Internet
Relay Chat, or "IRC", was originally written in 1988 by Jarkko
Oikarinen of Finland. It was designed as a replacement for
another Unix chat program called "talk",
which allowed users on different computers to chat with one another
-- but only one-on-one, not as a group.
|
INTRODUCTION |
|
|
|
[ How It Works ]
|
|
|
|
|
MAJOR NETWORKS |
|
|
|
[ Eris Free Net (EFnet) ]
|
|
IRC IN-DEPTH |
|
|
|
[ What is a "bot"? ]
|
|
|
|
|
MORE RESOURCES |
|
|
|
|
© 1999-2003 Jeff Bonner. REPRODUCTION WITHOUT CREDIT IS PROHIBITED.
IRC is a multi-user chat system that allows users anywhere in the world to talk by way of a Telnet connection. This is done with "servers", which act as the hosts to which users connect. Once a number of servers are linked together, they collectively form a network. There are a handful of major IRC networks, and scores of smaller ones.
First, you choose a unique nickname (or "nick"). Then, by logging on to one of the servers with your "client" (a communications program that runs on your system, whether it be Unix, Windows, Mac, etc), you can chat with anyone on any other server on that network, no matter where they may be. This is normally accomplished by joining chat rooms, or "channels".
You can also send private messages between people (sometimes referred to as "whispering"), or do a "/whois" on someone in order to obtain more information. One other very unique feature of IRC is the ability to send files directly between users, known as DCC (direct client-to-client). This does pose a slight risk as you can see below.
A multitude of additional useful (and not so useful) commands are also available, often specific to the network you're chatting on.
Return to top
What makes IRC different?
IRC is constantly evolving. Changes can be made to the IRCd, or Internet Relay Chat Daemon (the actual program running on the server, which handles communications), to add new features or repair bugs.
IRC is in many ways superior to any other online chat system, such as America Online (AOL), web chat rooms, or ICQ. In particular, IRC channels effectively have no limit to the number of people who may join, whereas AOL, for example, is limited to 23 in each room. Furthermore, there is no charge to use IRC, and no membership requirements. All you need is ANY Internet Service Provider ("ISP"). Last but not least, AOL lacks "channel operators" (more commonly known as just "ops"); these people have the power to "kick" or ban abusive or problem users from a channel.
However, IRC is less capable in one respect: many newer systems can pull up a user's "profile", showing their name, age, perhaps a photo, and so on. While the IRC user can set a small (~40 character) description in their "name" field, this is the extent of it. Some hybrid web:IRC systems do manage to have profiles by kludging things.
It is important to remember that no one person or entity controls IRC, just as there is no "headquarters" for the Internet in general. (The one exception to this rule might be DALnet, where a single person does indeed control the entire network.)
Return to top
Communicate Worldwide
Internet Relay Chat has been thrust into the spotlight many times since its inception, with massive gatherings occuring on IRC to discuss breaking events:
- During the Persian Gulf War in 1991, information was relayed and families were able to communicate from thousands of miles away.
- In 1993, IRC users in Moscow gave live reports about the attempted coup against Boris Yeltsin.
- The 1999 resignation, subsequent return and pending retirement of talk radio host Art Bell was covered in length on Undernet.
- The Los Angeles Riots, bombings in Israel, past US Presidential elections, and even the Bill Clinton/Monica Lewinsky affair have garnered attention on IRC.
Most recently, IRC (and the Internet in general) served as a meeting place, and a clearinghouse, for information -- and speculation -- about the World Trade Center and Pentagon attacks in late 2001. The author was present on Undernet's #linux channel, chatting with other users and watching news as it was reported. Websites such as CNN were completely indundated with requests for more details; the event happened during business hours in the United States, where most people did not have access to a television at work, but did have a computer in front of them.
Being an unmoderated medium, IRC also allows news to be disseminated without censorship, which is not the case with many news organizations. Of course, this news is not always accurate.
You don't have to be interested in current affairs to chat on IRC, though. A great many channels exist just for friends to gather and talk about whatever they have in common. There are also a tremendous number of help channels on IRC, and of course, channels dealing with explicit sex, pirated software ("warez"), MP3 trading, etc.
Return to top
Eris Free Net (EFnet)
This network, generally considered as the largest of the IRC nets, wasn't "designed" per se... it just sort of formed. One of the first servers was named "eris.berkeley.edu", thus the network came to be known as "Eris Free Net" or EFnet. It is massive, in both number of users and servers.
EFnet appears to have many drawbacks, not only due to its design, but also because of their administrative philosophy. A multitude of hackers try daily to crash or disconnect servers, and to nuke users, often attempting to take over channels. Another serious problem is that the network operators don't think that channels "belong" to any particular group, even if they have used (and held control of) the channel for years. This type of anarchy is rationalized as "freedom", though many would beg to differ.
