IRC Stands for Internet Relay Chat

Fall 2006, CMPE-208

Paper Presented on

Under the guidance of:

Dr. Richard Sinn

Due Date: October 25, 2006

Table Of Contents

1. Introduction
2. Components of IRC
3. Servers
4. Basic Server Commands
5. Clients
6. Basic Client Commands
7. Operators ( Server Clients)
8. Channels
9. How it works
10. Major Communication
11. Client-Server
12. Server-Server
13. Termination
14. Problems with IRC
15. Security Concerns
16. Probable Solution
17. Conclusion
18. Reference

1. Introduction

IRC stands for Internet Relay Chat. It was first written by Jarkko "WiZ" Oikarinen in 1988 at the University of Oulu, Finland as a client-server program for users to chat amongst themselves. The protocol was later introduced as a protocol in RFC in 1993. It is considered one of the oldest chat systems that are still in use today.

IRC provides a real time communication among group of people from all over the world. It is mainly designed for text based group conferencing; group discussion forums called channels using a distributed client-server model. IRC also support one to one communication. The IRC protocol is developed on systems based on TCP/IP network protocol and optionally SSL.

2. Components of IRC

a. Servers

The IRC-system consists of a network of servers which form a spanning tree among themselves. Those servers are the backbone of the IRC network that provides a point to which clients may connect to each other and a point for server to connect to each other as well. Each server acts as a central node among other servers.

Reference: Image:Ircnetz-Schema.svg

i. Basic Server Commands

b. Clients

A client is basically a node that is connecting to a server that is not another server. Each client is distinguished from other clients by a unique nickname of maximum length of 9 characters. When a client uses an IRC-system, it will connect the client to one of those servers, and the message will travel along the backbone of each connected servers.

i. Basic IRC Client Commands

Each IRC client has an input area where he or she can issue IRC commands by typing on a new line something beginning with a / (forward slash) character. If it does not begin with /, it is assumed to be a message you are typing to someone or some channel. Below are some of the common commands used

c. Operators (Server Clients)

Operators are a special class of clients that perform general maintenance functions on the network. Their basic tasks include disconnecting and reconnecting server as needed for routing purposes, removing user from connected network by force, and closing connection between any client and server.

d. Channels

A channel is a virtual meeting room where each channel is a virtual space where anybody connected to the IRC can join. Channels names are strings (beginning with a '&' or '#' character not containing any spaces) of length up to 200 characters. User is allowed to join, quit, re-join more than one channel at the same time.

3. How it Works

The user needs to install an IRC client that connects the IRC server through internet. This server is linked to many other IRC network, which transport messages for the users com-municating across the networks.

Then user needs to choose a nickname by which he needs to be known and join the channel (rooms) according to locations, philosophies or interests. There are thousands of networks where people may meet, participate in group discussion or opt to chat privately.

The client can issue commands (mentioned above) and messages while connected to the IRC server and enjoy the IRC chatting session. Note that IRC does not allow any two clients to communicate directly and all the communication is relayed through the servers only.

4. Major Communication

Client- Server

This communication occurs basically when there is a change in the state information such as channel membership, channel mode, etc. Also since all the messages are passed to the other client, through the server, the messages are transparent to the server, even though the communication is private.

When the connection is established between client and server, the server first sends a MOTD to the client informing about server’s policy. The client then sends the nickname and other messages required for completing connection with the IRC server. The server may enforce authentication before establishing the connection.

Server-Server

Normally these types of messages are broadcast messages and are mostly required when it is affecting any channel or user.

A server to server connection is being established mostly in cases where a net split has occurred and server is re-joining the IRC network. This situation is particularly dangerous and full of flaws – in particular with race condition.

Termination

The termination of a client-server connection termination (normal) is done through a Quit command being executed at the client end. The server-server connection termination (abnormal) is either done by some natural causes or through SQuit command. The rest of the IRC network must be updated by the server that detected the connection termination.

5. Problems with IRC

There are number of problems related to IRC, partly because the rate at which it has grown and some because of the architecture.

Scalability

This is due to requirement for each server to know about every other server and client connected on the network and the need of updating information as soon as any change occurs in the network. This makes the spanning tree implementation of IRC loose and to make it strongly branched, the only solution one can think of is to reduce the number of servers and limit the connections.

