IRC servers, according to the Undernet advisory. But it added that the attacks being carried out this week "have been so severe that some [companies] have terminated their agreements to host IRC servers on the Undernet network."

Even disconnecting the IRC servers hasn't stopped the attacks, the notice said. Hosting companies that have taken that step are still being assaulted, leading the Undernet's administrators to conclude that the attackers are trying "not only to destroy an IRC network, but also to adversely impact the business enterprise of individual ISPs that have hosted Undernet IRC servers."

IRC is a real-time text messaging service that predates many of the instant messaging services now available online, such as AOL's Instant Messenger. Millions of people use IRC, and Undernet is one of the largest networks, with 45 servers connecting users in more than 35 countries.

But the Undernet's administrators said the future of the group's network remains uncertain because of the ongoing attacks, which are believed to be originating from Romania.

An Undernet system administrator who spoke on condition of anonymity said the recent attacks are nothing new for IRC services. However, he said this assault appears to be an act of revenge by someone who was denied access to a specific IRC channel.

Efforts to reach Undernet officials for additional comment today were unsuccessful. The denial-of-service attacks were first reported last Sunday and have forced the organization to shut down most of its free messaging services.

Most Undernet servers are operated by Internet service providers and Web hosting firms. There are 17 Undernet servers in the U.S. and Canada at companies such as America Online Inc., AT&T Worldnet and MindSpring Enterprises Inc. As in other distributed denial-of-service (DDOS) attacks, the servers are being flooded with phony information requests that overload them.

Jim Dreher, vice president of Internet product management at Princeton N.J-based RCN Corp., said the attack has had no impact on commercial operations that are run through its Erols Internet unit. "We haven't experienced too many problems and don't have any plans to take [an Undernet server hosted by Erols] down," he said, adding that the system "is pretty low maintenance."

Although Dreher said DDOS attacks are "always a problem on IRC," he noted that the chat technology is a minor serviice for most ISPs. "It's really the techie elite that use IRC," he said.

The other U.S. ISPs that host Undernet servers didn't respond to requests for comment by deadline.

Darren Reed, a software engineer and consultant at Optimation Software Engineering Ltd. in Melbourne, Australia, who was involved in some of the early IRC software work, said the denial-of-service attacks could add a significant amount of traffic to an ISP's network.

But for most Internet users, Reed added, the ongoing assaults aren't a big deal. "Unless you use IRC, I don't think this is something you should be worried about," he said.

Rick Forno, a security officer at Network Solutions Inc., a major domain name registrar in Herndon, Va., also said the attack against the Undernet shouldn't concern the general Internet user population.

"IRC is not used by that many people in the mainstream," Forno said. The only real impact, he added, is that some ISPs hosting Undernet servers are seeing increased traffic on their networks and Undernet users are suffering degraded IRC service.

But for some of the companies that host Undernet servers, the choice of whether or not to continue doing that could be an easy one, according to Reed.

"Traditionally, IRC has been run at many ISPs and universities as a 'guest' [service or] something a staff member has supported for personal reasons," Reed said. "With no real business case to support it being present, with crippling amounts of data entering networks to attack IRC servers, the choice about whether or not to keep the server isn't much of a choice at all."

Undernet administrators made much the same point in the notice posted on the network's Web site. "While [ISPs] are currently paying for the resources to provide a free IRC environment, they cannot continue to do so if they suffer substantial losses of business revenue," they warned.

This story, "Denial-of-service attacks still plague Undernet chat network" was originally published by Computerworld.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies