| View previous topic :: View next topic |
| Author |
Message |
mm
Halfop
Joined: 01 Jul 2004
Posts: 78
|
 Posted: Fri Jan 14, 2005 10:47 pm Post subject: sentinel or bot |
 |
|
Hi, i have 3 bots linked and i am using netbots 4.09 almost 2,3 years, no problems at all, but today some idiot had tried to flood the channel with a lot of (100+) join-part floods with different ip's and then in a mean time he tried "msg flood" to the bots with multiple flood bots(over 100+ with diff ip's) and then all 3 of the bots were quit with this message -> Max sendQ exceeded
sentinel is enable in 3 of the bots.
when he tried "msg floods" sentinel was adding to the ignores like
sentinel: added *!*@222.110.55.166 to ignore list (MSG flooder)
i'll appreciate for your advise? what can be done to prevent this because now they will try to kill the bots again and again.
advance thanks
_________________
MM |
|
| Back to top |
|
 |
slennox
Owner
Joined: 22 Sep 2001
Posts: 593
|
| Posted: Sat Jan 15, 2005 5:05 pm Post subject: Re: sentinel or bot |
|
|
| mm wrote: | | now they will try to kill the bots again and again. |
Excellent. Lots of real-world floods to test things against are a gift to those who want to implement protection. If you're serious about having this looked into, send me an e-mail and let me know your network/nickname/channel. I'm currently doing a minor update to sentinel to add the custom lock modes, but I may as well tack on a few other things where possible. |
|
| Back to top |
|
|
mm
Halfop
Joined: 01 Jul 2004
Posts: 78
|
| Posted: Sun Jan 16, 2005 6:28 pm Post subject: |
|
|
Thanks Slenoxx. That will be great, if we can add "silence"..
I need your kind expert advise on my settings please, i have 3 bots, one hub and 2 leafs. Sentinel is ON in three of them, with the following MSG/CTCP flood settings for bot, after that huge(100+ different ip's) msg/ctcp floods on the bots.
sentinel settings:
Bot CTCP flood: 3 in 20 secs
Bot MSG flood: 2 in 20 secs
while bot's config settings is the following
set flood-msg 2:10
set flood-ctcp 2:10
should i disable sentinel on one of my leaf? is this setting is fine? so if they attack on the bots with 120 diff ips, they won't d/c?
thanks again
_________________
MM |
|
| Back to top |
|
|
YooHoo
Owner
Joined: 13 Feb 2003
Posts: 939
Location: Redwood Coast
|
| Posted: Sun Jan 16, 2005 10:36 pm Post subject: |
|
|
| slennox wrote: | For greater protection against large channel floods, I recommend you also use the chanlimit.tcl component.
- There is a trade-off between convenience and security. The more automation you enable, the more stress the bot will be under during a flood and the more stuff it will be sending to the server.
- Where security is paramount, have one or two bots that aren't running sentinel.tcl. Since sentinel.tcl is a complex script with many automated and convenience features, there is a potential for vulnerabilities. |
this sem pretty clear, no 
_________________
Johoho's TCL for beginners
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
