First of all, this is a very interesting thread and it suprises me to see how some opers feel about this.
Here are my thoughts:
I've been on IRC for quite a while, long enough to have gotten a very deep look into the view of an average luser AND oper. The thing is, most people tend to think that most opers are self-important pricks with no consern what so ever about the normal luser, which is not true at all. Most opers cares about their users and would love to help them out. And most of the opers out there, aren't pricks like most people tend to think they are. The thing is, most lusers approach opers with an attitude, because they expect they will be treated otherwise. People should try approaching an oper like a chick, be polite and not the "dude, message me if you got time and is not too busy with being ignorant and killing people". That is a good start. Now...
When it comes to packeting and targeting servers instead of opers/users, I think this has a rather simple explaination. First of all, ddosing in the early 90's was not "distributed" as the latest DoS techniques. Some kiddie rooted an university box and used the root to teardrop/syn off a Win95/98 user because the common and average luser was on a 56kbps Bell Dialup. Because it was a VERY obvious and easy target. To avoid losing the root, they stuck to the average technology wise stupid luser instead of risking their root to a rather more professional server staff.
Today, its much more easy to retrieve ddos bot software - and not to mention much more easy to distribute it and launch massive attacks. Also, the bandwidth difference between a luser and an IRC server is much smaller today as most lusers are located on ~100mbps connections. Which is the average IRC EFnet server connection. It would be much easier to drop a 56k from a 10Mbps connection than dropping a 100Mbps from a 100Mbps. Also, it wouldn't matter if the sponsoring company of the IRC server reported 200 of the offensive drones, as these nets often are ~10,000 clients. Do you get my idea?
In other words, today it doesn't really matter for the average kiddie which servercenter they drop. They have about the same connectivity - and both are "easy" to drop with an average sized DDoS net. A BNC located at some shellco and the average EFnet server. Who cares? Also, if you look at the History section in "Docs" on efnet.org, you may see the increase of DoS the latest years. And the attacks started as soon as the modern DDoS technique was available.
<quote> Oct 97 - "smurf.c" - multi-broadcast ICMP attack posted to Bugtraq Denial of Service attacks on EFnet servers hit an all-time high</quote>
And we all agree that this was when "it all started"?
My conclusion, I would rather think that the increased DDoS the last years are related to easier accessibility to DDoS code, and more efficent DDoS code (spreading) and not too much about the local IRC oper.
I hope you got my point.
oper, efnet.demon.co.uk, efnet.port80.se & irc.efnet.nl