![[PDF]](http://www.trex.fi/trexpdf.png)
IRC Frequently Asked Questions
TREX hosts IRC servers that are protected from International traffic and DDoS.
Too many connections
No. We have a strict policy of not allowing more than two connections from the following types of networks:
The problem is that there are hundreds of thousands of such machines these days and it is impossible to keep track of them. When the user moves or changes providers, we will be left with an error in the server's configuration. The error won't be spotted until someone eventually abuses it.
Another problem is that users sometimes boot their machines into windows, and that's when the worms and viruses strike and load our server full of drones. Thus we aren't taking risks.
Requirements
There are also some further requirements to be met. Your request may still be turned down even if you meet these requirements:
Klined: Domain Abuse
Irc.cc.tut.fi provides service for Finnish users only. We allow connections from all hosts that end in "dot fi". Certain foreign abusers take advantage of this by begging for accounts on Finnish hosts. Some even go so far that they get Finnish hostnames for themselves.
We respond to these cases by disallowing access.
Afraid.org
Afraid.org is a system where you can give your own domain name up into the public domain. Anyone can register hostnames in any domain in that system.
The same foreign abusers mentioned above love this system, which is why we summarily disallow access from any Finnish domains we find there.
Channel Reop-flag (+R)
You have set +R before losing all channel ops
Do nothing but wait: The server will reop the least idle client on the channel matching the +R masks about 90 minutes after the last ops from the channel disappeared. The mask is given in the same form as in bans etc, nick!user@host.tld
This is a new feature in ircd 2.11, for more information check out ircnet.irchelp.org/211.html.
You didn't have +R set
Ah, forgot, if you didn't have reop-flag (+R) active, there's really nothing you or we irc operators can do. Just exit the #channel and go to #channel2, the point being you have to clear the channel in order to get ops back.
After that you can make things easier and set the +R once you've gotten the channel operator status (@) And next time you'll be prepared for such unfortunate loss of all channel operators.
Port Scans from irc.cc.tut.fi
There can be two reasons behind this issue:
1. Normal Anti-Abuse Scans
In order to prevent abuse the hosts of all users are automatically scanned for misconfigured or hacked proxy software before allowing access.
If you don't like this we can disable access to the server from your host, and thus the server should not port scan that host anymore.
The server scans the following ports:
| name | ports |
|---|---|
| auth, ident | 113 |
| socks | 1080 |
| www-proxy | 80, 3128, 3802, 6588, 8000, 8080, 65506 |
2. Distributed Denial of Service Attacks
Every now and then the server attracts DDoS attacks. There are dozens of different kinds of attacks, but many of them rely on forged source addresses. Some of them use third parties as amplifiers.
This amplification works in such a way that the attacker sends packets to the third party using irc.cc.tut.fi's address as the source address. The third parties then respond to each of these packets with multiple packets, hence multiplying the number of the attackers' packets, and all these response packets will come to irc.cc.tut.fi.
Thus, if you see a lot of packets apparently from irc.cc.tut.fi, they are most likely from someone else. And the attack is really directed towards irc.cc.tut.fi and not you.