Welcome to the undernet IRC 
network
HomeDocumentsNewsletterUserguidePromotionsClassWebmastersTranslatorsUUSNewsNews


:: #Userguide
User-com Home

#Userguide
About Us
Philosophy
Members
Biographies
Training
Guidelines
Volunteer

UserGuide Bot Manual
Help FAQ
Games

How to Join
Connecting
Server Listing

Undernet Home
Coder-Com Home
Routing-Com Home


     :: Mentors & Trainees :: #UG_Training

Training Class Log

   INTRODUCTION: Welcome to the #UserGuide training project. This instructional script is brought to you by the #UserGuide team of the Undernet User Committee. Please send comments, suggestions, or ideas to this mail address: userguide@undernet.org . Our website is http://www.user-com.org/userguide/. [INT1]
   This class covers all the information a volunteer needs to know to help other users. This class is held every time we get new volunteers on our team. The new volunteers will be put through this training and have the ability to ask the instructors about anything they didn't understand. [INT2]
   After this class, new volunteers will take a 30 question test and, provided they pass, they will choose or be assigned a mentor who has the same online time as them. [INT3]
   This channel is also set to +m. This means only instructors will be able to talk. This is set so as to prevent disruptions of the class.[INT4]
   #ug_training is also a secret back channel, used only for training, we set it to +i. This means you will need to be invited by your instructor(s) to rejoin if you experience an accidental server disconnection.[INT5]
   If you leave or disconnect, you can /msg an instructor to request an invite to rejoin the channel, [Meaning it would be a good idea to note who the instructors are by their nicks when the class begins, in case of just such an incident]. I'm the #UserGuide bot (if you didn't know it already), which means it is useless to /msg me during the class. :] [INT6]
   You are advised to log the session. Please turn on your logging now.[INT7]
   This project was developed with a lot of work from several members of #UserGuide. It was worked out to provide the new people who wish to help Undernet’s users with the necessary information and knowledge.[INT8]
   Helping people is a big responsibility. Wanting to help people is a great purpose, but you must have the necessary knowledge to do it well. If you can't help a user, it is not wrong to say that you don't know the answer, but it's bad to give a user an incorrect answer or to ignore a user.[INT9]
   Now we will start the class. Remember: don't be shy to ask your instructors about anything you don't find clear. They are here to help you and to guide you in your path of learning.[INT10]
   Observe, Learn, Pay attention, and Enjoy! :)[INT11]

   SESSION A - UNDERNET USER COMMITTEE: The Undernet User Committee is a group of users that volunteer their time to try to improve the Undernet. This committee covers a vast amount of territory, from educational classes and improving documentation, to holding special events and helping people online. You can view all the User-Com committees/projects, by clicking on their links at www.user-com.undernet.org.[A1]
   With such a large area to cover, the User Committee is split into smaller projects, allowing each project to focus on a specific area. Currently there are eight ongoing projects in operation, and each week brings another new accomplishment, another task completed.[A2]
   The Undernet User Committee is broken down into eight sub-committees:[A3]
   The Class Project - A weekly class that is run in #Class to help users learn more about IRC and the Undernet. Class is run in many different languages in case English is not your native/primary language. To find out what the class times are just “/msg Class timeclass”.[A4]
   The Newsletter Project - An informational newsletter containing various technical issues, IRC related items, web page reviews etc. The newsletter is put out at the start of every second month at the current moment, but is planning on going monthly with its issues in the very near future to give everyone more articles more often.[A5]
   The Webmasters Project - A group of webmasters that are responsible for the www.undernet.org and www.user-com.undernet.org web pages and making sure they are kept current and insightful.[A6]
   The Promotions Project - A group of people responsible for putting on live events in #LiveEvents for the users of Undernet.[A7]
   The Documents Project - This project gathers Undernet and IRC related articles to help inform users about historical and up-to-date information concerning what has happened and is happening on Undernet.[A8]
   The UUS Project - This project is preparing an Undernet User Script (UUS) to assist people on IRC that specifically use mIRC clients. Scripts for other clients, such as xchat, are in planning stages but will probably not be completed for a while.[A9]
   The Standard Response Project - This project is responsible for answering all the users’ mail. This includes the SRT (Standard Response Team). Also note that ONLY the team affiliated directly with SRT will be allowed to answer users’ mails individually. So please do not ever answer mails directly to a user, for it could mean you being removed from the User-Com and UserGuide mailing lists.[A10]
   The UserGuide Project - This is User-Com’s official help channel filled with users helping other users with any topic they need help with.[A11]
   The Undernet's #UserGuide Project is more than just another help channel, but rather a gateway between the User Committee and the Undernet community. The channel is staffed by User-Com members who help to 'guide' users by introducing them to the many resources that the Undernet has to offer, as well as providing help for both simple and advanced questions.[A12]
   Users on the channel will be treated politely and in a courteous manner at all times. #UserGuide ops should be patient and understanding. Users have the right to ask questions without being embarrassed. Members have to welcome and ask new people who join if they need any help, whenever they can, that make the user feel that he/she is very welcome.[A13]
   User questions are our first priority. We are here for the users. We make a big effort for the users, so our priority is the users and what they need.[A14]
   We try to keep the use of colors and sound limited because not every client supports it. We ask that the users not run any script that warns about colors, sound etc. Members should not use scripts that kick and ban automatically. The reason for that is that we get many new folks that may not understand why those things are happening to them.[A15]
   #UserGuide should always have available *awake* volunteers. Members don't have to be away and idle too much on the channel so as not to confuse the user when he/she joins; they also have to op themselves to show the user that they are available. Users can idle, observe and learn, as they want on the channel.[A16]
   Our channel members will work towards creating a sense of community in the channel. We should be inclusive of new IRC users and new channel volunteers alike, and we will work towards building a strong relationship with the Undernet community as a whole.[A17]
   New people willing to help have to send their request to userguide@undernet.org, to get a standard reply from the SRT (Standard Response Team). After that is done, they are asked to stay in the channel for a period of time only observing and learning how #UserGuide works. This is how you get used to being involved in #UserGuide’s training.[A18]
   With that done, the new volunteer will have to take a short test and, provided he/she passes, he/she will choose or be assigned a mentor for him/her from #UserGuide's members, preferably one who comes online at the same time as the volunteer. That mentor will teach and help the new volunteer with what he/she should know. In addition, he/she will see how that new volunteer acts and helps the users. The mentor will submit a report about him/her at the end of the mentoring period.[A19]

   SESSION B - IRC: Internet Relay Chatting information.[B1]
   Jarkko Oikarinen in the Department of Information Processing Science at the University of Oulu, Finland, developed Internet Relay Chat (IRC) in late August, 1988. His original goal was to create a communications program, which would allow users of OuluBox, a public access bulletin board service (BBS) administrated by the department, to have, Oikarinen explains, -USENET News-kind of discussion... in addition to real time discussions-.[B2]
   It is quite vague as to what happened next in the development of IRC as Oikarinen or any of the many others who participated in updating and improving the technology made no formal records.[B3]
   What is clear is that in 1989 Oikarinen convinced several friends at other Finnish and Swedish universities to run the IRC server program on their computers, which were on the Finnish network, which was itself inspired by the American BITNET network.[B4]
   IRC began to grow rapidly as it became a more global network. In August 1990, the network of IRC servers, which had grown from one to thirty-eight in number in under two years, split into several networks. By April 1997, there were about 30,000 visits to IRC servers per month.[B5]
   Just as interesting, is that users don't usually go by their real names. When you connect to a server, you're asked to provide a nickname, {or more commonly - a nick} and you can call yourself whatever you want.[B6]
   There can be any number of people going by the name John or Roboto or Xena or whatever (although some IRC networks allow you to -own- a specific nickname, Undernet does not), and things can quickly get confusing. You can change your nickname at any time with the /NICK command.[B7]
   IRC users meet in channels. The -official- definition of a channel, according to the technical description of the IRC protocol in RFC 1459, is -a named group of one or more clients, which will all receive messages addressed to that channel-. The definition says nothing about the content of the shared messages, but by convention, messages on a given channel are confined to one topic area.[B8]
   IRC is impressive enough on a standalone server, but its magic lies in the fact that IRC servers can be linked together into IRC networks, with each public channel accessible to any user connected to any server on that network.[B9]
   We always need to keep in mind that even though we are all 'anonymous' on IRC, we shouldn't abuse that privilege. Just as the Golden Rule says 'Do unto others as you would like them to do unto you,' we should treat people the way we would want to be treated (i.e.: nicks on Undernet are not owned, but people shouldn't take another's nick only to disturb the person).[B10]

   SESSION C - CHANNEL: A channel is like a room. It's a place where a number of people can get together and chat. This channel could have a theme, or just be a general meeting place like some of the larger chat channels. An example of a channel is #UserGuide or #user-com.[C1]
   Creating a channel is easy, type /join #channel. If the channel doesn't have anybody in ityou just created it. If there are people in the channel, you've just joined that channel.[C2]
   Before you can register a channel on Undernet, it has to be established, as you require a number of users to register a channel. An added requirement is that you, and all the supporters of the channel, have usernames. To register your username, you have to use the Channel Service (CService) web interface, which can be found at http://cservice.undernet.org/live/ and simply click on the -Register- link.[C3]
   This will load a page where you can register your username. Make sure you read the terms of use carefully and follow those guidelines closely as well. When you have registered your username and ensured all your supporters have registered their usernames, then you can take the next step and register the channel.[C4]
   To register your channel, visit the same website you used to register your username and use your registered username and password to login. When you have logged in, you can click on the -Register a Channel- button, which will take you to a form to complete. To register your channel, you'll need 10 supporters (not including yourself). Again, you must read carefully the instructions and follow the guidelines correctly for registering a channel.[C5]
   When you have submitted your application to register your channel, all your supporters must accept or decline their support for the channel. This can be done using two methods. The first is on the website. The users must login to the website http://cservice.undernet.org/live/ and they will be asked to confirm or deny support.[C6]
   The second is via the X support command. When the supporter logs into X, he will be given a message with instructions on how to support the channel. When everybody has accepted supporting the channel in either of these ways, it can take around 10 to 14 days for the channel to be completely registered, and for X to join. During this time, it is possible for people to use the website to object to the registering of the channel.[C7]
   CService, or Channel Services are the owners of the channel and username registration process. They're the people that allow use of the channel bot X. There is a document at the CService site: http://cservice.undernet.org/docs/guidelines.html that may provide a better description as to who they are, and what they do.[C8]
   As with anything, follow the channel rules. Some channels have a person or bot that will provide the rules when you join, others it just requires you to follow basic etiquette (called netiquette by many), like don't annoy people, don't be rude, don’t repeat text continually etc. If you ensure you follow the rules, then you're likely to be happy in the channel.[C9]
   The role of a ChanOp (channel operator = @ by their nick) is important to the functioning of the channel. A ChanOp is somebody with an amount of control over the channel, being allowed to kick (remove) people from the channel, and stop them from returning (banning).[C10]
   They can also set a topic for the channel. As this is an important role, you're often only given it when you're trusted in the channel, and as a ChanOp in a channel, you should respect the rules, and ensure you enforce them fairly.[C11]
   If you were banned because of breaking rules, you have to speak to the person that banned you, and promise that you don't do it again... and not break them again, otherwise you may find a permanent ban is set and enforced on you.[C12]
   If you were banned, and have access to X (minimum access of 75), you can remove the ban using the X command UNBAN, by typing: /msg X unban #channel banmask. If you still cannot remove the ban, try contacting another ChanOp in the channel.[C13]
   Here are a few useful websites.[C14]
   http://cservice.undernet.org - CService's home site.[C15]
   http://cservice.undernet.org/live/ - CService's channel and username site.[C16]
   http://www.user-com.undernet.org/documents/ - User-Com's documents site, some useful guides for channel managers, or ChanOps.[C17]

