Speedy knows a lot about protection from flooding, and here he shares his insight. Speedy is not one to leave any details out, so get started reading now.


Basic Flood Information:

Flood. If you've been online for some time, you must have heard this term. Some people say it with fear or sadness, "someone is flooding me." Others say it with a strange evil satisfaction, "I'm going to flood you! Mwahahahahaaa!!!11." Even the name is enigmatic, it triggers a primordial fear in every one of us. The first time I heard it, I was intrigued, "What does a natural disaster have to do with the Internet," I thought. Well, let me explain.

You see, Internet-related flooding means sending (or receiving) a huge amount of data in a very short time. If you ever visited a kindergarten where all kids talk to you at the same time and you can't understand or answer any of them, then you know what I mean. :) Of course, the kids are fun, Internet flooding isn't.

Text Flood

On IRC, the most common type of flood is text flood. This happens when someone sends a lot of text in a channel or a private message, causing the chat window to scroll a lot in a very short time. This could be caused by pasting a large amount of text from the clipboard, using large pop-up texts or poorly written scripts to show colorful text-images or huge letters, flowers, puppies, cows, teddybears and so on, or, in some rare situations, by a lagged server. Such a large amount of text or number of lines in a few seconds are considered annoying by the channel operators, and some run protection bots which automatically kick a person who sends more than 4 or 5 lines or more than a couple hundred characters in less than a few seconds. Also, the IRC server itself has a protection limit; if someone sends more characters than this limit in a second, the server will automatically disconnect the person with the message "Excess flood."

Keep in mind this server flood protection, especially if you have some sort of fancy script or program which, for example, replies automatically when someone types !ping or !seen, or plays games in channel. Even if you don't have such a script, your IRC client (mIRC, for example) automatically replies to certain commands sent by others: PING, VERSION, FINGER, to name a few. These automatic replies can be dangerous, because some people can exploit a poorly written script and make you get disconnected. How can they do that? Well, let's suppose that the server limit is set to 400 characters per second, and let's imagine that when someone types "!coke", your script automatically says "Free soft drinks for everyone! Take your pick: Coke, Diet Coke, Sprite, Pepsi." What if a person who tries to disconnect you types "!coke" 6 times in one second? Your script will send that reply 6 times as well, in another second. But the person sent only 5 characters six times, that is 30 characters in one second; on the other hand, your script send 77 characters six times in the same second, which makes 462 characters in one second. And that's more than the maximum of 400 characters accepted by the server in one second, and you will be instantly disconnected.

mIRC Flood Protection

In later versions, mIRC became smarter and can now be set to automatically prevent you from flooding the server by sending more characters in one second than the maximum allowed limit. By the way, it's a good idea to always install the latest available version of a program to benefit from old bugs being corrected and from new features being installed; also, keep in mind that if you have a problem, the author of the program will not offer support for older versions. To enable flood protection, open the Options page (File menu in some versions, Tools menu in newer versions), expand the IRC section in the tree list on the left, and select the Flooding sub-section. At the right, check all the boxes. After enabling this setting, when you paste a large amount of text, mIRC will send it with delays between the lines, so you won't exceed the server's limit; also, if someone sends you a CTCP PING request, your mIRC will answer it and then ignore further PINGs from that person for 10 seconds, thus preventing the situation when the person repeatedly pings you, trying to make you disconnect. The flood settings may not help if you have a fancy script downloaded from somewhere on the Internet. Sure, it has nice menus and commands, jokes, colorful messages and a lot of things built-in, but in most cases these scripts lack the mechanisms to prevent flooding the server with automatic messages. Besides, who knows what could be hidden in all that code? Did you know that most scripts contain backdoors or IRC viruses which cannot be detected by normal antivirus programs or protected by firewalls, but allow other people to take control of your computer? I'd rather give up on old jokes and annoying colorful messages than have someone looking through my emails and personal files without my knowledge!

If someone is sending you a lot of private messages, notices, DCC requests or various CTCPs but you don't have any script to automatically reply to them, don't worry; you cannot be flooded. Eventually, the person will trigger the server's protection limit and will get disconnected. Until then, you can simply ignore the person's nickname with the command: /ignore nickname 3 . Don't forget the 3 at the end, it will make mIRC ignore the person's messages (hide them) even if he/she changes nickname or reconnects to the Internet provider with another IP address. However, if there are many nicknames sending you messages, notices, DCC requests or CTCPs, they might be "flood bots," each of them is sending you short messages, but summed together it will create a lot of traffic through your Internet connection, even if you ignore them all. The solution for protecting your connection is to ask the IRC server to completely block messages from those nicknames; this can be done with the command /silence nickname . Remember that on Undernet, you can silence maximum 15 nicknames at any time, so if there are more nicknames attacking you with messages, use /silence * to ignore all messages from all people on IRC. If you are a channel operator, this will give you time to kick and ban them all, then change your nickname so they cannot find you and send you messages any longer; afterwards, revert the message block with the command /silence -* .

Packet Flooding

Another type of flood is only indirectly related to IRC; a person finds out your computer's address (either the numeric IP address or the one with letters) by /whois yournickname, then tries to attack it directly by filling your Internet connection with unnecessary traffic. As a result, you will find yourself unable to do anything productive with your connection, because normal traffic cannot get through. This is called "packet flooding" because the attacker is sending you meaningless data packets. There is absolutely no setting on your computer or software you can install to prevent the data from being sent from the Internet through your Internet connection towards your computer. The only way to stop the packets from consuming your connection's speed is to contact your Internet provider and ask the technical support team for help; they will block the flood in their routers and firewalls, thus allowing your Internet connection to be used normally. You can install a freeware software firewall, such as SyGate Personal Firewall, ZoneLabs ZoneAlarm (not the Pro version), Kerio Personal Firewall, or commercial firewalls such as Norton Internet Security. A firewall will be able to give you control over the applications which access the Internet as well as provide detailed reports on potentially dangerous events for your Internet connection, including packet floods, through its Intrusion Detection mechanisms. (Note: installing more than one firewall will NOT give you more protection, but it will certainly create problems in using the computer due to software conflicts!)

To prevent a packet flood, you will have to hide your computer's address from being seen in your whois. Undernet offers an address hiding feature for people who have registered a username for the X bot. X is present in all registered channels, and the username allows you to send commands to X and perform various commands based on your access level you have in each channel. To get a username, visit http://cservice.undernet.org/live , click "Register a username," read the rules and follow the instructions; you will need a paid email address (no free emails are allowed, such as the ones you can create on Yahoo! or Hotmail) - most of the time, your Internet provider also gave you an email address when you signed the contract with them. For more help with username registration, please ask in #CService. After your username is created and verified, you can log in to X on IRC with the command: /msg X@channels.undernet.org LOGIN YourUsername YourPassword . And, this is the important part: after you have logged in successfully, change your nickname's mode to +x with the command: /mode YourNickname +x . This command will make your computer's address hidden from all other users. Your new whois will become YourUsername.users.undernet.org. Neat, huh? Make sure you understand the difference between the username and the nickname; you can pick any nickname on Undernet, as long as it's not being used, and chat with it - that's what your "name" will be in channels, but you can only have one username which you use for logging in to X and performing various actions through X in the registered channels where you obtained access.

Flooding is Illegal

Keep in mind that flooding of any kind is a form of abusing the resources of an IRC server or a network or even the Internet, and is forbidden or even illegal. If someone does it to you, be calm and DO NOT FIGHT BACK! Instead, report the person to one of the operators (ops) of the channel that person is in, or (if you have logs from your IRC client and/or firewall as proof) you could report the flood to the attacker's Internet provider or your own Internet provider; they should be interested in helping you and stopping the flooder from abusing their Internet connections as well. The Internet providers are the organizations who have the right and the responsibility to investigate the flood and take measures against the attacker; you shouldn't take the matter in your own hands and possibly break the law through your own actions! Simply ignore the user and protect your connection as described above; sooner or later, the attacker will get bored and leave you alone. The channel operators can help by kicking out the attacker and even banning him/her, so contact them with confidence. However, sometimes the attacker is a friend of the ops or even is a channel operator - you really shouldn't be in a channel whose operators are involved with illegal activities (such as flooding), so find another channel to chat in.

Have a safe and enjoyable chat on Undernet!