Over the past 2 years I have run an open IRC server. I purposely set it up to see who would discover it, connect, and chat. So far, only one Mandarin speaking person has done so. When I mentioned this to someone, they freaked out. I shut it down today due to the nothingness of attacks. I restarted it all to grab the screenshots, since I had a backup of the running server image.
“Just think of the abuse!” came the shouted response
Well, sure, it’s possible. In fact, it’s been pretty idle and lonely for 2 years. The IRC daemon software was ngIRCd. It was publicly available on both IPv4 and IPv6 addresses. I never advertised it, but I didn’t hide it either. I set the entire system to boot as read-only and ran tcpdump to record all traffic except my ssh connections to manage the server. Memory-resident malware exists, but it would have to get in first.
If you joined the server, you were automatically taken to a channel called #NottheNSA.
As I mentioned, only one person connected in the past year. Lots of ssh scans, but not much else. I’m amazed not many people found it. Based on the pcap analysis, not much happened to it at all. Total cost is $120 to run for the past two years of the experiment.
All in all, a cheap experiment to see who was scanning for IRC servers to exploit. Apparently, not many people.