   SESSION D - IRC PROBLEMS:[D1]
   Opless channels normally occur when there are many users in a channel, and the operator gets disconnected or parts the channel without remembering to pass on operator status to another user.[D2]
   Another cause of opless channels is a netsplit. Sometimes, not all the data is passed between the servers, and people can loose ops in a channel. This can be an annoyance, and is normally the reason there are two bots in a channel, as it means there are normally two ops on different servers.[D3]
   What should you do when you loose ops: this depends on the number of users in a channel. For a low number of users, normally, you can get away with just parting the channel, and rejoining, making sure that all users have parted the channel. However, when it comes to larger channels, you need to get the assistance of somebody with IRCop status.[D4]
   To find an IRCop, you can use the /who 0 o (where the first 0 is numeric), or /who -oper *.* in ircII clients. This will display a list of IRCops that are visible to the users (i.e., don't have the usermode +i (invisible) set).[D5]
   When you have found an IRCop, you should make sure you have support to prove you have normally got operator status in that channel, usually via log files. When you know you have proof, you should contact the IRCop, using the /msg command. Please remember that IRCops are very busy people, and may not respond straight away, but do be patient as they will try assisting if they're able to.[D6]
   Some other IRC problems, such as clones/flooding, can cause you anguish. When you are flooded, always try to have auto protection in your IRC client or a bot that sets +mi quickly in the channel, that will protect your channel from being flooding with ctcp, msg, join/part, etc.[D7]
   If you need any help regarding an opless or very big clones flooding, join #zT or #nastrand and ask for help, but try to be patient.[D8]
   Quit Messages:[D9]
   Net Splits: these are not permanent quits, but are caused when two or more servers can no longer get messages to each other. This can be caused by many problems, such as high internet usage, causing slow communication between the servers, to people directly attacking a server (see document on DoS).[D10]
   Signs of a netsplit, are the quit message. Due to the changes in the Undernet code, netsplits are easier to identify by the message. Normally a netsplit's quit message looks like this: *** user has quit IRC (*.net *.split).[D11]
   Oper Kills: These are results of an IRCop killing a user. An IRCop has the ability to kill a user if they have broken rules. The quit messages look like this: *** user has quit IRC (Killed (oper (Demo Kill))).[D12]
   This is what all the users will see, and this is what the killed user will see: *** You were killed by Gaia (Demo Kill) Closing Link: user (Gaia (Demo Kill)).[D13]
   You should be able to reconnect as soon as you've been disconnected, as the disconnect was only a kill, and not a ban.[D14]
   Read/Write Errors:[D15]
   Read Error: A read error occurs when the server cannot successfully read data from a client connected to it. The quit message looks something like this: *** user has quit IRC (Read error to user: EOF from client).[D16]
   This error is cause when the server is expecting a file of certain length, but instead of getting that length of file, the server receives an EOF (End of File) error.[D17]
   Write Error: This occurs when a server cannot write information to a client. A server normally responds to client's information by replying with data of its own. When the server gets an error trying to write to the client, it disconnects the user, resulting in the error: *** user has quit IRC (Write error to user, closing link).[D18]
   Connection Reset by Peer: when a user sees this error message, it normally means they were disconnected, and the server reset the connection to the client. This kind of error can be caused by many issues, such as a delayed connection. *** user has quit IRC (Connection reset by peer).[D19]
   Ping Timeout: Servers automatically ping users regularly, to make sure that the user is still connected to the server. If a server doesn't get a reply from the user for a while, it disconnects the user, and they get the following error: *** user has quit IRC (Ping timeout).[D20]
   A ping timeout cannot be avoided. They are often caused by overloading of a client (too many internet programs running at once), overloading of a server (many users on a server), unreliable ISPs (user gets disconnected regularly), and many other causes.[D21]
   Connection Messages:[D22]
   Too Many Hosts: this is normally caused when you are trying to connect to a server, and you have clones, or multiple connections to the Undernet network. This can often happen if you have been disconnected, and are trying to reconnect again, and your ghost is still connected.[D23]
   This error can also occur if you have multiple sessions connected to the network, maybe you're running a bot or something like that.[D24]
   Throttled: Connecting too fast: this error normally occurs when you're trying to join a server, and your program is sending data too fast for the server to handle, so it slows your connections down. If this occurs, try waiting for a minute or so, or try another server.[D25]
   G:Lined - Open Proxy: this means that when scanning your host, Undernet found that the socks proxy port (1080) was open, and could allow remote connections. If you have a proxy server installed on your computer, make sure you have it set up to allow only connections from a restricted list of people, i.e., your private network.[D26]

   SESSION E - CHANNELS MODES: In examples of commands, #channel is the channel you're working with, for example #UserGuide or #user-com.[E1]
   Channel Mode +i: Mode +i is invite only. This means only people that are invited into the channel can join. This mode is useful for private channels or when your channel is under an attack. You can kick the offenders, set the channel mode to +i, and only invite the people you want into the channel.[E2]
   When the channel is set to +i, only channel operators can invite users into a channel, this is done via the /invite command (/invite user #channel).[E3]
   If you're not in the channel, and it has been set to mode +i (invite), and your channel is registered, you can use X to invite yourself by doing /msg X invite #channel.[E4]
   Channel Mode +p: Mode +p is private channel. This means, when set, nobody can see the channel on your whois if not on the channel as well. The advantage with this mode is it stops users from knowing the channel exists. Using the normal method to find a channel (/list) will not display the channels set to +p. The /names command will also not work.[E5]
   Channel Mode +s: Mode +s is secret channel. This is the same as mode +p, and means you cannot see the channel from outside of the channel, nor can somebody see the channel if they use /whois .[E6]
   Channel Mode +n: Mode +n is -No External Messages-. This means a user cannot send a message into the channel via the /msg command. This also works to stop people from using /notice to send messages into the channel when they're not in.[E7]
   Channel Mode +t: Mode +t is set if you only want channel operators to change the topic. You should set this mode if you only want the channel operators to change the topic and not regular users.[E8]
   Channel Mode +r: Mode +r is set if you want to limit the channel to registered users only. To be a “registered user” you have to have a username for X and be logged into it. This stops flooders while allowing normal users to join freely.[E9]
   Channel Mode +l: Mode +l is the channel limit. This mode can be set if you wanted to set a limit to the number of people in the channel. You can set the limit (or number) of users you want to limit your channel to. It is ideal to set this mode if you're subject to flood attacks from multiple users, as you can limit the channel to a number slightly higher than regular users.[E10]
   Channel Mode +k: Mode +k is set to make a password on the channel. Where pass is the password that you want to set on the channel. Once this mode has been set, you have to join the channel using the password; to do this you need to type the command: /join #channel - This mode is set if you want only known users to join, as it means only the users that know the pass can join the channel.[E11]
   Channel Mode +m: Mode +m is used to set the channel to moderated. This mode is used if you only want certain users to speak. Users that can speak are people with voice or channel operator status.[E12]
   To allow people to talk, even when +m has been set, you can voice the user(s). This mode is ideal to set also when users or flood bots flood a channel. It'll stop other users’ suffering from the effects of the bots, and will give you time to kick and ban the offending users from the channel.[E13]
   Channel Mode +b: Although this isn't a channel mode that affects all users, it is a channel mode. Mode +b is a channel ban. This stops a user from joining a channel if their details are the same as that set in a ban.[E14]

