Previous Section  < Day Day Up >  Next Section

Hack 84 Timestamp with the TS Protocol

figs/beginner.gif figs/hack84.gif

Master the TS Protocol to prevent people from exploiting the situation when servers relink after a netsplit has broken the IRC network into separate parts.

Any large global network experiences occasional problems. In the case of IRC, they're seen on a regular basis. All it requires is a route flap out of MCI in New York, a fiber-optic cable cut from SBC in Chicago, or an ATT core router crash in London, and you've got problems getting packets from one server to another.

When a server can't talk to another, they sever their connection and create a netsplit. Sometimes a netsplit can affect a single server that splits from its hub, but sometimes a netsplit is between two hubs, leaving two large chunks of the IRC network disconnected.

In either case, life goes on regardless of which side of that split you're on. People keep chatting; mode changes keep happening; nick changes keep occurring. The real problem comes when the network comes back together and anything that's changed on the other side of the split has to be reconciled and the data resynced.

The Timestamp, or TS, Protocol was first written and released by Carlo "Run" Wood on June 28, 1993, and was first implemented on Undernet on July 1, 1993. Its purpose was to ease that reconciliation process and reduce the possibility of someone taking over channels and nicks through netsplit hacks and nick collisions.

13.8.1 Before TS

Anarchy ruled in the days before TS. You could have whatever channel or nick you wanted, with the exercise of resources and ingenuity. Simply wait for a netsplit (or create your own by splitting a server), change to the nick you wanted, or re-create the channel you wanted ops in on your side of the split, and be ready to get your nick or perform a mass de-op when the servers rejoined.

Here's an example of a nick collision attack:

<MeanGuy> I'm going to take your nick!

<BBS> No, it's mine.

<Otherguy> That's not nice.

<MeanGjupe> This is my clone, it will help.

Then sometime later, a netsplit occurs:

*** BBS has left IRC (irc.choopa.net remote.server.com)

*** Otherguy has left IRC (irc.choopa.net remote.server.com)

* MeanGjupe is now known as BBS

<MeanGuy> Haha, now my evil minion, you will sacrifice yourself in the reconnect!

*** BBS has left IRC (Killed (Nick Collision))

* Otherguy (og!some.where.com) has joined #windows

* MeanGuy is now known as BBS

<BBS> Haha! I am victorious!

<Otherguy> You really are mean :(

* RealBBS (BBS!bbs.choopa.net) has joined #windows

* MeanGjupe (mean!evil.minion.org) has joined #windows

<RealBBS> Hey! I got killed by remote.server.com for nick collision!

<BBS> You did well my evil jupe bot, this nick is now mine!

Note that the nick collision of BBS happened on both sides of the network, so the first person to grab the nick after the KILL was issued gets the nick and can keep it.

Now, on to an example of a channel takeover:

<MeanGuy> You may have gotten your nick back, but now I will take the channel!

<BBS> This again, don't you quit?

<MeanGdeop> This is my mass de-op bot, it will help me rule the world!

Then sometime later, the inevitable netsplit occurs:

*** BBS has left IRC (irc.choopa.net remote.server.com)

*** Otherguy has left IRC (irc.choopa.net remote.server.com)

<MeanGuy> Go my minion, it's time to cycle the channel!

* MeanGdeop (mean!evil.minion.org) has left #windows

* MeanGuy (mean!doctor.evil.edu) has left #windows

* MeanGuy (mean!doctor.evil.edu) has joined #windows

* irc.choopa.net sets mode: +nt

* irc.choopa.net sets mode: +o MeanGuy

* MeanGdeop (mean!evil.minion.org) has joined #windows

* MeanGuy sets mode: +o MeanGdeop

<MeanGuy> Now we have ops on this side of the split. Prepare for mass de-op!

<MeanGdeop> Yes, my evil master.

* Otherguy (og!some.where.com) has joined #windows

* BBS (BBS!bbs.choopa.net) has joined #windows

* irc.choopa.net sets mode: +oo BBS Otherguy

* MeanGdeop sets mode: -oo Otherguy BBS

<MeanGuy> Mwahaha! The channel is now mine!

<BBS> My lord, you're mean! :(

With an automated client set to de-op everyone except its master, taking the channel was child's play.

13.8.2 TS Saves the Day

Two ideas were thought up for combating nick and channel wars. These were Delay and TS.

Delay required the individual servers to keep track of what channels and nicks were in use during a split and set a delay before someone could re-create the channel or use the nick. In the end, the idea was turned down for many reasons, not the least of which was that a small leaf server that normally handled 500 clients could, all of a sudden, be required to track 15,000 nicks on a large network. Frankly, it was a resource hog.

The second idea, which was widely adopted, is TS, or timestamping. Every time a nick or channel is created, it's assigned a timestamp correlating to the time of creation. If you started a channel on July 23, 1998, the channel was never closed, and at least one server was always around to keep it alive, it would retain that timestamp forever.

