[09:09] Hey Hey :o) [L1] [09:10] Let's begin! We have an ambitious agenda so please ... settle in, turn on your logging ... and take note of your questions to ask during the pauses. [L2] [09:10] I'd like to welcome you all to the Undernet Channel Service OpSchool (Part Three). [L3] [09:10] We have a lot of very knowledgeable people there to help you. Just be patient after you ask your question :o) [L4] [09:10] You'll hear what Undernet considers abuse, survival skills for floods and netsplits, and an all-time favorite... [L5] [09:10] Now for the rules of the class.... [L6] [09:10] The teaching staff is divided up alphabetically. Each assistant will answer questions for the letter group they are assigned to: A-F_Tutor handles nicks starting with A through F and so on... [L7] [09:11] MiscTutor handles nicks beginning with numbers or characters such as ^, ], _, and so on, French is "AideTout", Spanish "YoAyudo", Romanian "EuAjut". [L8] [09:11] If your nick falls under the letter A, please use the tutor of the first letter in your nick (ex. Ace would /msg A-F_Tutor) [L9] [09:11] Please direct your questions by private message to the tutor who covers your name group. [L10] [09:11] The channel is moderated (+m) and may be set to invite-only (+i) to lessen interruptions. If you get disconnected, please message a tutor to be invited back into class. [L11] [09:11] You will not be permitted to change your nickname during this class. A ban on *!*@* prohibits nickname changes. [L12] [09:11] Do not message the instructor - My job is to keep the lesson flowing. Remember, you have tutors to answer your questions. [L13] [09:12] The numbers you see at the end of the sentences are lesson reference numbers. Both you and the instructors can use these as a guide to help you keep track of where you are in the lessons. [L14] [09:12] To get rid of disruptions of people leaving or quitting, you may wish to put these messages in your status window. In mIRC, go to options, and uncheck Joins/Parts in channel, and Quits in channel. [L15] [09:12] We will now take a brief pause in order for you to turn on your logging and locate your tutor. [ph] [L16] [09:13] SESSION A - FLOOD PROTECTION: Flood attacks are unfortunately not a rare enough occurance on the Undernet. [L17] [09:14] What is a flood? Flooding comes in several varieties, including: [L18] [09:14] CHANNEL TEXT FLOODS -- (multi lines of text sent to the channel chat window) -- are usually considered floods if over about 5 lines [L19] [09:14] NICK FLOODS -- changing nicks over and over rapidly causing the channel window to be flooded with nick change notices [L20] [09:14] DCC FLOODS -- attempts to send rapid and massive amounts of dcc chat requests and/or files to you [L21] [09:14] And finally CTCP FLOODS -- where a user rapidly sends ctcp info requests to you. These are usually in the form of /ping , /version , /time , etc. [L22] [09:14] Most client programs are setup to automatically respond to such requests by sending back the requested info. Therefore, your own system rapidly overloads itself and causes you to disconnect. This is why the CTCP flood is the most troublesome. [L23] [09:15] The other floods are annoying, but do not usually cause disconnects (with their associated loss of presence -- and therefore ops -- on your channel) [L24] [09:15] One other type of flood is an ICMP flood... This type sends massive data packets directly to your dialer connection and ties up your connection port. Your IRC client program therefore doesn't find time to respond to server pings and eventually times out and disconnects. [L25] [09:15] You can recognize an ICMP flood because your program will act like its locked up (no text coming in) and your modem lights will be very busy. Also, if you run a packet tracing program it can sound an alarm. [L26] [09:15] Note: For help on protecting against and tracing recent versions of the "blue screen" attacks (muerte, winnuke), join #help or #userguide. Some of these programs send OOB (out of band) packets to freeze Win95 or NT. Also see the Microsoft homepage for approved patches. [L27] [09:15] We'll cover what to do to defend against floods in a moment. [L28] [09:15] We'll pause briefly in case you have any questions that you need to ask your tutor. [ph] [L29] [09:16] Fortunately, every user has the tools already available to combat flooders in a responsible way. [L30] [09:16] NEVER retaliate against a flooder by flooding back. All flooding is wrong and abuses Undernet resources. [L31] [09:17] Here are some advice to stop flooders... [L32] [09:17] 1. Set up an alias key to *** /silence *!*@* . When a flooder starts, just hit that alias key. It will stop all CTCP and PRIVMSG from reaching you (use /silence -*!*@* to turn off). See the documentation for your particular IRC client to learn how to set an alias [L33] [09:17] Then you can also /ignore *!