Port 194: IRC — The Door Nobody Uses

Port 194 is assigned to IRC, Internet Relay Chat. IANA blessed it. The RFC acknowledges it. And almost every IRC server in history has ignored it completely.

This is the story of a protocol that changed the world and the port it was supposed to use but never did.

What IRC Does

IRC is real-time text chat. You connect to a server. You join channels. You talk to people. That's it.

The protocol is almost comically simple. Messages are plain ASCII text over TCP. Commands start with a slash. /join #linux puts you in the Linux channel. /msg friend hello sends a private message. /quit disconnects you. A competent programmer can write a basic IRC client in an afternoon.¹

This simplicity is the point. IRC was designed in 1988, when bandwidth was precious and every byte mattered. The protocol does exactly what it needs to do and nothing more.

The Birth of IRC

In the summer of 1988, Jarkko Oikarinen was a student at the University of Oulu in Finland, administering a Sun Unix server called tolsun.oulu.fi.² The server ran OuluBox, a bulletin board system with a multi-user chat program called MUT (MultiUser Talk).

MUT worked, but Oikarinen wanted something better. He was inspired by Bitnet Relay Chat and a program called "rmsg" that let you send messages across machines. He started writing code.

By late August 1988, IRC was running. The exact birthday is lost to history. "The birthday of IRC was in August 1988," Oikarinen wrote. "The exact date is unknown, at the end of the month anyways."³

The first IRC server was tolsun.oulu.fi. Within months, servers at Helsinki University of Technology and Tampere University of Technology joined. Then the Finnish national network FUNET. Then Nordunet, the Scandinavian Internet. By November 1988, IRC had spread beyond Scandinavia.

In mid-1989, there were 40 servers worldwide. By July 1990, IRC averaged 12 users across 38 servers.⁴ A small community, but one that was about to grow in ways nobody expected.

Why Port 194 Sits Empty

Here's the irony: IANA officially assigned port 194 to IRC.⁵ It's right there in the registry. Port 194/TCP, service name "irc", assigned to Internet Relay Chat.

Almost nobody uses it.

The reason is mundane but consequential: on Unix systems, ports below 1024 require root privileges to bind.⁶ Running your IRC server as root is a security nightmare. One vulnerability and an attacker owns your entire system.

So IRC operators did the pragmatic thing. They ran their servers on port 6667, a high-numbered port that any user could bind to. The IANA assignment became a historical footnote. The de facto standard became 6667, and nearby ports 6660-6669 for overflow.⁷

Port 194 remains assigned but hollow. The official door leads to an empty room.

The Protocol

IRC follows a client-server model with a twist: servers connect to each other in a spanning tree topology, forming networks.⁸ When you send a message, it propagates through the tree to reach everyone who needs to see it.

The protocol defined in RFC 1459 (published May 1993, though IRC had been running for five years by then) specifies how this works:⁹

1. Connection: Client connects to server, sends NICK (nickname) and USER (identity) commands
2. Channels: Prefixed with # or &, channels are named chat rooms anyone can join
3. Messages: PRIVMSG sends to users or channels, NOTICE sends without expecting replies
4. Server commands: PING/PONG for keepalive, JOIN/PART for channels, QUIT for disconnection

Messages are simple: an optional prefix (who sent it), a command, and parameters. Maximum 512 bytes including the terminating CRLF. No encryption. No authentication beyond nicknames. Just text.

Later RFCs (2810, 2811, 2812, 2813) tried to formalize updates, but the IRC community largely ignored them.¹⁰ The protocol evolved through implementation, not specification. Features like colored text, file transfers (DCC), and real-time client information (CTCP) were never part of the official RFC.

When IRC Mattered Most

The Gulf War (1991)

In January 1991, when Operation Desert Storm began, IRC carried live reports from the conflict. For the first time in history, ordinary people could read real-time updates from a war zone, shared by people who were there.¹¹

IRC hit 300 concurrent users for the first time. A tiny number by modern standards. But this was the Internet's first taste of citizen journalism, decades before Twitter existed.

The Soviet Coup (August 1991)

On August 19, 1991, hardline Communist Party members attempted to seize control of the Soviet Union. They imposed a media blackout. Soviet television broadcast Swan Lake instead of news.¹²

But they couldn't stop IRC.