Upon a server splitting, instead of a server having to keep track of every nick and channel on the network, the server has to manage only the timestamps on the local server. When the servers relink and reconciliation is performed, the TS of the local nick/channel is compared to the TS of the remote nick/channel, and whichever has the older TS takes precedence.

Now, let's replay the preceding nick collision after the implementation of TS:

<MeanGuy> I'm going to take your nick!

<BBS> No, it's mine.

<Otherguy> That's not nice.

<MeanGjupe> This is my clone, it will help.

*** BBS has left IRC (irc.choopa.net remote.server.com)

*** Otherguy has left IRC (irc.choopa.net remote.server.com)

* MeanGjupe is now known as BBS

<MeanGuy> Haha, now my evil minion, you will sacrifice yourself in the reconnect!

*** BBS has left IRC (Killed (new))

* BBS (BBS!bbs.choopa.net) has joined #windows

* Otherguy (og!some.where.com) has joined #windows

<MeanGuy> No! My minion has been killed and I have been defeated!

<BBS> Stealing isn't the way to win MeanGuy, get your own three-letter nick!

<Otherguy> Yay! The side of good wins!

<MeanGuy> I would have succeeded if it wasn't for that meddling TS!

* MeanGuy (mean!doctor.evil.edu) has left #windows

With TS, only the newer version of BBS was killed. The original gets to keep her nick and keep on chatting without having to reconnect.

Now, let's take a look at that channel takeover:

<MeanGuy> I may have failed at getting your nick, so instead I'll take your

   entire channel!

<BBS> This again, don't you quit?

<MeanGdeop> This is my mass de-op bot, it will help me rule the world!

*** BBS has left IRC (irc.choopa.net remote.server.com)

*** Otherguy has left IRC (irc.choopa.net remote.server.com)

<MeanGuy> Go my minion, it's time to cycle the channel!

* MeanGdeop (mean!evil.minion.org) has left #windows

* MeanGuy (mean!doctor.evil.edu) has left #windows

* MeanGuy (mean!doctor.evil.edu) has joined #windows

* irc.choopa.net sets mode: +nt

* irc.choopa.net sets mode: +o MeanGuy

* MeanGdeop (mean!evil.minion.org) has joined #windows

* MeanGuy sets mode: +o MeanGdeop

<MeanGuy> Now we have ops on this side of the split. Prepare for mass de-op!

<MeanGdeop> Yes, my evil master.

* irc.choopa.net sets mode: -oo MeanGuy MeanGdeop

-irc.choopa.net:#windows- *** Notice -- TS for #windows changed from

     1078875452 to 1078875451

* Otherguy (og!some.where.com) has joined #windows

* BBS (BBS!bbs.choopa.net) has joined #windows

* irc.choopa.net sets mode: +oo Otherguy BBS

<MeanGuy> Foiled again! I hate you TS!

<BBS> The good guys win again.

<OtherGuy> Yeah, go start your own channel, evildoer!

<MeanGuy> You may have won this time, but I'll be back!

<MeanGuy> Come, my evil minion!

* MeanGuy (mean!doctor.evil.edu) has left #windows

* MeanGdeop (mean!evil.minion.org) has left #windows

This time, the channel takeover never had a chance. TS did exactly what it was supposed to do, and the channel goes on its happy existence.

13.8.3 Interesting TS Facts

You can see the timestamp of a channel by issuing a /mode #channel command with no arguments:

/mode  #windows 

#windows +tnl 111

#windows created on Thu Jul 12 08:04:37 2001

TS is based on Unix timestamps, which use a decimal number to represent the number of seconds that have elapsed since midnight of January 1, 1970, GMT. IRC servers are required to use a time sync protocol like NTP. Modern ircds won't even link if the time on both servers differs by more than a second.

TS was not always impossible to get around. In versions of TS up until about 2002, it was possible to join a channel at the exact moment a network rejoin was being reconciled and be given ops in the channel. Many channels were taken that way, or opless channels were restored with ops.

In at least one case on EFnet, a server was hacked and reintroduced to the network after the time on the server had been rolled back to January 1. Upon relinking to EFnet, any channel the hackers wanted was literally handed to them by the servers that saw the hacked server with the older TS. #twilight_zone, an old operator channel on EFnet still has a TS of 1 from the incident:

/mode 

#twilight_zone



#twilight_zone +stin

#twilight_zone created on Thu Jan 1 00:00:01 1970

A great deal of information on the technical aspects of TS can be found on Roger Espel's site at http://www.iagora.com/~espel/ircd/Undernet-TS. He played a major part in developing some of the later versions of TS.

If you're looking for TS for your IRC network, it's now used in every modern ircd. I prefer ircd-ratbox, which you can get at http://www.ircd-ratbox.org.

Hunter Pine

    Previous Section  < Day Day Up >  Next Section