So basically, if I run a socket.io program, someone could copy and paste the Socket.IO client side source in console, then put "io.connect('socketurl')" and it would act as a new socket. By doing this repeatedly, it could crash the server or just break things (like chatroom with bunch of people). Adding something like emitting a special thing to verify its a real socket, wouldn't work as they could just recreate that. Basically this is how it happens.
https://www.youtube.com/watch?v=_iKQhhDd_xI
Is there any way to prevent anything like that?
You could do a number of things, including (but not limited to): limit the number of concurrent connections per IP or at least rate limit by IP, require authenticated sessions, use stricter CORS access if you're doing cross-domain connections, etc.
Some of these can be done out of the box with socket.io alone, otherwise you can always use something like Express in front of socket.io to handle connections however you want to help prevent the kind of abuse you're describing.