The general chaos on EFnet has resulted in a great many "netsplits", and an epidemic of "bots". With the creation of rival Undernet (below), several important revisions to the IRCd were made to address many of the problems seen on EFnet.
Almost half of EFnet's original servers resigned from the network in 1996 to form their own net, called IRCnet.
Return to top
UnderNet
Undernet was born in late 1992, as an attempt to improve on the various problems experienced by EFnet. The changes and additions made to the IRCd offer more channel modes, improve security, attempt to control "bots", and more.
With multiple bots on almost every channel on EFnet, much bandwidth is wasted as the servers try to accommodate the bots as they would human users. The solution Undernet offers is called "CService". Once registered, a channel's manager can have a special Cservice bot present in his or her channel at all times. Called "X", this bot maintain channel modes, keeps a list of banned users, offers protection from troublemakers, and more.
Another addition to the Undernet IRCd is timestamping. It serves at least two purposes: One is to prevent hacking ops when a netsplit occurs. (The explanation is beyond the scope of this document, but in essence it puts an end to one of the ways someone can take over a channel.) Another is that nick collisions now kill the newest person (more technical jargon, but simply put, it means one less way for someone to try booting you off IRC). Timestamping was so crucial that EFnet servers were updated to incorporate it.
Perhaps one of the best new features is the /SILENCE command. If your client supports it (and many do, including mIRC), it has enormous utility over /IGNORE, which only prevents your client from displaying messages from a user; they are still sent to you, you just don't see them. Silencing a nick cuts them off at the server, preventing them from flooding you in the first place.
The story of DALnet is, by anyone's account, a curious one. The founders, originally from EFnet's #startrek channel, were pondering a name for their new network when someone suggested DALnet, taken from the nick of one of these users, Dalvenjah Foxfire.
This network's IRCd introduced several new features: nicknames can be up to 30 characters long (normally they are limited to 9 characters); a new form of "NickServ" is used to allow registration and protection of nicknames; and "ChanServ" allows a user to start a new channel, protect it from takeovers and grant "ops", all without the lengthy CService registration process of Undernet. Yet another service, MemoServ, will leave notes for a user, even if they're not online at the time.
Unfortunately, DALnet has been plagued in the past with political troubles and infighting among its server admins, and Dalvenjah (Sven Nielson) has been accused of various improprieties. Of course, these issues are not unique to DALnet, and can be found on other networks.
DALnet's official home page can be found here.
There are scores of smaller IRC networks, many of which are specialized. Examples include Freenode (formerly known as OpenProjects), which focuses on Open Source Software, and QuakeNet, where people who play the game Quake gather. In fact, there are over 400 networks identified on irc.netsplit.de. There also exist some IRC-like networks.
The truth of the matter is, anyone can start their own IRC network: all you need is the software (IRCd), a server, and a (suitable) connection to the Internet. Of course, getting a significant number of users to join and stay on your network is a the real challenge.
A bot (taken from the word "robot") is simply a program, similar to your IRC client, that independently performs tasks in one or more channels. These chores might include protecting a channel from takeover attempts, giving "ops" to authorized users, offering help, sending files, greeting new users with information, and even playing games. Bots can also be used for "war" (destructive purposes), though the majority are not.
Bots usually run on a Unix-type platform, unlike most IRC clients, (which run locally on your home machine, typically Windows). This allows them to respond faster, and also to run continuously, since they have a persistent connection to the Internet. Unix systems also generally have more mature and extensive TCP/IP tools.
The term "Eggdrop" refers to a specific bot program that has been written and improved upon by many people over the years. It is far and away the most popular, and perhaps the most versatile, of all bots. Many other types are available, such as BlootBot, DarkBot, EnergyMech, and so on. Some are highly specialized and only perform one or two main tasks, like maintaining a database of help topics.
Undernet's X is also technically a bot, but much more rugged and independent. Since X actually resides on an IRC server, it enjoys certain privileges from the IRCd. One is that if it lose "ops" (the ability to control a channel), it can be re-opped automatically. Thus, channels are much less likely to be taken over by unsavory types (at least, not for very long).
Return to top
What is a "netsplit"?
Remember that most IRC networks are a massive web of interconnected servers. Using a highly simplified explanation, let's assume a small network called "LunaNet" has these 13 servers, "A" through "M":
|
A netsplit occurs when the link between any two servers is broken. Say, for example, you are on server J. If it splits with server K, it appears to you (and everyone else on the network behind you) that all users on server K have "quit". (However, if none of those users are in a channel with you, you won't see it happen.) What's worse, the users on server K see the entire network appear to quit.
Sometimes you can identify a netsplit by a user's quit line. The second server name shown (Detroit in this example) is the one that has split away from the rest of the network:
*** grub has quit IRC (atlanta.lunanet.org detroit.lunanet.org)
The resolution is to reconnect the link between servers J and K, if at all possible. If not, the IRC operators might instead establish a new link between, say, servers K and L.
