offtopic

does anyone know an efficient way of preventing IRC nuke

anything...I'm desperate

Define "IRC Nuke".

Use the Random Thoughts (http://www.visualbasicforum.com/forumdisplay.php?s=&forumid=25) forum.

wnewk icmp server based attack resulting in my disconection
I know how to defend agains client based(firewalls) but how do I stop server based

Theres no magic "nuke" command that will kick you off IRC....
IRC servers dont send out "nukes". You may be being kicked off, for legitimate reasons, by an operator (people with an "@" by their name)

Whether you're being attacked from another IRC client or an IRC server, its all coming down the same line, so a firewall should protect you.

chief- wanna meet live and test your theory?

the attacker lanches server side ICMP Unreachable(or some other ICMP) towards my IP which results in:
*** Interghost has quit IRC (Read error: 146 (Connection reset by peer))

Serverside?

You mean they attack from the server.. or they attack the server in such a way to cause it to kick you?

Which server, what channel?

Can u come to irc.carnet.hr #cedevita ? I'm there now

well I'm not sure how it works...I know there are two options.
Target : Server Victim
if they select Victim then my firewall stops it, if they select Server I'm gone:(

A person may get your IP through IRC. If they then ICMP-flood you, that has nothing to do with IRC. The flood will probably cause your ISP to drop you, meaning you lose your connection. Result is the quit message you see.

Theres no way to stop this really. :-\

Anybody you tries to flood you out over IRC would be kicked from the server themselves. And this would not be ICMP. Unless of course they are exploiting some kind of hole/virus in your client software.

Where did you get the info about this 'Victim' stuff?

D'oh!

It just dawned on me exactly what is going on here. You are getting ICMP messages with spoofed IPs. The ICMP is a common Ping message. The attacker spoofs their IP so that your PC sends all the Ping replies to a different IP, most likely the IRC server. This would cause the server to kick you.

And this isnt preventable without routers and hardware firewalls. :-\

Or if you just eat pings

My software firewall ignores ping requests.

Kudos to Thinker :)

All efnet servers (and probably Undernet and Dalnet too) have been protected against the server side "newk" for several years now. Email the admin of the server that's allowing it and tell him to get with the program. There's nothing you can personally do about it, if this is indeed what is happening. Even a firewall won't stop it, because it isn't aimed at your ip, it's aimed at the connection you have to the irc server.

I think I read too much Steve Gibson last night/this morning. Kinda got DoS on the brain.

:-\

So reboot, what you are saying it is is a ping packet sent to the
server with your IP spoofed as the return, rather than a packet
sent to your pc with the server IP spoofed as the return?

That sucks. :( I hope there is a way for the servers to block that
kind of crap.

Yes, that's it. And there is a way for servers to block it. Like I said, Efnet (at least) hasn't allowed that crap for years now. I've no idea what network irc.carnet.hr is on, but apparently they're using an old ircd.