Open IRC Server, 2 years on

Over the past 2 years I have run an open IRC server. I purposely set it up to see who would discover it, connect, and chat. So far, only one Mandarin speaking person has done so. When I mentioned this to someone, they freaked out. I shut it down today due to the nothingness of attacks. I restarted it all to grab the screenshots, since I had a backup of the running server image.

“Just think of the abuse!” came the shouted response

Well, sure, it’s possible. In fact, it’s been pretty idle and lonely for 2 years. The IRC daemon software was ngIRCd. It was publicly available on both IPv4 and IPv6 addresses. I never advertised it, but I didn’t hide it either. I set the entire system to boot as read-only and ran tcpdump to record all traffic except my ssh connections to manage the server. Memory-resident malware exists, but it would have to get in first.

If you joined the server, you were automatically taken to a channel called #NottheNSA. Screen Shot 2019-06-06 at 23.20.32

As I mentioned, only one person connected in the past year. Lots of ssh scans, but not much else. I’m amazed not many people found it. Based on the pcap analysis, not much happened to it at all. Total cost is $120 to run for the past two years of the experiment.

Screen Shot 2019-06-06 at 23.21.11

All in all, a cheap experiment to see who was scanning for IRC servers to exploit. Apparently, not many people.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s