   SESSION F - IRC OPS: An IRCop (also called IRC Operator, oper, or irc op, and sometimes mistakenly called a mircop, IRCCOP, or just cop) is someone who has an O:line on one of Undernet's servers. This simply means that they have the ability to use some server commands that are restricted from ordinary users.[F1]
   IRCops also have the ability to use Undernet's services like Uworld and EUworld in attempts to keep Undernet together as a network. The primary responsibility of IRCops is to keep their servers connected to the Undernet.[F2]
   IRCops maintain the servers. That means that when a server is linked to Undernet, it needs to have at least one IRCop who takes care of it. Each IRCop represents one primary server (although they may have O:lines on more than one server, which are called backups) and should be concerned with keeping that one server connected and working well.[F3]
   To become an IRCop, get yourself a t-3 one hop off the national backbone, run your server and keep it up 24/7 then apply to routing-com to have it linked to the net. In addition, to become an IRC operator you could be chosen by the administrator of a server. Operators are supposed to be chosen as ones who are responsible, dedicated, knowledgeable people, who can represent the server’s presence on the net.[F4]
   See http://www.user-com.undernet.org/documents/operfaq.php for more info.[F5]

   SESSION G - IDENTD: An important configuration option is called IDENTD. IDENTD is the daemon (process) which runs the IDENT protocol - a system that helps the IRC server identify the person connecting.[G1]
   The IDENT is used on IRC to help tell one user apart from the other.[G2]
   Clients which have a working IDENT server installed are identifiable because their user@host information is not prefixed with a ~ (tilde).[G3]
   For example: ThisIsMe (ident@host.name.country) <-- IDENT is installed and detected. ThisIsMe2 (~email@host.name.country) <-- Ident Not Detected.[G4]
   Note that if the server checks for IDENT on your host and fails, it will use the front part of the 'email address' parameter instead.[G5]
   When IDENTD is running you have proof you are on a legitimate address. Most connections from hacked hosts or via stolen proxies are not idented, and for this reason, people without ident are often banned from channels, or occasionally from entire servers.[G6]
   Channel Ops: if you have problems with flooding or abusive users, banning non-idented clients often eliminates most of the hassle - /mode #yourchannel +b *!~*@* bans non-ident clients. This is another reason guests should try to get their IDENTD working correctly.[G7]
   The following are instructions for configuring IDENTD: mIRC: Click on File, then Options, then click on the plus (+) sign next to Connect. Click on IDENTD under Connect. The following information must be used:[G8]
   1) Enable identd must be checked.[G9]
   2) User ID should be the same as the first part of your email address found on the main connect page of mIRC. Example: if, on the main connect page, your email is blah@something.com, your user ID should be blah. (This prevents confusion of your identity if ident should fail).[G10]
   3) System MUST say UNIX (yes even though you are using Windows, UNIX is what goes in the system box).[G11]
   Linux: In Linux If you are not the Administrator of the box, please contact your system administrator for additional help. If you’re running a Linux system and are having trouble enabling identd, try looking for the package ‘identd-masquerade’.[G12]

   SESSION H - GENERAL IRC FLOODS: The main goal for flooders on IRC is to get you disconnected from the IRC server you use. A server usually disconnects you for sending too much data to it in a certain period of time, or if you try to send it data when it hasn't finished processing your previous data. Therefore, what flooders do is send you many CTCP requests and if you answer them all, you'll get disconnected.[H1]
   These kinds of floods are called CTCP floods. mIRC's flood protection and/or ignoring these people will stop this.[H2]
   PING FLOOD: Where the user rapidly pings you repeatedly until your system becomes overloaded and you disconnect. These are rare these days with the more advanced floods below, but they still happen.[H3]
   CHANNEL TEXT FLOODS: (multi lines of text sent to the channel chat window -- usually considered a flood if over about three lines).[H4]
   NICK FLOOD: changing nicks repeatedly rapidly causing the channel window to be flooded with nick change notices.[H5]
   DCC FLOODS: attempts to send rapid and massive amounts of dcc chat requests and/or files to you.[H6]
   CTCP FLOOD: where a user rapidly sends ctcp info requests to you. Most programs are set up to respond automatically to CTCP requests by sending back the information that was requested.[H7]
   System overloads itself and causes you to disconnect. This is why the ctcp flood is the most dangerous. Other floods don’t usually disconnect you unless they are rapid.[H8]
   If you are being flooded, the easiest way to stop it is to change your nick. However if that still doesn’t work, then you can try to /ignore the flooder. Do this by /ignore NICK or /ignore IP ADDRESS or /ignore HOST.COM or whatever their User ID is. This works for most flooders but not the tricky ones, like mutating ones who have multiple addresses etc. Then your best bet is just to hide ;)[H9]