Labels

The users can currently pick up labels for nicknames, server name and the channel name which may result in collisions. Hence this needs reworking and limiting to unique labels for all. If during picking up the nickname, the collision occurs, either the nickname label selection will not succeed or both will be removed using KILL.

Channels

With current channel layout the issue of privacy is also a concern. This protocol defines "Safe Channels" which are very unlikely to be the subject of a channel collision but other channel types are kept for backward compatibility which can be a cause for concern.

Servers

There are few database consistency checks with current servers and it is assumed that the neighboring server, is faultless. This can be a problem if the connecting server is faulty and tries to introduce a discrepencies in the current network. There is also problem of race conditions being associated without unique labels being implemented in IRC.

6. Security Concerns

Authentication

IRC has weak authentication mechanism with the passwords being communicate in clear text amongst the servers. Also ther messages like OPER and PASS are sent in the clear text format which can be a potential area of attack. No real effort is made to encrypt this feature and one needs to plug-in some strong features into the current protocol.

Denial of Service attacks

DoS attack on IRC server is not that difficult as almost anyone can sign up to host a server, it's impossible to ensure that every server is properly secured. The attacker can flood the server with garbage data and keep it busy while making it unavailable to another user. The solution is - Operators can find these offenders and punish them; but what when the clients are attacked. The only way to prevent client from attacks is that client enforce protection through firewalls and anti-viruses themselves.

7. Probable Solution

Timestamping and Nick/channel delay protocol

"Nick/Channel Delay" and "TimeStamp" protocols are the two methods that exist to solve the problem of denial-of-service attacks taking two very different approaches.

The problem with the original IRC protocol as implemented was that when two servers split and rejoined, the two sides of the network would simply merge their channels. If a user could join on a "split" server, where a channel which existed on the other side of the network was empty, and gain operator status, they would become a channel operator of the "combined" channel after the netsplit ended; if a user took a nickname which existed on the other side of the network, the server would kill both users when rejoining.

This was often abused to "mass-kill" all users on a channel, thus creating operator-less channels. This also lead to denial of service attacks on IRC.

Nick/channel delay

The nick/channel delay (abbreviated ND/CD) solution to this problem was very simple. After a user signed off and the nickname became available, or a channel ceased to exist because all its users left (as often happens during a netsplit), the server would not allow any user to use that nickname or join that channel, respectively, until a certain period of time (the delay). The idea behind this was that even if a netsplit occurred, it was useless to an abuser because they could not take the nickname or gain operator status on a channel, and thus no collision of a nickname or 'merging' of a channel could occur. But then this was problem for legitimate users who were forced to use different nickname rather than their original.

Timestamping

The alternative, the timestamp or TS protocol, took a different approach. Every nickname and channel on the network was assigned a timestamp -- the date and time when it was created. When a netsplit occurred, two users on each side were free to use the same nickname or channel, but when the two sides were joined, only one could survive. In the case of nicknames, the newer user, according to their TS, was killed; when a channel collided, the members (users on the channel) were merged, but the channel operators on the "losing" side of the split were de-opped.

TS is a much more complicated protocol than ND/CD, both in design and implementation, and despite having gone through several revisions, some implementations still have problems. Some modern TS-based IRC servers have also incorporated some form of ND and/or CD in addition to timestamping in an attempt to further curb abuse.

1. Conclusion

IRC is an excellent free multi-user service that has been connecting people around the world since last 18 years. It was basically developed for socializing and is still staffed by volunteers who donate their skills and servers to host the forums. Hence no big design and security features were initially included. The unfortunate part for IRC is that it is attacked by the people who use it the most and attempts have been made to kill the service. But after abuse and attacks on IRC, several security and protection features are developed and the work is still on. IRC has gone four revisions since its development, with some points accepted while some only mean’t for documentation. It has got two major applications – DCC ( a secure chat protocol using IRC) and Iphone(internet telephone started by Isareli company Vocaltec) and can serve basis for many other applications.

1. Reference:

ftp://ftp.irc.org/irc/docs/rfc2810.txt