|
| |||||||
| Register | FAQ | Members List | Calendar | Arcade | Search | Today's Posts | Mark Forums Read |
| General Discussion For anything which doesn't fit somewhere else (for PHEX users) |
| Welcome To Gnutella Forums You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, fun aspects such as the image caption contest and play in the arcade, and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! (click here) If you have any problems with the registration process or your account login, please contact us. Your email address must be legitimate and verified before becoming a full member of the forums. Please be sure to disable any spam filters you may have for our website, so that email messages can reach you. Note: Forum Feedback email option is not seen, so if you have an issue with registration, etc., send a Personal Message (PM) to one of the active Administrators: Lord of the Rings or Birdy. Once registered but before posting, members MUST READ the FORUM RULES (click here) and members should include System details - help us to help you (click on blue link) in their posts if their problem relates to using the program. Whilst forum helpers are happy to help where they can, without these system details your post might be ignored. And wise to read How to create a New Thread Thank you . Uw e-mailadres moet wettig zijn en verifiërde alvorens een volwaardig lid van de forums te worden. Gelieve te zijn zeker om om het even welke spamfilters onbruikbaar te maken u voor onze website kunt hebben, zodat de e-mailberichten u kunnen bereiken . Votre email address doit être légitime et vérifié avant d'aller bien à un membre à part entière des forum. Veuillez être sûr de désactiver tous les filtres de Spam que vous pouvez prendre pour notre site Web, de sorte que les messages électroniques puissent vous atteindre . Ihr email address muss gesetzmäßig und überprüft sein, bevor es ein vollwertiges Mitglied der Foren wird. Seien Sie bitte sicher, alle mögliche Spamfilter zu sperren, die Sie für unsere Web site haben können, damit E-Mail-Nachrichten Sie erreichen können . Su email address debe ser legítimo y verificado antes de sentir bien a un miembro de pleno derecho de los foros. Esté por favor seguro de inhabilitar cualquier filtro del Spam que usted pueda tener para nuestro Web site, de modo que los correos electrónicos puedan alcanzarle . Seu email address deve ser legítimo e verific antes de assentar bem em um membro integral dos fóruns. Seja por favor certo incapacitar todos os filtros que do Spam você puder ter para nosso Web site, de modo que os mensagens de correio electrónico possam o alcangar. . Din e-post tilltalar måste vara legitim och verifierat för passande en full medlem av forumen. Behaga är säkert att inaktivera någon spam filtrerar dig kan ha för vår website, så att e-postmeddelanden kan ne dig. . Il vostro email address deve essere legittimo e verificato prima di stare bene ad un membro titolare delle tribune. Sia prego sicuro rendere invalidi tutti i filtri che dallo Spam potete avere per il nostro Web site, di modo che i messaggi di posta elettronica possono raggiungerli. . Η διεύθυνση ηλεκτρονικού ταχυδρομείου σας πρέπει να είναι νόμιμη και ελεγγμένη πρίν γίνεται πλήρες μέλος των φόρουμ. Παρακαλώ να είστε βέβαιος να θέσει εκτός λειτουργίας οποιωνδήποτε φίλτρα spam που μπορείτε να έχετε για τον ιστοχώρο μας, έτσι ώστε τα μηνύματα ηλεκτρονικού ταχυδρομείου μπορούν να φθάσουν σε σας. . Ваш адрес электронной почты должен быть правомерен и подтвержен перед идти действительным членом форумов. Пожалуйста уверен вывести все фильтры из строя спам вы можете иметь для нашего вебсайта, так, что сообщения по электронной почте смогут достигнуть вас. . 您的电子邮件必须是合法和核实在适合论坛的一个正式成员之前。 请务必使您可以为我们的网站有的所有发送同样的消息到多个新闻组过滤器失去能力,因此电子邮件可能到达您 . あなたの電子メールアドレスはフォーラムのフールメンバーに似合う前に正当、確認されなければならない。 電子メールメッセージが達することができるようにあなたが私達のウェブサイトのために持つかもしれないスパムフィルターを不具にすること確実がありなさい。 Hilfe in Deutsch, Ayuda en español, Aide en français, Hulp in het Nederlands Forum Rules Support Forums Before you post to one of the specific Client Help and Support Conferences in Gnutella Client Forums please look through other threads and Stickies that may answer your questions. Most problems are not new. The Search function is most useful. Also the red Stickies have answers to the most commonly asked questions. (over 90 percent). If your problem is not resolved by a search of the forums, please take the next step and post in the appropriate forum. There are many members who will be glad to help. If you are new to the world of file sharing please do not be shy! Everyone was ‘new’ when they first started. When posting, please include details for: Your Operating System ....... Your version of your Gnutella Client (* this is important for helping solve problems) ....... Your Internet connection (56K, Cable, DSL) ....... The exact error message, if one pops up Any other relevant information that you think may