*userid@host on the offender to silence any channel flooding to you or DCC and /msg. Get their userid@host from a /whois. [L34] [09:17] As for ICMP floods, the only defense is to log in connected to a firewall ( run by your Provider - ask them for details) , or through a shell account or telnet connection. [L35] [09:17] These simple techniques are all any user needs to defend against most flooders. You should also set your DCC file get to "auto refuse" when you see a flood attack start. [L36] [09:17] Hopefully you won't be subject to any flood attacks, but these tools should help protect you. [L37] [09:18] In a moment, we'll go over how to log a flooder and report them to their Provider to request their account be suspended or removed.. [L38] [09:18] We'll now pause briefly so you can msg your tutor if need be. [PH] [L39] [09:19] CTCP and ICMP flooding are "denials of service" and are forbidden under internet rules (and are also felonies under U.S. law). [L40] [09:19] It's a good idea to log your status window at all times (this is where a ctcp flood will show up). In mIRC, just type /log on in the status window. It will be saved to a file called status.log in your mIRC directory. [L41] [09:19] When you detect a CTCP flood, you should get the /whois info on the flooder. That will include their userid@port.domain (if the user changes nicks, use /whowas within a minute to retrieve the info). [L42] [09:19] Even when a user is logged in with a fake userid, this information can be used by their Provider to trace them and identify the real user. You will need the exact time, date and time zone of the incident also. [L43] [09:20] You can setup a simple script to help get that info. For help with setting up scripts please join #help or #userguide. [L44] [09:20] Email webmaster@domain or you may try to look up the abuse email Address at http://www.abuse.net/lookup.phtml and email with a short log of the flood, and the userid@port.domain and time/date information. Be sure to send the email right away, many Providers delete their own port utilization logs every 24 hours or less. [L45] [09:20] In your e-mail, tell them that an abusive user from their site flooded you in an attempt at denial of service as indicated in the log you are including. Do not *attach* the log - copy and paste it *directly* into the body of your email. [L46] [09:20] If the user is using a hidden host with *.users.undernet.org please report it to abuse@undernet.org . [L47] [09:20] Tracing ICMP is a bit more involved. In windows 3.1, just enable IP tracing in winsock. The last few IPs shown in the trace from just before you got disconnected will show large packet sizes and the IP of the ICMP flooder. The problem with this, is most ICMP floods are spoofed and ISP will not act one them. [L48] [09:20] When you get back online, try a /dns to get the domain name of the user that flooded you. (this command only works in mIRC, ask someone to do it for you if you don't have mIRC). You can also try emailing to webmaster@ (example webmaster@123.456.78.10) -- just change the last set of numbers to a 10 in for the email address. [L49] [09:21] Another way to find the domain name of the IP numbers is to use a utility program like wsPing ... you enter the IP and select lookup or trace. It will try to find the domain name and report it to you. [L50] [09:21] Just like with the CTCP flood information needed, you will want to note the exact time and date and timezone when reporting the ICMP flood to the Provider. [L51] [09:21] A quick sidenote... While current versions of the most popular irc clients like Mirc, Pirch, and Virc support text enhancements like color, bold, underline, and reverse video, not all irc clients do. [L52] [09:21] In addition, abusive use of these features (intentional or unintentional) can disrupt normal channel conversation, flood yourself and/or other users, and is a waste of bandwidth. [L53] [09:21] For these reasons we'd like to ask you to use these features sparingly. [L54] [09:21] 2. There is another recently possiblity to avoid flood atacks over your client or ip you use.Users can now /mode +x for host hiding. This will show ident@username.users.undernet.org . ie: Nick is ident@username.users.undernet.org.You will need to be login with you registered username to X and than type /mode nickname +x . [L55] [09:22] We'll pause briefly again now so you can /msg your tutor with any questions. [ph] [L56] [09:23] SESSION B - NETSPLITS AND DESYNCHS: NetSplits and server Desynchs are two problems that we live with on the net. [L57] [09:23] They can range from merely bothersome to outright trouble. So lets take a minute to review them briefly. [L58] [09:23] Netsplits are caused when a hub gets overloaded and the routing buffers fail to handle the flow. Translation: Bad things happen, and a server disconnects from the network. [L59] [09:24] The most common symptoms that will show up are; 1) A sudden rash of quits by a group of users ; 2) a /luser showing less the full 41 servers means that some are split. However, some servers are only connected for parts of the day, for various reasons. [L60] [09:24] There is nothing you can do to prevent or cause a netsplit. If the split last more then a few minutes, you might want to change to another server and try to get onto the other side of the netsplit that way. [L61] [09:24] If X is gone from your channel due to a netsplit. You will need to wait patiently for it to return [L62] [09:24] Occassionaly, during a netsplit, servers will become desynched.. [L63] [09:24] You can recognize a desynch by some or all of the following.. [L64] [09:24] -- some people say they can see the topic on the channel and some can't (though there are other reasons this may happen). [L65] [09:25] -- users without ops are able to op/deop/etc others (those "invisible" ops are on a desynched server) [L66] [09:25] A Desynch is like a partial netsplit. The servers send incomplete (or un-time-sychronized) info to each other and get confused as to the status of user and channel modes. [L67] [09:25] There isn't much you can do