Internet Relay Chat takeover

related topics
{system, computer, user}
{law, state, case}
{war, force, army}
{game, team, player}
{area, part, region}
{borough, population, unit_pref}
{group, member, jewish}
{car, race, vehicle}

An IRC channel takeover is an acquisition of IRC channel operator status by someone other than the channel's owner. It has largely been eliminated due to the increased use of services on IRC networks.

Riding the split

The most common variety of channel takeover uses disconnections caused by a netsplit; this is called riding the split. After such mass disconnections, a channel may be left without users, allowing the first rejoining user to recreate the channel and gain operator status. When the servers merge, any pre-existing operators retain their status, allowing the new user to kick out the original operators and take over the channel.

A simple prevention mechanism involves timestamping (abbreviated to TS), or checking the creation dates of the channels being merged. This was first implemented by Undernet (ircu) and is now common in many IRC servers. If both channels were created at the same time, all user statuses are retained when the two are combined; if one is newer than the other, special statuses are removed from those in the newer channel.

Additionally, a newer protection involving timestamping is used when a server splits away from the main network (when it no longer detects that IRC services are available), it disallows anyone creating a channel to be given operator privileges.

Nick collision

Another popular form of channel takeover abuses nickname collision protection, which keeps two users from having the same nickname at once. A user on one side of a netsplit takes the nickname of a target on the other side of the split; when the servers reconnect, the nicks collide and both users are killed from the server. The attacker then reconnects or switches nicks in a second client while the target reconnects, and proceeds to jupe (or block) the target's nickname for a period of time.

User timestamping is often used to detect these kinds of attacks in a fashion similar to channel timestamping, with the user who selected that nickname later being kicked from the server. Another protection method, called nickhold, disallows the use of recently split nicknames. This causes fewer kicks, but causes more inconvenience to users. For this reason, timestamping is generally more common. Some servers, such as ircd-ratbox, do both. IRC services and bots can also protect against such attacks by requiring that a password be supplied to use a certain nick. Users who do not provide a password are killed after a certain amount of time.

Other methods

Other methods can be used to take over a channel, though they are unrelated to flaws in IRC itself; for example, cracking the computers of channel operators, compromising channel bot shell accounts, having someone add you to a channel service's userlist, or obtaining services passwords through social engineering. Also, sometimes forcing everybody in a channel offline, (usually by flooding the channel), and then joining the channel before anybody is able to reconnect, worked.

Full article ▸

related documents
UAE (emulator)
Carrier sense multiple access
Distributed switching
Physical Layer
Batch processing
QRP operation
5ESS switch
Multiple-image Network Graphics
Backward compatibility
Signal generator
Automatic call distributor
System request
Talk (software)
Wireless community network
Gender changer
Wireless broadband
Image and Scanner Interface Specification
Samba (software)
Coda (file system)
Pulse-amplitude modulation
Java Platform, Enterprise Edition
Insertion loss
Video editing software