Forums Bug Reports DCC SEND "###########"

Disconnects me if I say this in a channel

solution : dont say DCC SEND "###########" in a channel.

PS:this doesnt effect me in any way if i say it in a channel.

What is the disconnection error that you get? Does it happen on all networks? Does it happen in all channels? Have you tried it in a completely fresh install of mIRC?

Regards,

I'm unable to reproduce this, but yes please elaborate more on the bug if possible. Also, I'm unforsure but if you actually sent a message (without the command prefix) to a channel, the IRCd might have a module to help stop XDCC/WAREZ. In which the module might have a parser/search for certain key phrases passing thru the server. Sence most xdcc bots respond to a 'xdcc send #2' (Usually thru /ctcp though?), the server might have picked up up your line and terminated your connection. Not saying this is the reason but a possible theoretical reason. =o

Doesn't seem to be a mirc bug. I've seen someone using Colloquy (a Mac IRC client) fall because of this as well. So its not a mIRC or Windows thing (or any other Windows only software, then).

What could it be? Some hardware? What router and modem do you have?

Oh and to elaborate on it a bit: Basically all that needs to be done is say DCC SEND (must be in caps, doesnt work if its lowercase) followed by any 14+ characters in a public channel and anyone thats affected by it will immediately get a "connection reset by peer". So far I've only tried it on EFnet and its rare, 1 person out of ~380 affected. This is very strange.

do you have norton security stuff installed, could this be the same sort of keylogger crap that we've already seen ?

it is, i've tested it out and funnily enough norton also sees this as a threat and closes the connection.

fix is here

People that aren't even using norton experience this problem. It's believed to be a router problem.

I have no anti-virus software installed at all.

I'm behind a Netgear WGR614 v5 that is connected to a SB4200 cable modem by Motorola. My internet is provided by Cox.

I've been able to reproduce this on a number of different IRC servers. EnterTheGame, Rizon, GameSurge. However this did not disconnect me on EFNet, so perhaps it is an IRCd problem or "feature."

The odd thing however is the length of the characters in quotes matters.

DCC SEND "abcdefghijkl" will not drop my connection, however add one more letter and it will. DCC SEND "abcdefghijklm"

The drop error in Status is [10053] Software caused connection abort, which if I recall is a router issue. Odd then that it doesn't happen on EFNet....

Okay I figured out the reason EFNet did not drop me was due to me being connected on port 6665.

When I forced connection to port 6667 (which I normally connect on) the DCC SEND "bla" will drop me.

Seems to be a router issue then.

If this is a router problem, this might be a side effect of the inbuilt port translation stuff some routers use.

During a normal dcc send ->>> []DCC SEND filename LongIP Port Filesize[] the router well intercept this on its way out, and alter the port number to within a range it has deemed free, most times up in the 10s of thousands, maybe 50,034 for example. The router well record the new port number & orginal portnumber & the lan ip of the pc sending it. Then when the reciver of the file makes a connection using this port number (50,034) the router looks up in its table for that port, and knows what lan IP to forward the connection to and on what original port number to use.
This is also the cause of some people not being able to resume files, they recieve a message "resume rejected invalid parameters" (or something like that), The cause of that is the resume message comes back in as []DCC RESUME "file" Port resumespot[] and it doesnt get the port number changed, so mirc looks up and says WTH? theres no send on port 50,034!

This processing of dcc sends port translation is normally monitored for with traffic going out port 6667 (irc server port). Which would account for why it may not have happened using other ports.
The results of actually typing DCC SEND "xxxxxxxx" on its own in channel may have caused the router to become confused in some way.

I know some netgears have this feature, most dlinks do for sure. Linksys (what i have) dont employ it, thus why i couldnt reproduce it.

I went into my router config to look around, came across this.

Disable SPI Firewall - The SPI (Stateful Inpection) Firewall protects your LAN against Denial of Service attacks. This should only be disabled in special circumstances.

After checking it, problem seems to have gone away.

This bug/problem/feature doesn't seem to affect me at all. I don't use Norton (I use AVG) and I don't have a typical router (I use a FreeBSD NAT/firewall).

-genius_at_work

From what I have picked up from guys on #mIRC:

1) It effects some Netgear/Linksys routers, not all. For example, as shown above, Netgear WGR614 v5 is vulnerable but it would appear WRT54G V3 is not.
2) You need to connect to a port other than 6667 and then you should be okay.
3) Forget anything about Norton, that's a separate issue.
4) This is not a problem with mIRC itself. You could use any client and still be crashed if you match the required criteria.
5) Using a script to /haltdef the incoming text is not going to help you if you are affected.

Edit: Some good comments at the link posted by Mardeg.

Regards,

Hi mentality, are you saying that WRT54g is vulnerable ???, just asking cos i have a WRT54GS router from linksys (updated its firmware to the latest too)
i dont have Norton or any norton products on my system (horrible software), anyways i tried the DCC send stuff
plus anything from that keylogger on my system two different versions of mirc.

V6.17 and V6.03 both clients i typed the keylogger from one to the other and vice versa and the dcc send, i even tried
V6.17 to a V6.17 and to be honest no ill side affects.

in all these tests i wasnt disconnected or dropped from the channel at anytime, i use port 6667 and i tested it on
bIRCD (on my own system and also on another server software (unreal i think).

Hope this helps in someway

ShadowDemon
mIRC V6.17
Windows XP Pro
Service pack 1
Linksys WTR54GS Wireless router

His quote asnswers your question itself.

Haha, thanks i prolly misunderstood his quote
(was too early in morning for me to reply)

ShadowDemon