A team at Relcom, an early Soviet Internet provider, came up with "Regime N1": they asked all subscribers to look out their windows and report exactly what they saw. Just the facts, no emotions. The reports flowed through IRC and Usenet, painting a picture of the coup's reach.¹³

The world learned that tanks were only in Moscow and Leningrad. The coup would fail. CNN showed a computer screen on air, displaying the address of the Relcom news group. Information routed around censorship.

IRC logs from those days still exist in the ibiblio archive. A transcript of the moment when ordinary people used text chat to undermine a totalitarian power grab.

The Great Split

IRC networks are not one unified system. They're federations of servers, and federations can fracture.

In August 1990, the original IRC network split. A server called eris.Berkeley.EDU was allowing any server to connect without verification. Operators introduced "Q-lines" to quarantine themselves from eris. The result: EFnet (Eris-Free Network) and the short-lived A-net (Anarchy Network).¹⁴

In July 1996, EFnet split again. European operators wanted rules defining what system operators could and couldn't do. American operators disagreed. The technical argument was about "nick delay" versus "timestamps" for handling nickname collisions after server reconnections. The real argument was about power and governance.¹⁵

The European servers became IRCnet. The American servers remained EFnet. To this day, there's no single IRC network. Freenode, OFTC, Libera Chat, EFnet, IRCnet, Undernet, QuakeNet: each is a separate fiefdom with its own culture and rules.

The Dark Side

IRC's simplicity made it useful for more than friendly chat.

Botnets

The first botnets were IRC-based. Attackers would compromise machines, install malware that connected to an IRC channel, and issue commands through chat. The infected machines (zombies) would execute whatever the botnet operator typed.¹⁶

By 1999, there were multiple IRC botnets hunting for vulnerable machines. In 2000, Gtbot became the first botnet designed specifically for denial-of-service attacks. The architecture was elegant in its simplicity: IRC channels as command-and-control infrastructure, plain text commands for coordination.¹⁷

Malware like Back Orifice, Agobot, and SDBot all used IRC for command and control. The protocol's openness, designed for human communication, turned out to be equally useful for machine coordination.

Anonymous

In the 2000s, users from 4chan migrated to IRC to coordinate their activities. What started as pranks evolved into something larger.¹⁸

In 2008, Project Chanology targeted the Church of Scientology with DDoS attacks and real-world protests. In 2010, Operation Payback attacked anti-piracy organizations. When WikiLeaks came under pressure, Operation Avenge Assange brought down PayPal, Visa, and MasterCard's websites.¹⁹

The coordination happened on IRC. The infamous LOIC (Low Orbit Ion Cannon) tool could be put in "slave mode" and pointed at an IRC channel, where operators could direct attacks by changing the channel topic.²⁰

IRC became the nervous system of hacktivism. The same protocol that reported on the Gulf War and the Soviet coup was now coordinating attacks on corporate infrastructure.

Security

IRC was designed for a more trusting time. The protocol has fundamental security issues:

No encryption by default: Messages travel in plaintext. Anyone on the network path can read them. Your password, your private messages, your channel discussions: all visible to packet sniffers.²¹

Weak authentication: Nicknames aren't cryptographically verified. NickServ and similar services help, but they're add-ons, not core protocol features.

DCC vulnerabilities: Direct Client-to-Client connections, used for file transfers and direct chats, have been exploited repeatedly. The old "dcc send start keylogger 0 0 0" exploit became legendary.²²

Server trust: IRC servers implicitly trust each other. A compromised server can wreak havoc on the entire network.

Modern IRC networks use TLS on port 6697 for encrypted connections.²³ But encryption is optional and many connections remain unprotected.

The Open Source Backbone

Despite competition from Slack, Discord, and countless other chat platforms, IRC persists. It remains the communication backbone of open source development.

Freenode was once the center of this world, hosting over 50,000 channels for free software projects.²⁴ When a hostile takeover fractured Freenode in May 2021, projects scattered: Arch Linux, FreeBSD, Ubuntu, the Free Software Foundation, and hundreds of others migrated to Libera Chat or OFTC.²⁵

The Linux kernel developers use IRC. The FreeBSD community uses IRC. Alpine Linux, OpenStack, and countless other projects coordinate through channels that look exactly like they did in 1988.

As of late 2025, the top IRC networks have around 88,000 users per day.²⁶ Discord has 200 million monthly active users. But IRC's users are disproportionately the people who build the infrastructure everything else runs on.

Related Ports