about a desynch except "ride it out" ... or you can log into the server that the desynched ops are on and get the upper hand that way. [L68] [09:25] You can also resynch your channel by having everyone (including X) leave the channel so that it closes.. then rejoin the channel. [L69] [09:25] Remember, commands you send thru X to op/deop, ban, etc are then sent to *all* the servers by X... therefore, that is a way to effectively override a user that is riding a netsplit and giving you problems in your channel. However, you may be lagged to X, or they may be lagged to the person trying to cause trouble. [L70] [09:25] We'll pause briefly again now so you can /msg your tutor with any questions. [ph] [L71] [09:26] SESSION c - NEW CSERVICE WEB SECTION: [L72] [09:27] The new CService web section: "Complaints" is located at http://cservice.undernet.org/live . [L73] [09:27] Complaint Website was designed to assist users to the maximum and lessen the waiting period.It is user friendly so don't be afraid :o) [L74] [09:27] You need to be logged into your Username (for better and quicker result) or simply having an e-mail *that actually works* would be sufficient. [L75] [09:27] Complaint is usually replied between 3-5 days. [L76] [09:27] You may post a complaint regarding all issues - from username being suspended to abuse report with (preferably) or without logs (this will just takes longer). [L77] [09:27] Steps on complaint: [L78] [09:28] * Once you submitted a complaint, you will be issued a ticket number + link sent to your e-mail (if the e-mail you have on records doesn't work, you may specify which e-mail you currently have that can be used). [L79] [09:28] * Then you must click the link sent to your e-mail inbox to activate the complaint ticket. Failure to do this will result on the complaint not being process and deleted. [L80] [09:28] * Once this is done, you have nothing to do beside wait until an Admin review the complaint. [L81] [09:28] You can always check on the progress of the complaint with the ticket number you have by going to one of the 2 urls you have in the email sent by CService when you confirmed the complaint.One url is for visit the status,the other one is to close the ticket if your problem is solved. [L82] [09:28] Once the matter is resolved, you will be e-mailed regarding the complaint and the result. Then only the complaint ticket are closed by a CService Admin. [L83] [09:28] We'll pause briefly now so you can submit your "complaints" to the tutor assigned ;o) [ph] [L84] [09:30] SESSION D - LATEST NEWS ON UNDERNET: [L85] [09:30] The Undernet Coders have been working hard and steady on the improvement of Undernet servers.This brings new features for users. [L86] [09:30] One of those is the hide host option which was explained few minutes ago.But there are few more options :o) [L87] [09:30] * Users can now set +r on any channel they have ops in. If a channel is +r then only users who are logged into X (have a username) can join the channel, this can help a lot with flood nets. This is not restricted to registered channels, this feature is for all channels. [L88] [09:31] * Users can now be invited into any channel by an chanop they wouldn't normally be able to join because they are banned, the channel is keyed, invite only or registered users only. [L89] [09:31] * Users can now see who users are (the user's username) when they /whois another user who is logged into an X username. [L90] [09:31] * Your server will remember who you are logged in as, and will automatically log you in to X again after net splits so you don't have to log in again. [L91] [09:31] We'll pause briefly again now so you can /msg your tutor with any questions. [ph] [L92] [09:33] I'll save our other topics for next time.. when you can join us for OpSchool Part 1: "Username & Channel Registrations". [L93] [09:33] This script was made possible with the help of quite a few people. I'd like to thank the originators.. Pucker, MatthewA, D-in-Tx, Manning, Teal, SeKs, Coccyx, BitBT, Rotundo, Cyke, and more recently, DrCkTaiL, Lordluke, MarkT, Mikey-, Robinb, Signe and DaveB ..and who ever else that I forgot.:o) [L94] [09:33] I'd also like to thank all the people who volunteer their time to help out bringing up and presenting the classes.Without you it just wouldn't be possible to do this! Thanks :o) [L95] [09:33] Let's not forget past leader of OpSchool - Isaiah (CService Admin)...Rest in peace dear friend... [L96] [09:33] If you ever have any questions about the material you see here in Opschool or about the Undernet in general...please join #cservice. Cservice volunteers will be glad to try to help you with your problem...or if they can't they'll do their best to tell you where to go to find the help you need. [L97] [09:34] Our site can be found at http://cservice.undernet.org/main/opschool (you'll find more in a few days there:o) [L98] [09:34] I've really enjoyed teaching here today...I hope you have enjoyed being here and have learned something that will make your time on the Undernet more enjoyable...I want to thank you all for listening so politely :o) [L99] [09:34] You now have all the know-how you need to help yourself and others make the Undernet a friendlier place. I hope you will try out what you've learned and share with others. [L100] [09:34] This concludes our class, thank you for taking the time to attend. [L101] [09:34] We will now open the channel up for general questions. (Rev.nIckmenza 1/04/2006) [END] [L102]