   SESSION I - DOS ATTACKS: provides a general overview of attacks in which the primary goal of the attack is to deny the victim(s) access to a particular resource. Included is information that may help you respond to such an attack.[I1]
   The strategy of Denial of Service (DoS) attacks is to disrupt a client's access to a server's functionality. This can be done in several ways. One way is to flood the server with so many requests that it is unable to process all of them, and its service grinds to a halt.[I2]
   This is the method employed by distributed denial of service attacks. They compromise many machines, so that at a signal from a control machine, all machines send requests to a specific site. Automated tools are used to search for security weaknesses and compromise vulnerable machines, so thousands of machines may be involved in the attack.[I3]
   Source IP addresses are spoofed, so that the attacking machines must be tracked down one hop at a time. Because of the large number of machines and networks involved and the time it takes to contact ISP personnel to determine the source of a message, it may be hours or days before the attack can be stopped.[I4]
   Important things to do as a current or potential victim of packet flooding Denial of Service:[I5]
   1) Avoid FUD: FUD stands for fear, uncertainty, and doubt. The recent attacks have obviously been launched with provocation, hysteria, and overreactions in mind, due to the victims that have been targeted.[I6]
   2) Arrange with your Internet uplink provider(s): It is very important that you have the assistance and cooperation from your direct backbone and uplink network providers. The bandwidth used in DoS attacks is so major, that your own network probably cannot handle it, regardless of what you try.[I7]
   3) Optimize your routing and network structure: If you don't have only a host, but a bigger network, then tune your routers to minimize the impact of DoS attacks. To prevent SYN flooding attacks, set up the TCP interception feature. Details about this can be found at http://www.cisco.com or at your router manufacturer's hotline.[I8]
   Block the kinds of UDP and ICMP messages that your network doesn't require to operate. Especially, permitting outgoing ICMP unreachable messages could multiply the impact of a packet flooding attack.[I9]
   4) Optimize your most important publicly accessible hosts: Do the same on the hosts that can be potential targets. Deny all traffic that isn't explicitly needed for the servers you run. Additionally, multi-homing (assigning many different IPs to the same hostname), will make it a lot harder for the attacker.[I10]
   We suggest that you multi-home your web site to many physically different machines, while the HTML index site on those machines may only contain a forwarding entry to the pages on your actual, original web server.[I11]
   5) During ongoing attacks: start countermeasures as soon as possible. It is important that you start the backtracking of packets as soon as possible, and contact any further uplink providers, when traces indicate that the packet storm came over their networks.[I12]
   Don't rely on the source addresses, as they can be practically chosen arbitrarily in DoS attacks. The overall effort of being able to determine origins of spoofed DoS attacks depends on your quick action, as the router entries that allow traffic backtracking will expire a short time after the flood is halted.[I13]
   6) Assure that your hosts are not compromised and secure: There are many recent vulnerability exploits, and a lot more of older exploits out. Check exploits databases, for example at securityfocus.com, or packetstorm.securify.com, to make sure that the versions of your server software are not proven vulnerable.[I14]
   Remember, intruders HAVE to use existent vulnerabilities to be able to get into your systems and install their programs. You should be reviewing your server configuration, looking for security glitches, running recently updated software versions, and…this is most important, be running the minimum of services that you really need.[I15]
   7) Audit your systems regularly: Realize that you are responsible for your own systems, and for what is happening with them. Learn sufficiently enough about how your system and your server software operates, and review your configuration and the security measures that you apply frequently.[I16]
   Check full disclosure security sites, for new vulnerabilities and weaknesses that might be discovered in the future in your operating system and server software.[I17]
   8) Use cryptographic checking: On a system, on which you have verified that it has not already been broken into or compromised, you are urged to set up a system that generates cryptographic signatures of all your binary and other trusted system files and compare the changes to those files periodically.[I18]
   9) Shut down your systems immediately during ongoing attacks and investigate if you detect an attack emerging from your networks or hosts or if you are being contacted because of this, you must immediately shut down your systems or at least disconnect any of the systems from any network.[I19]
   If such attacks are being run on your hosts, it means that the attacker has almost-full control of the machines. They should be analyzed and then reinstalled. You are also encouraged to contact security organizations or emergency response teams.[I20]
   CERT (www.cert.org) or SANS (www.sans.org) are some places where you can always request assistance after a compromise. Also, keep in mind that by providing these organizations the data from your compromised machine(s) left by the attacker is important, because it will help them tracking down the origin of the attacks.[I21]
   Useful URLs - http://grc.com/dos/TheInternet.htm - http://www.cisco.com/warp/public/707/newsflash.html -[I22]
   http://www.infoworld.com/articles/fe/xml/01/05/28/010528feedge.xml -[I23]
   http://www.nipc.gov/warnings/advisories/2000/00-063.htm -[I24]
   http://www.auscert..org.au/Information/Auscert_info/Papers/ddos.html -[I25]
   http://www.zdnet.com/products/stories/reviews/0,4161,2645417,00.html -[I26]
   http://www.ealaddin.com/news/2000/esafe/eSafeDDOSApplets.as -[I27]