help ....... Try to make your post descriptive, specific, and clear so members can quickly and efficiently help you. To aid helpers in solving download/upload problems, LimeWire and Frostwire users must specify whether they are downloading a torrent file or a file from the Gnutella network. Members need to supply these details >>> System details - help us to help you (click on blue link) Moderators There are senior members on the forums who serve as Moderators. These volunteers keep the board organized and moving. Moderators are authorized to: (in order of increasing severity) Move posts to the correct forums. Many times, members post in the wrong forum. These off-topic posts may impede the normal operation of the forum. Edit posts. Moderators will edit posts that are offensive or break any of the House Rules. Delete posts. Posts that cannot be edited to comply with the House Rules will be deleted. Restrict members. This is one of the last punishments before a member is banned. Restrictions may include placing all new posts in a moderation queue or temporarily banning the offender. Ban members. The most severe punishment. Three or more moderators or administrators must agree to the ban for this action to occur. Banning is reserved for very severe offenses and members who, after many warnings, fail to comply with the House Rules. Banning is permanent. Bans cannot be removed by the moderators and probably won't be removed by the administration. The Rules 1. Warez, copyright violation, or any other illegal activity may NOT be linked or expressed in any form. Topics discussing techniques for violating these laws and messages containing locations of web sites or other servers hosting illegal content will be silently removed. Multiple offenses will result in consequences. 2. Spamming and excessive advertising will not be tolerated. Commercial advertising is not allowed in any form, including using in signatures. 3. There will be no excessive use of profanity in any forum. 4. There will be no racial, ethnic, or gender based insults, or any other personal attacks. 5. Pictures may be attached to posts and signatures if they are not sexually explicit or offensive. 6. Remember to post in the correct forum. Take your time to look at other threads and see where your post will go. If your post is placed in the wrong forum it will be moved by a moderator. There are specific Gnutella Client sections for LimeWire, Phex, FrostWire, BearShare, Gnucleus, Morpheus, and many more. Please choose the correct section for your problem. 7. If you see a post in the wrong forum or in violation of the House Rules, please contact a moderator via Private Message or the "Report this post to a moderator" link at the bottom of every post. Please do not respond directly to the member - a moderator will do what is required. 8. Any impersonation of a forum member in any mode of communication is strictly prohibited and will result in banning. 9. Multiple copies of the same post will not be tolerated. Post your question, comment, or complaint only once. There is no need to express yourself more than once. Duplicate posts will be deleted with little or no warning. 10. Posts should have descriptive subjects. Vague titles such as "Help!", "Why?", and the like may not get enough attention to the contents. 11. Do not divulge anyone's personal information in the forum, not even your own. This includes e-mail addresses, IP addresses, age, house address, and any other distinguishing information. Don´t use eMail addresses in your nick. Reiterating, do not post your email address in posts. This is for your own protection. 12. Signatures may be used as long as they are not offensive or sexually explicit or used for commercial advertising. 13. Failure to show that you have read the forum rules may result in forum rules breach infraction points or warnings awarded against you which may later total up to an automatic temporary or permanent ban. Supplying system details is a prerequisite in most cases, particularly with connection or installation issues. Violation of any of these rules will bring consequences, determined on a case-by-case basis. Thank You! Thanks for taking the time to read these forum guidelines. We hope your visit is helpful and mutually beneficial to the entire community. |
 |
| | LinkBack | Thread Tools | Display Modes |
January 12th, 2008
| |||
| |||
 Uploads Aborting I just installed Phex a couple of hours ago. It seemed to go smoothly, with one exception: Every single upload has a status of "aborted". I've been through the forums looking for an answer, and found nothing so far that really hits the mark. I'm a veteran Limewire and Bearshare user, and both run just fine, utilizing the same port. System info: Win XP Pro w/ SP2 1gb Ram 300+ gb free disk space Phex ver. 3.2.0.102 Listening on port 6348 Connection is Async Cable with 16Mbps/down and 2Mbps/up This is a dedicated P2P machine. It is outside the firewall, in a DMZ. Ports are also forwarded in the router. I am running in Ultrapeer set at 32 peers, 30 leaves. TCPIP.SYS is set at 100 connections. Sharing approx 21,000 files. Thanks in advance for any help anyone can give! Cheers Nick  |
