Editing IRC takeover

{{refimprove |date=September 2011}}
<!--  -->

An '''IRC channel takeover''' is an acquisition of [[IRC channel operator]] status by someone other than the channel's owner. It has largely been eliminated due to the increased use of [[IRC services|services]] on IRC networks.

==Riding the split==
The most common variety of channel takeover uses disconnections caused by a [[netsplit]]; this is called '''riding the split'''. After such mass disconnections, a channel may be left without users, allowing the first rejoining user to recreate the channel and gain operator status. When the servers merge, any pre-existing operators retain their status, allowing the new user to kick out the original operators and take over the channel.

A simple prevention mechanism involves ''[[timestamp]]ing'' (abbreviated to ''TS''), or checking the creation dates of the channels being merged. This was first implemented by [[Undernet]] (ircu) in November 2000<ref>Add channel creation TS (timestamp) to JOIN protocol messages, Kevin L. Mitchell, November 2nd 2000, undernetc-ircu SVN server - ircu2 - r306, https://github.com/UndernetIRC/ircu2/commit/008a01428ae6d628d31abe35d361b51b3f4f154f</ref> and is now common in many IRC servers. If both channels were created at the same time, all user statuses are retained when the two are combined; if one is newer than the other, special statuses are removed from those in the newer channel.

Additionally, a newer protection involving timestamping is used when a server splits away from the main network (when it no longer detects that [[IRC services]] are available), it disallows anyone creating a channel to be given operator privileges.

==Nick collision==
Another popular form of channel takeover abuses nickname collision protection, which keeps two users from having the same nickname at once. A user on one side of a netsplit takes the nickname of a target on the other side of the split; when the servers reconnect, the nicks collide and both users are kicked from the server. The attacker then reconnects or switches nicks in a second client while the target reconnects, and proceeds to [[jupe (IRC)|jupe]] (or block) the target's nickname for a period of time.

User timestamping is often used to detect these kinds of attacks in a fashion similar to channel timestamping, with the user who selected that nickname later being kicked from the server. Another protection method, called ''nickhold'', disallows the use of recently split nicknames. This causes fewer kicks, but causes more inconvenience to users. For this reason, timestamping is generally more common. Some servers, such as ircd-ratbox, do both. [[IRC services]] and [[IRC bot|bot]]s can also protect against such attacks by requiring that a password be supplied to use a certain nick. Users who do not provide a password are killed after a certain amount of time.

==Other methods==
Other methods can be used to take over a channel, though they are unrelated to flaws in IRC itself; for example, [[Hacker (computer security)|cracking]] the computers of channel operators, compromising channel bot [[shell account]]s,  or obtaining services passwords through [[Social engineering (computer security)|social engineering]].

===Smurfing===
[[Smurf attack]]s have been used to take over IRC servers.<ref>Ganor, Boaz; von Knop, Katharina; Duarte, Carlos A. M. (2007). [https://books.google.com/books?id=ybQkSwzkTY4C&pg=PA254 ''Hypermedia seduction for terrorist recruiting'']. [[IOS Press]]. {{ISBN|978-1-58603-761-1}}</ref> These exploit [[Internet Control Message Protocol|ICMP]] ping responses from broadcast addresses at multiple hosts sharing an Internet address, and forge the ping packet's return address to match a target machine's address. A single malformed packet sent to the "smurf amplifier" will be echoed to the target machine.

==References==
{{reflist}}

{{IRC topics}}

[[Category:IRC|Takeover, Internet Relay Chat]]