Port 6669: IRC Range End — The Final Channel

Port 6669 is the end of a range. The last port in the IRCU block (6665-6669), it marks the boundary of where Internet Relay Chat traditionally lives. When you connect to port 6669, you're walking through the final door of a hallway where millions of conversations have echoed since 1988.

What Runs on Port 6669

Port 6669 carries IRC traffic: text-based, real-time chat between humans and, increasingly over the years, machines. The port is part of the official IRCU assignment registered with IANA, covering TCP ports 6665-6669¹. The service name is simply "ircu," and the registration traces back to the Undernet IRC network's server software.

IRC operates at the application layer, riding on TCP connections. A client connects to a server, joins channels (chat rooms prefixed with #), and sends plain text messages that the server relays to everyone else in that channel. One-to-one private messages work the same way, just routed differently.

The protocol is almost absurdly simple. Commands are human-readable: JOIN #channel, PRIVMSG #channel :Hello everyone, QUIT :Goodbye. This simplicity is why IRC still runs after 35+ years while countless "modern" chat platforms have risen and fallen.

The Port That Refused Root

Here's the strange thing about port 6669: IRC was officially assigned port 194 by IANA². That's the "correct" port. Nobody uses it.

Port 194 sits in the privileged range (0-1023), which on Unix systems means you need superuser privileges to bind to it. Running a chat server as root is a terrible idea. If someone finds an exploit in your IRC daemon, they own your entire machine.

So the early IRC community made a collective decision: use higher ports. Ports 6665-6669 became the de facto standard because any regular user could run a server on them. Port 6667 emerged as the primary, with the surrounding ports (including 6669) available for overflow, alternative connections, or specific network configurations³.

This wasn't rebellion. It was pragmatism. And it worked.

A Finnish Summer, 1988

IRC was born from boredom and ambition. In the summer of 1988, Jarkko Oikarinen was a second-year student at the University of Oulu in Finland, working at the Department of Information Processing Science. He administered a Sun-3 Unix server called tolsun.oulu.fi, which ran a public BBS called OuluBox⁴.

As Oikarinen later wrote: "I guess they didn't have much for me to do."⁵

He started improving the existing chat program on OuluBox, called MultiUser Talk (MUT), which had a habit of not working properly. He borrowed code from friends, took inspiration from Bitnet Relay Chat, and built something new. He called it IRC, deployed it in August 1988, and waited.

When IRC started getting more than 10 users, Oikarinen asked friends at Tampere and Helsinki universities to run servers and distribute the load. By November 1988, IRC had spread across the Finnish network FUNET, then to the Scandinavian NORDUNET, then across the Internet. By mid-1989, 40 servers were running worldwide⁶.

Nobody planned for IRC to become critical infrastructure. It just did.

When the World Needed Real-Time

IRC proved its worth during crisis. In January 1991, during the Gulf War, IRC channels carried real-time reports when traditional media couldn't keep up⁷. People on the ground shared what they were seeing while bombs fell.

Seven months later, hardline Communist Party members attempted a coup against Mikhail Gorbachev. They seized control of media and imposed a blackout. The Soviet population was supposed to remain ignorant of what was happening to their government.

They failed. The Relcom network, using IRC and Usenet, punched through the blackout. Proclamations from Boris Yeltsin and other democrats circulated globally through these channels. The coup collapsed within days⁸.

IRC didn't cause the coup to fail. But it ensured the world could watch it fail in real time. This was 1991. The web barely existed. IRC was the live wire.

The Fracturing

IRC's lack of centralized control was both its strength and its vulnerability. Anyone could run a server. Anyone could connect servers together. And when people disagreed, they could split.

In August 1990, the first major split occurred. A server called eris.Berkeley.EDU allowed any other server to join without restriction, which saboteurs exploited. A group of operators, with Jarkko Oikarinen's support, created "Q-lines" to quarantine themselves from Eris. They called themselves EFnet: the Eris-Free network⁹.

In October 1992, performance and abuse issues led to Undernet splitting off.

Then came July 1996. The Great Split. European and American operators had been fighting for months about policy and technical direction. The Europeans wanted rules defining what system operators could and couldn't do. The Americans didn't. The Europeans wanted nick and channel delays to prevent hijacking after disconnections. The Americans wanted timestamps¹⁰.

After one too many times that US operators kicked the main transatlantic link offline, several European administrators declared independence. EFnet became two networks: EFnet (mostly American) and IRCnet (mostly European, plus Australia and Japan)¹¹.

The IRC community has been fragmenting ever since. Not dying. Fragmenting. Each split creates new communities with new cultures.

The Dark Channels

The same ports that carried news of the Soviet coup also carry something else: botnet command and control traffic.

IRC's design makes it nearly perfect for controlling compromised machines. A botmaster sets up a channel on some server. Infected computers connect and join that channel. The botmaster issues commands ("attack this IP," "download this file," "spread to these systems"), and thousands of zombies obey simultaneously¹².

By the early 2000s, ports 6666-6669 had become so associated with malicious traffic that many corporate firewalls blocked them entirely. In response, botnet operators moved to ports 80 and 443, hiding their command traffic inside what looked like normal web requests¹³.

The ports themselves aren't evil. They're just doors. What walks through them depends entirely on who's connecting.

Modern security practice treats any IRC traffic on a corporate network as suspicious. Spikes on port 6667 (or 6669) often indicate infection. This is the tax IRC pays for being simple, open, and easy to abuse¹⁴.

The Protocol Endures

RFC 1459, published in May 1993, formalized what IRC had become¹⁵. The document is remarkably readable for a protocol specification, perhaps because IRC itself is remarkably simple.

In April 2000, four new RFCs attempted to update the protocol: RFC 2810 (Architecture), RFC 2811 (Channel Management), RFC 2812 (Client Protocol), and RFC 2813 (Server Protocol)¹⁶. They documented changes that had accumulated over seven years. But IRC had already diverged so much across different networks that no single specification could capture reality.

RFC 7194, published in August 2014, standardized port 6697 for IRC over TLS/SSL¹⁷. Encrypted IRC had been common practice for years; the RFC just made it official.

The IRCv3 working group continues developing protocol extensions: server-side chat history, better authentication, capability negotiation¹⁸. Thirty-five years in, developers are still improving IRC.

Where IRC Lives Now

As of late 2024, roughly 88,000 users connect to the top IRC networks daily¹⁹. That's a fraction of what Discord or Slack handle. But it's not nothing.

Libera Chat, founded in May 2021 after staff fled Freenode due to ownership disputes, hosts many major open source projects. Ubuntu, Fedora, Arch Linux, and hundreds of others maintain official channels there²⁰. When you need help with Linux kernel development or Python internals, chances are someone on Libera Chat can answer.

IRC survives because it's simple, open, and free of corporate interests. No company can shut it down, change its terms of service, or start charging for it. You can run your own server. You can write your own client. The protocol is documented and the software is open source.

As one user put it: being free of corporate interests "is sometimes the best feature of all."²¹

Related Ports

Security Considerations

No built-in encryption: Traditional IRC on port 6669 transmits everything in plaintext. Your messages, your password, your IP address. Anyone on the network path can read it. Use port 6697 (TLS) if the server supports it.

Botnet association: Security tools flag IRC traffic as potentially malicious. If you're running a legitimate IRC server, expect false positives. If you see unexpected IRC traffic on your network, investigate immediately.

Channel takeovers: When servers split and rejoin, channel ownership can be contested. Netsplits have been exploited to hijack channels since IRC began.

No authentication standard: IRC lacks built-in user verification. NickServ and similar services are add-ons, not protocol requirements. Anyone can claim any nickname until it's registered.