Newnet Network of IRC Servers  
Join #Services for help  

08-13-98  debora@eskimo.com

Logging and Reporting IRC Abuses


IRCops can not stop nuke attacks on you. K lining users who nuke does NOT stop nuke attacks 
as you do NOT have to be logged onto Newnet in order to launch an attack.  

The best defense is protection with a firewall, and reporting abuse to the users isp.  

EVEN IF the user is spoofing..logging in from a shell acct etc, log the attack. It may well 
be a traceable shell.  

It is important to understand the needs of an isp when you report an abuse such as DoS 
attacks.  (Denial of service aka nukes) The isp will require that the logs sent with 
/whois information is timestamped and dated. 
Also when sending a log, please note your time zone. This is very important since they must 
have the time the user was logged on through their system to verify the identity. 

Channel logs do not matter as a rule to isps in closing abusive users accts.  You MUST have 
a log of the incoming nukes.. taken with nuke nabber, or a similar tool, firewall logs etc.. 

Do NOT edit these files..send the entire log even if there are other attacks on there.  
To find out where to send the files.. resolve the ip address .. 

For example.. 

200.00.00.00 is nuking you.
 
/dns 200.00.00.00

resolved to :  Anywhere.isp.com

Forward your timestamped whois info with your timezone.  (whois taken if the person is on irc 
or if the user isnt on irc..just note your timezone, most logging programs timestamp 
automatically),as well as all NUKE logs taken from nuke nabber or your firewall ( or similar 
program)  to abuse@anywhere.isp.com.  Most ALL isps now have an email address dedicated for 
abuse issues.

A side note here. Editing nuke logs to get someone in trouble who has not been guilty of nuking 
isn’t wise and is illegal. ISPs have a method of checking whether your complaint may be valid.
If these methods all fail, please write to me at debora@eskimo.com and I will assist you 
in contacting the isp.