   SESSION J - ABUSE AND TAKEOVERS: A channel takeover is a situation that one would describe as following; A channel that is being owned (or rather managed) by a certain person who the other ops/users of the channel do not consider to be the real manager.[J1]
   Concrete this would mean that someone gets ops on a channel, deops all the other ops in that channel, and thus takes over the channel, as the normal ops have in such case no more way of controlling their channel. The person that is in a case like that taking over the channel then has all power over the channel and he/she decides then who stays, who is kicked out/banned and who gets ops.[J2]
   A first way to get your channel back in such case is waiting until the op disconnects or goes out of the channel and loses his/her op. If you then get to rejoin as the first person, you will get ops, and the channel is then again yours.[J3]
   This will not always be possible. Some people that take over channels put bots in the channel that then provide them with ops, and keep the channel ops in such cases. Or in other cases, there are simply too many people in a channel to rejoin after a channel has become opless (no people have ops in the channel anymore), and you would first have to get them all out voluntarily before you can rejoin as first and thus get ops.[J4]
   In such cases, the only people that can restore the normal channel situation are IRC Operators. IRC Operators (ICRops) are people appointed by server administrators (people who run IRC Servers) to make sure that the IRC Server and the IRC network run smoothly and to protect the users on the network. IRC Operators use a special service called Uworld to obtain ops on a channel (even without a bot or anybody else having ops).[J5]
   So after a takeover, you would have to contact an IRC Operator/IRCop. UnderNet has specific channels for dealing with cases such as takeovers and other abuse. We at #UserGuide do not provide IRCop help, so if you are a volunteer on #UserGuide you would have to refer people suffering from a takeover to the channels that do.[J6]
   Channels that deal with takeovers and other abuse are #zt (Zero Tolerance), #irc_help, and #nastrand. As a UserGuide volunteer, you would refer people to one of those channels preferably. It is only normal that you have to prove that you manage the channel before you can get ops back on your channel. Everybody can go and say in such a channel that his/her channel has been taken over.[J7]
   The best way to prove that you are the channel owner/manager is keeping logs on the incident. For example, if you have all IRC Sessions of yourself logged, you can prove with those logs that an actual takeover occurred. Alternatively, if you have logs of earlier IRC sessions showing you being opped regularly, etc., these can help in proving that this is your channel.[J8]
   Once members of one of the two channels above have taken notice of your situation, they will investigate the takeover and try to solve it in a mature way. If this seems to be impossible, an IRC Op will be asked to handle the matter by deopping the persons taking over the channel, opping you and taking further sanctions. Channel Takeovers are prohibited by the general guidelines and will be handled as abuse with further consequences to follow[J9]
   If you normally do not log the sessions yourself, maybe other people in the channel do. So ask around to get logs, if possible. If getting logs of a channel takeover is not possible, another way to prove that you are the channel manager or a channel op, is to get a few people ready to state that the channel is yours. If a volunteer comes in the channel,[J10]
   He will surely ask around if the information you gave is correct, and if other people are ready to prove this, you will be regained ops and the matter will be solved.[J11]
   The best way to protect yourself against possible takeovers is registering your channel with the UnderNet Channel Service (in the channel as X). The world Channel Service does explain a lot. X is a bot that takes care of all channel operations. It can op people, kick people, set/reset channel modes and much more. The most important advantage of the UnderNet Channel Service is that it cannot be deoped or kicked of the channel.[J12]
   Thus, X is always on the channel, and always has ops, unless you tell X yourself that it should leave. Other than that, the possibility of a channel takeover is neutralized. When X splits for any reason (Netsplit, service restart or other reasons), it will, when it comes back, automatically regain ops and serve you. More information about obtaining the channel service can be found on http://cservice.undernet.org.[J13]
   Another way of protecting a channel against a channel takeover is placing a bot yourself on the channel. There are several types of bots that in a way can provide similar functions as the UnderNet Channel Service.[J14]
   However, one disadvantage about these bots is that, a bot you place yourself can be kicked of the channel, CAN be deopped, and is no guarantee of keeping the channel modes as these types of bots, sometimes quit and reconnect and thus lose ops in a channel. More information about bots in general can be found in other documents on this site.[J15]
   It, of course, stands without notice that the number one way of protecting your channel against takeovers and other abuse is being careful about who you op in a channel. In other words, who is to be trusted and who is not. Do not just op anybody in a channel, be careful about who you op, and in general, who you let in your channel.[J16]
   If a person is causing trouble in a channel, one has to keep the responsibilities of an op in mind, and respond with appropriate action. That is what managing a channel, or being a channel op is all about.[J17]

   SESSION K - BOTS & SCRIPTS: 1. There are different kinds of bots:[K1]
   A bot is in fact a service on a channel (either put on there by a user or by Undernet itself) that provides the channel operators and users with all necessary functions to manage a channel. A few of these management functions are opping people, setting channel modes, setting topics, etc...[K2]
   There are also kinds of bots that not provide any kind of channel service, and these will be addressed shortly in a lower paragraph.[K3]
   A. Undernet Channel Service: The first and without any doubt most popular -botservice- found on the Undernet is the Undernet Channel Service, also known as X. X is run and administrated by the Channel Service Committee, and runs on its own server channels.undernet.org.[K4]
   You can not really call -X- a bot, X is in fact much better then normal bot systems (like eggdrops and mIRC bots) and it is completely safe when it is put on a channel, an advantage that you cannot always guarantee with other, personal bots.[K5]
   B. Eggdrop bots: An eggdrop bot is a program, mostly used on unix/linux systems that are especially written to run on IRC channels and provide functions to channel users.[K6]
   An eggdrop bot is addressed to, by using the /msg command or in DCC-chat to the bot. An eggdrop bot loads channel files and user files.[K7]
   If you want to use a bot residing on a channel, the best thing to do is to ask the channel owner or the bot owner how to operate the bot. He/She mostly knows exactly how the bot is made, what functions it has and how to use it.[K8]
   To have your own eggdrop bot installed, you first need a Unix Shell or a computer running unix connected to the internet. For more info on eggdrop bots, you can go to http://www.eggheads.org/ or http://www.egghelp.org/. There, you can find all the necessary info on how to install a bot and how to get extra scripts for it.[K9]
   For the eggdrop bot service, there is also a version for windows available called Windrop.[K10]
   C. mIRC bots: mIRC basically provide the same functions as eggdrop bots but probably the biggest difference between both is that mIRC bots, as the title may let assume, that mIRC scripts in fact run under mIRC as a script.[K11]
   mIRC bots are thus, in fact normal mIRC clients, using a special script that allows the client to perform commands like other bots do. More info on mIRC bots and mIRC scripts in general can be found on http://www.mircx.com.[K12]
   mIRC bots also work in the same way as eggdrop bots, therefore it is also quite impossible to provide you with a commands list. With the variety of scripts that exist to be used as a bot, there are so many different commands, so many different functions, etc...[K13]
   With bots in general, one must be very careful in following it. Not all servers allow bots to connect to them and therefore you should read the AUP (or MOTD) of the server before letting your bot connect to them. It may very well be that a server refuses the connection of multiple clients from the same host, or your bot is killed when is found out that it actually is a bot. That mean, only connect your bot to servers that allow any bot[K14]
   D. Other kinds of bots: The last kinds of bots, that will be addressed very shortly here, are abusive and takeover bots. Contrary to the bots described above, these bots in no form or fashion, provide services to users. The only things they do are mess-up the network and are therefore strongly prohibited by Undernet.[K15]
   For instance clone bots are bots that multiply themselves when connecting to the network, all entering the same channel at the same time, parting, etc., so that the users on the channel lag, disconnect, etc. Clone bots abuse channels and users in general.[K16]
   2. Scripts: Standard Chat clients like mIRC, ircII, BitchX, X-chat, etc., can be *upgraded* by adding so-called scripts.[K17]
   Chat scripts, are a part of the chat program that you can add to, for instance to mIRC and that provide you with extra functions. Those extra functions can be funny talk in the channel, automatic login to X, flood protection, and mostly have nice backgrounds and colors to work with your client. Many people use scripts because they make it easier for you to work your client and sometimes save you a lot of time when using a service like X.[K18]
   More information on scripts, and to download scripts (for mIRC) you can go to http://www.mircx.com.[K19]

