--[Bans and how to bypass them]--
Channel Operators might ban you after you have done something in their channel that made them angry :( .
To bypass a ban you first need to know the ban type. There are a few ban types:
1. nick!*@* - Bans you by your nickname. All you need to do is change your nick (by typing /nick newnick, or in raw session NICK newnick) and you can reenter the channel.
2. *!user@* - Bans you by your Ident (UserID). If your computer is not running an IdentD daemon (A win9x with mIRC for example) you can easily change your Ident by clicking on the File menu, selecting Options, opening the 'Connect' sub-tree, clicking the IdentD label and changing the User ID. If you are under a Unix / Linux machine that is already running an IdentD daemon, you can't change it because it automatically sets your ident username to your login name. To change this you need to logon to the IRC through a Bouncer because bouncers fake you IdentD.
3. *!*@host - You are banned by your IP / host. All you need to do is to connect through a firewall or a Wingate.
Some times the bans are more complex like ^TCG^!*@*.actcom.co.il.
This ban will prevent anyone named ^TCG^ with host that ends with .actcom.co.il
If you are interested here is the format:
Nick!user@host / IP
| | |_ The IP or hostmask.
| |_ Your username. The IdentD sets this. When running IdentD daemon it
| mostly not faked but when running windows or connection through a
| bouncer it is probably faked.
|_The user nickname. If might also contain wildcards like *T*C*G*. This will prevent anyone with the letters T, C and G (in this order) to join the channel.
Examples: ^TCG!*@*.actcom.co.il
| | |_________The server
| |_Your Ident user (defined as the wildcard '*', meaning ANYTHING)
|_Your nickname
As you probably know, channels have different modes. For example +o to make a certain person an OP (Operator), +b to ban a person etc'. To set a ban you type: /mode #Channel +b nick!user@host and to remove a ban you type /mode #Channel -b nick!user@host
On a raw session you don't need the '/'.
--[I don't like your nickname... / Gettingg a user off the IRC]-
The easiest way to get a user off the IRC is using a program called "Click2" for Windows.
If might not always work and it is considered extremely lame, but it might work sometimes.
After you got this program, do the following:
1. Set the "Packets to:" option box to "Clinet"
2. In the Server textbox fill-in the TARGET server. You can figure it out by doing a /whois or a /dns on the target's nickname.
3. In the Client textbox fill-in the TARGET IP address. You can also figure this by doing a /whois or /dns on him but if he uses any spoofing technique like a BNC or a Wingate it won't harm him even a bit (it may harm the Wingate / Firewall / BNC, though).
4. Be sure that you set it to send 64 packets every 1000ms in the 2 textboxes at the end of the window.
5. The client start port should be 1024 and the stop 1500.
6. Now hit nuke....
This is what you will see if it worked and you were in a channel, and the target in also in this channel:
*** Quits: ^TCG^ (Connection reset by peer)
(Or something likes this)
The target should see something like this:
*** [10053] Software caused connection abort
If it is not working, you won't see anything and he won't either. If he is running some packet-logger that logs ICMP packets he will see your IP but most users do not run these.
Another lame way is to try winnuking the address. I won't explain here how to do it and what winnuke is because it has nothing to do with this tutorial (see R a v e N's DoS tutorial for Winnuke information, as well as information on more sophisticated attacks).
Here is a more complex way.
You will need a flood program like "Floods". (Ask me if you want it)
After running it or any other flooding script that is based on clone loading you connect the clones to the target IRC server. (~6 clones should do the job)
Before we continue, I want to explain you how this works.
Each user on the IRC got something called SendQ and RecvQ. They contain the data the user is sending / receiving.
They also have a maximum value. If this value is achieved, the server will automatically close their connection.
Flood programs and flood scripts load clones (computer-operated IRC "users") and start sending lot of crap to the target nick, causing his RecvQ to fill up and he should get disconnected :).
So after you launched the program, you start flooding. I can't tell you exactly how because there are lot of programs and I can't explain you how every one works, but I can help you via my e-mail: [email protected]
There are also more advanced programs that support clone loading through firewalls and Wingates. When a user loses his connection to the IRC because of such an attack, everyone on every channel he was present on will see the following:
*** Quits: ^TCG^ (Excess Flood)
Another way of disconnecting a user from the IRC is exploiting a bug in his OS. You need to determine his OS and start this attack on him. There are lots of different types of attacks. To learn about them, read R a v e N's DoS tutorial.