Were a netsplit to occur between servers B and C, the network would be effectively "split" into two large, distinct groups of users, neither of which could see the other until the netsplit is resolved.
Not all IRC networks will exhibit this behavior; some are more stable than others and hardly ever split. Others do, but will not show a normal netsplit message.
Nukes, or more properly, Denial of Service (DoS) attacks, are attempts by a malicious person to
disrupt your connection to the Internet and/or crash your system. This is done primarily by exploiting
known vulnerabilities in the Microsoft Windows family, although many other operating systems and
platforms may be affected. Title 18, Section 1030(a)(5) of United States Code outlines the penalties for DoS attacks: They are
punishable by up to $25,000 in fines, up to ten years incarceration, or both. Pursuant to U.S. Title
47, Sec.227(a)(2)(B), a computer, modem or printer meets the definition of a telephone facsimile
machine. Thus, Sec.227(b)(1)(C) makes it unlawful to send any unsolicited advertisement to such
equipment, punishable by action to recover actual monetary losses incurred.
One thing to remember is that, while nukes are illegal, the operators of an IRC network have no
control over them and cannot do anything about them. This is because they are not facilitated by the
network; instead, the attacker is interfering with your computer directly.
Many of the most common nukes are aimed at Windows 95/98 and NT users who do not have the
latest patches from Microsoft, making them vulnerable to such attacks; there are variants for Linux
and operating systems. Other nuke attempts amount to flooding, for which the solution is not quite
as simple. These attacks can cause the following behavior:
These attacks can be carried out with a variety of ready-to-run programs, and are frequently
performed by someone with little or no knowledge of the Internet or IRC. The term "skript kiddie"
describes this sort of person, someone who runs malevolent software without needing to know how it
works. Regardless of whether you use a firewall, port blocker or other software, your Windows system
should have the latest patches to protect from a variety of nuke attempts and web infiltration. Many
of these can be found at Microsoft's Security Advisor website. Microsoft's Windows Update site has
patches for users of Windows 98 or later, and those with Internet Explorer 5.
GRC has a website that can inspect your system for certain security holes, and explains how to plug
them. It also gives information on some of the terms related to these online attacks. However, many
have accused its owner of scaremongering, or hyping problems beyond their actual severity. Your
mileage may vary. SecuritySource has an extremely comprehensive collection of exploit tests for virtually every
computer platform imaginable. These tests are free, although the more explicit results and
interpretation are reserved for subscribers. Another solution is ZoneAlarm from Zone Labs. This free firewall will completely intercept both
incoming AND outgoing traffic, protecting you from certain nukes and from trojans such as
BackOrifice. A nick jupe happens when a desired nickname cannot be used for some reason. There are several
ways this can occur. One would be if the IRC server itself disallows certain nicks, because of the
chance that hackers could exploit them. For example, back in the MS-DOS days, it might be
possible to trick a user into sending messages to a person supposedly named "COM1" -- which, in
reality, is the first serial (modem) port; this could result in the user disconnecting themselves.
Another way to jupe is to keep a bot continuously online, occupying that nickname and thereby
preventing anyone else from using it. A few networks have built-in services that let you register a
name, typically via "NickServ". Once registered, if anyone else uses that nick, they are warned that
the name is already taken... and if necessary, you can recover it by having them booted offline.
Ever noticed someone trying to DCC send you a file the moment you /JOINed a channel? (A
variation of this is sending when you /PART.) In either case, this is almost always a warning sign
that the user is trying to infect you with a virus or trojan.
Sometimes, they aren't even aware of what's going on... their client may have been unknowingly
infected, and is secretly offering its dangerous payload. If you make the mistake of accepting it, you
too will likely begin trying to infect everyone else! This problem has its roots in an early version of mIRC. It had a bug that would allow someone to
DCC send you a file called SCRIPT.INI, which it could be used to reprogram your client, unbeknowst
to you. The hole has since been patched, but a hacker could still trick you into accepting an .INI and
installing it, perhaps under the guise of an "upgrade". If you don't know what an .INI file does, DO
NOT accept it. Newer infections have also come along that spread with virus-like activity. Many of these end with
the file extensions .EXE or .VBS, and can be much worse than the original "bug" described above. A
host of new, malicious files now exist. What's worse, if you do accept a file, then try to scrutinize its filename on your Windows machine,
you often can't see the real file extension. This is because Windows "hides" the extension of
common files. For example, the file MOVIE.AVI.PFI could actually appear to you as MOVIE.AVI,
which you might then try to open. Subsequently, you may become infected.
So how can you protect yourself? There are a number of ways.
There are many other considerations for IRC security, especially with the advent of "always-on"
broadband connections like cablemodems. For details on how to prevent these kinds of problems,
visit NewIRCUsers.com. The site has an extensive collection of IRC tips, info, and problem-solving
ideas. Return to top
"Don't abuse children, or else they turn out like me." -- Prince