   SESSION L - General COMMANDS: This document has been written to serve the basic commands on IRC and some commands may vary depending on your IRC client. The most common clients have been covered.[L1]
   /server [password]: This command connects to the server you typed in. For example: /server austin.tx.us.undernet.org 6667 , This command lets you attempt a connection to Austin's UnderNet[L2]
   /nick : This command changes your nickname to the nickname specified. For example: /nick NewNick , *** Your nick is now NewNick , Or for BitchX/ircII Clients: >> You (YourNick) are now known as NewNick.[L3]
   /whois : This command shows details about the user . For example: /whois NewNick , *** NewNick is user@host (Your Real name) , *** on channels: #channel1 #channel2 , *** on irc via .[L4]
   /msg : This command sends a message to the person . For example: /msg user Hello :) *** - user - Hello.[L5]
   /me : This command is used to perform an action in a channel or in a message. For example: /me goes to make a cup of tea, *** user goes to make a cup of tea.[L6]
   /join [key]: This command is used to join the channel . If a password is required for the channel, you can specify it as the key.[L7]
   /part #channel [part message]: This parts the channel with an optional part message.[L8]
   /list : This command searches through visible channels, for the keyword provided.[L9]
   /names : This command displays a list of VISIBLE users in a channel. This command will not display any results if the channel is set to private (+p) or secret (+s), or the users in the channel are set to invisible (usermode +i).[L10]
   /away : This sets an away message, so if somebody uses the /whois command, they are able to see that you are away.[L11]
   /quit : This command quits IRC, with the quit .[L12]
   /query : This command is used to send a message to the person . The difference with this, to /msg is that the /query command opens a dedicated window (in mIRC), or dedicates the active window (in ircII) to the current messages.[L13]
   /ctcp ping: This command is used to calculate the time it takes a message from one person to reach another person. The reply is normally based on unixtime and is normally converted by the program you are using. Most IRC clients have a built in replacement for this command that performs the same command. An example is /ping instead of /ctcp PING.[L14]
   /DCC CHAT : This command is used to open a direct chat with the person . This command bypasses the use of servers on the IRC network and links two people together to allow them to chat immediately caused by servers. For example:[L15]
   /DCC SEND : This command is used to send files between one or more people.[L16]
   /topic : This command is used to set or change a topic in a channel.[L17]
   /kick : This command is used to kick somebody out of a channel.[L18]

   SESSION M - TROJANS: Most of you already know this but those that don't a brief summary can be found here: http://darter.ocps.k12.fl.us/classroom/who/darter1/trhorse.htm.[M1]
   A Trojan does pretty much the same. It invades your PC pretending to be something funny, nice, or cool, etc. It then opens up your pc for further attacks (or something much worse: delete data or send passwords to the creator of the Trojan). A few well-known Trojans are Sub7, NetBus, etc.[M2]
   First thing we will talk about is give a few simple RULES so you can be sure you NEVER get a Trojan.[M3]
   1. NEVER EVER open attachments without SCANNING them. If they come from an unknown source just throw them away. If it was important, I'm sure that person could have said so in the mail.[M4]
   2. NEVER EVER open attachments with a DOUBLE extension. Examples: file.txt.pif, file.jpg.vbs, etc. Windows sometimes HIDES the last REAL extension. The only way of knowing what it is then is to look at the icon in Outlook Express. If the ICON isn't what it should be judging by the last extension you see, just throw it away then.[M5]
   3. ALWAYS put DCC on ignore for ALL FILES. Use the DISABLE for 3 minutes feature if you need to receive a DCC. NEVER EVER set AUTOMATIC DCC receive. This is how many IRC Trojans spread.[M6]
   Now what to do if you have been INFECTED: Start with a visit to www.nohack.net.[M7]
   The site offers the most UP-TO-DATE info on Trojans and THEIR FIX. So, if you have been infected you can go to that site and download a cleaner.[M8]
   Also the Symantec Antivirus site is a good place to look for a cleaner.[M9]
   http://www.sarc.com/ => all new virus / Trojan alerts + a GREAT database of known ones.[M10]
   http://www.symantec.com/ => AntiVirus / Trojan products + online scanner.[M11]

   SESSION N - UNDERNET and UNDERNET ADMINISTRATION: How the UnderNet network works.[N1]
   The UnderNet may seem very simple to the common user, but behind the scenes, there are many people hard at work for the users. Many people devote their time to performing many necessary tasks for maintaining the UnderNet.[N2]
   The UnderNet is comprised of many different committees and subcommittees. Each committee tries to work with one another to create a better network and to maintain network stability.[N3]
   There are a total of five committees and seven subcommittees.[N4]
   Channel Service Committee - Provides an easy method for registering channels in order to maintain channel stability, to prevent takeovers, and to manage a banlist and userlist. CService has three groups - registrations, abuse, and help channel.[N5]
   The CService home page is located at http://cservice.undernet.org. CService's main e-mail address is cservice@undernet.org.[N6]
   Coder Committee - Concentrates on the continued development of the IRC protocol with the goal of making the UnderNet a more efficient chat network.[N7]
   The Coder Committee home page is at http://coder-com.undernet.org/. Their e-mail address is coder-com@undernet.org.[N8]
   UnderNet User Committee - Provides UnderNet users a place to give their thoughts. This committee has seven subcommittees - #UserGuide, Webmasters, Documents, Promotions, Newsletter, UUS and Class.[N9]
   The User-Com home page is located at http://www.user-com.undernet.org. The committee's main e-mail address is user-com@undernet.org.[N10]
   North American Routing Committee - Views current IRC Servers and evaluates new applications for servers. The goal of the committee is only to link the most qualified servers.[N11]
   European Routing Committee - Acts the same way as the NA Routing Committee, except for focusing only on European Servers. Having separate committees insures the utmost attention is given to this task.[N12]
   Both Routing Committees’ home pages are at http://www.routing-com.undernet.org. Their e-mail address is routing-com-announce@undernet.org.[N13]
   The Undernet also consists of volunteers known as IRCops. These people, picked by server administrators, have the job of maintaining the network. To find an IRCop for assistance, type /who 0 o or /who -oper for UNIX. Remember these are busy people; don't get mad if they don't respond at first.[N14]
   The UnderNet FTP site, ftp.undernet.org, is a great place to find out more information about the UnderNet. Included in this site are history, IRC documents, servers, scripts, clients, pictures, mailing list archives, and miscellaneous utilities.[N15]

