That is the modem hangup string. You could send a icmp packet to a person containing just that and their modem would drop the connection. So it was common in IRC for people to ping a whole channel with that and have a bunch of people quit right after.
IRC pings don't use ICMP, but that could work if IRC clients would repeat data received without escaping first. Or if unaware users saw it come over the channel and tried to type it themselves.
Considering a CTCP request is just a PRIVMSG with ^A wrapped around the "command word", and a CTCP reply is just a NOTICE with the same ^A thing, you can make them "say" just about anything. It's unclear why an IRC client would need to worry about "escaping" +++, except if it's specifically been designed for people with bad modems.
Those of us with good modems back in the dialup days just laughed at this insanity. Hayes used to put "+++AT" in their press releases after a certain point just to trip up any noncompliant systems which may have passed it along.
Sorry, I should have been more clear. The modem could also guard the sequence by requiring interstitial pauses, but I believe this was patented by Hayes in the 80s.
Indeed it was, as the referenced Wikipedia article notes; Hayes charged $1/unit for a patent license. As soon as the primary application of modems became Internet access, IP encapsulation protocols like PPP could have worked around the problem, but, AFAIK, never did.
Not a vulnerability, really. And the redial was a separate process, possibly automatic. (Edit: OK, yes it is. It's more a protocol vulnerability and a data handling weakness -- the modems just implemented the protocol, but that's just semantics.. )
+++ is the Hayes command set string to enter command mode. AT is the prefix for commands, and H0 means "set switchhook to zero", i.e. "hang up". (H1 means "go off hook", DT means dial using touch tones, DP means dial, using pulses, etc).
The first two components (+++ and AT) are configurable, but no one ever changed them.
This is really just a weakness of in-band signaling. For this to work, you need a human on the modem side to type the escape and command strings -- or a program on the modem side that takes unfiltered data from the network and sends it back out without escaping.
That's the vulnerability. Accepting data from untrusted sources will always take you somewhere bad, and there are much worse things you can do to modems than make them hang up. If IRC clients would parrot tainted data back up the serial line, great havoc could be caused.