   SESSION O - UNDERNET DOCUMENTATION: How to retrieve important and useful documents.[O1]
   As an Undernet user, you have access to a number of documents that help you have an excellent experience online. There are two main sources of documents, HelpBot on IRC, and the Documents Committee.[O2]
   When you are in your web browser, you can go to the Documents Committee Web page. This page is very useful in finding what you need, whether it is the Undernet FAQ or the History of the Undernet.[O3]
   The Undernet Documents Committee can be e-mailed also. E-Mail them if you have any ideas for documents or if you have any comments or suggestions for them. Their address is documents@undernet.org.[O4]
   Their web page is located at http://www.undernet.org/documents/. At this address, you can find various documents including beginner, advanced, technical, and historical documents.[O5]
   If you don't want to go to the WWW, there is a bot online on the Undernet, called UserGuide (that’s me!). UserGuide has many uses and various services.[O6]
   To use UserGuide, type -/msg UserGuide genhelp-. This will give you a list of commands from which you can choose.[O7]
   A reminder, that because the Undernet is run strictly by volunteers working on their spare time, please read all of the appropriate documentation before asking for help from any of the committees.[O8]

   SESSION P - OTHER UNDERNET REFERENCES: There are many help and assistance channels on the Undernet. There are also many knowledgeable people that can help you out with problems you may have. Here are some places on the Undernet you can go for help:[P1]
   #UserGuide - Undernet User-Com's help channel, for all general help.[P2]
   #user-com - Undernet User Committee's home channel, always staffed with helpful people.[P3]
   #zT and #nastrand - Technical help channel, usually for technical help and channel difficulty.[P4]
   #CService - Undernet Channel Service. Help with X and information on how to use it.[P5]
   #Help - Help available for more experienced users, along with newbies.[P6]
   #OpSchool - A CService Class similar to #Class. Visit http://cservice.undernet.org/main/opschool/ for more information.[P7]
   The Undernet also provides e-mail addresses where you can get help. Here are a few which you should know.[P8]
   cservice@undernet.org - Channel Service mailing list.[P9]
   opschool@undernet.org - OpSchool mailing list.[P10]
   abuse@undernet.org - Abuse or misuses of power, e.g. IRC operators, NOT channel affairs.[P11]
   help@undernet.org - For more experienced users along with newbie help.[P12]
   user-com@undernet.org - User Committee mailing list.[P13]
   As explained before, if necessary, you can get an IRCop to assist you. In addition, Undernet has a homepage with useful resources at http://www.undernet.org.[P14]

   SESSION Q - OTHER GENERAL REFERENCES: Where to find the places mentioned in this class.[Q1]
   Besides using HelpBot and the Documents Committee, there are many other places to go for help that were mentioned earlier. Many resources are available such as IRC channels, Web sites, and e-mail addresses.[Q2]
   Floods - NudeDude's NoFlood Document - Available at Document committee web site - http://www.user-com.undernet.org/documents/.[Q3]
   DoS Attacks - For patches - http://mirc.stealth.net/nuke/ - For Information - http://www.irchelp.org/irchelp/nuke/. Puppet's Page: http://www.dynamsol.com.[Q4]
   Scripts and Bots - Channels - #eggdrop and #darkbot. URLs - www.ircops.dk/how-to/emech, www.eggheads.org or http://www.egghelp.org/, http://www.darkbot.org/. - BotDoc - http://www.user-com.undernet.org/documents/botdocs.php.[Q5]
   Advanced Commands - IRC Command Cosmos - http://www.irchelp.org/irchelp/misc/ccosmos.html.[Q6]
   UnderNet Administration - CService - Channel Service Committee - CService@undernet.org - http://cservice.undernet.org - Coder-Com - Coding Committee - coder-com@undernet.org – http://coder-com.undernet.org.[Q7]
   User Committee - user-com@undernet.org - http://www.user-com.undernet.org - NA and EU Routing-Com - Routing Committees - routing-com@undernet.org - http://www.routing-com.undernet.org.[Q8]
   Documentation - Documents Committee - http://www.user-com.undernet.org/documents - UserGuide - /msg UserGuide genhelp - Misc. Help Channels - #UserGuide, #help, #mIRCHelp, #mIRC, #pIRCH, #CService, #newbies - For various documents and help, check out UnderNet's FTP site at ftp://ftp.undernet.org. Also for general IRC help, look at www.irchelp.org.[Q9]

   SESSION R - IMPORTANT THING: Official volunteer guidelines. This document describes the guidelines, which official volunteers are to follow. Keep in mind that these are guidelines and not rules.[R1]
   How to act as a volunteer on the channel:[R2]
   A couple of guidelines to remember when helping in #UserGuide are: 1- You are there to help the user. 2- There are no such things as stupid questions. 3- Be polite.[R3]
   You are there to help the user, this the most important thing when in the channel. When for some reason you can't help in the channel then don't idle in the channel. Of course, the 5-minute break is allowed.[R4]
   There is nothing more frustrating for a user than to enter a help channel and to see it full of idle people. A user generally gives a channel only one chance. One mistake and he/she is gone.[R5]
   There are no such things as stupid questions, the user can ask any question he likes. Even the ones that are described in the help files. Don't worry if you don't know the answer to the question, maybe someone else does. In that case, let the user know that you don't know the answer and point him to someone else, or to the Userguide list.[R6]
   Be polite, no matter what the user says, asks or does. Just greeting a joining user when he comes in the channel creates a pleasant and friendly atmosphere for the user. Of course, this only works if there are only one or two volunteers greeting.[R7]
   Keep in mind though that polite doesn't mean that people can walk over you. Therefore, should a user start harassing you or other users, give him a fair warning first. If he continues to harass you or other users, you can kick him. Keep in mind the possible lag though. Should he keep harassing you in private, you can just /ignore him. If such things happen, keep a log handy in case the user complains so you can show that he deserved it.[R8]
   Never reply back with insults or anything like that. Most users who are out to cause problems just like the attention back; the quickest way is to get rid of them politely as fast as possible.[R9]
   Keep these three simple guidelines in your mind when helping users and they will bring their own rewards.[R10]

                                        :: Trainees :: #UG_Training :: Mentors :: Back To Top ::



Copyright 2008 - Undernet User Committee
Copyright © 1994 - 2012 - Copyright notice and contacts. Please read our Acceptable use policy There are currently 17030 online