|
January 13th, 2008
| ||||
| ||||
| That's those forged TCP reset packets again. It wouldn't help if you blocked them because they are also sending them to the uploaders as well. |
|
January 13th, 2008
| |||
| |||
| forged TCP packets I sort of get the concept of what they're doing, but could you elaborate a bit? I'm a little foggy on the process, I suppose. It looks like I'm getting valid upload requests (as far as the originating addresses are concerned. Instead, they are bogus, and the end result is that legitimate uploads are being blocked, as BS (and Phex, now) is being swamped. Does that sound about right? Blocking addresses wouldn't work, because they're hijacking legit addresses, right? The thing is, I do have a considerable amount of computer resources to throw at the problem, which I would love to do, just to counter what they're doing. A better understanding of the latter might give me some idea of what I could do with the former. I'd be interested to see what firing up Phex on a parallel processor Unix machine might accomplish. If nothing else, it might keep them quite busy keeping up with it.  Cheers, Nick PS (Why is Limewire evidently impervious to these attacks? It just cooks along, with 5 or 10 users getting through consistently.) |
|
January 13th, 2008
| ||||
| ||||
| Those are valid uploads, but Cox has a Sandvine router that detects attempts to download from you and creates two forged TCP packets with the RST flag on and falsified source addresses copied from you and the other person. You won't be able to pinpoint this illegal abuse of the TCP protocol because the originating addresses in both packets at both ends are forged. This will probably be ruled illegal in the ComCast case because they were caught doing it to bittorrent users and are persistently lying about it to the press and the authorities, claiming that they were only "delaying" uploads while it is obvious to all the independant observers who tested it that they were actually stopping all uploads completely. Once that is done, Sandvine will probably have to upgrade all their routers to disable this illegal method of hacking that interferes with net neutrality. If they don't, the next thing we'll see is millions of users adding filtering to disable all reset packets, breaking the normal TCP protocol, which will probably get the big network companies sweating bullets. Even now, Linux users all over the world are taking advantage of it's flexibility and disabling reset packets with a simple command to their firewalls. |
|
January 13th, 2008
| |||
| |||
| Phex vs. Cox Oops, I think I might have broken something over at Cox. I fired up Phex on my Sun Fire Server (w/ 4 Quad Xeon processors on it). Before attempting this endeavor, I did some reading on reset attacks - pretty grim stuff. I installed Phex, and immediately starting getting the constant aborts. So, I set the firewall in the router to reject all TCP reset packets. The aborts continued for about 5 minutes after that, then stopped. I read a white paper on the reset attacks, and therein saw some calculations based on how many packets could actually be killed, based on connection speed. You've gotta figure that if Cox was doing it, they pretty much have unlimited bandwidth to play with. Nevertheless, neither that bandwidth nor the device that's doing the tampering has infinite capacity. Unless they're running a mainframe, I've gotta believe my Sun Fire is about as fast as anything they have. So, I set the program to accept as many incoming requests as possible, rejecting the resets, and within minutes, the attack was over. I just fired up BS on the XP machine, and it's running fine, humming along with 12 uploads at once, and a full queue. Honestly, I'm not sure what I did, but I felt the need to try *something* in retaliation. Hopefully, I won't have to do it again, as this sort of escapade is not what the Sun Fire is meant to be used for (it does climate modeling, normally). It has also occured to me that Cox might not have been the culprit. I know of no way to trace those reset packets, since the originating address is legit. I'm not sure that the reset attack would have to live in the route I'm using. Guess I need to do some more reading. Anyway, there it is. A solution of sorts, I think, but probably not one that's going to work for many of us. I've no idea how long it will work here, for that matter. Well, I'm off to fix the Sun Fire, before some people start complaining. Cheers Nick |
|
January 13th, 2008
| |||
| |||
| Ah... that fleeting feeling of victory It took someone over at Cox (or wherever) about 2 hours to figure out their program needed to be rebooted. After which time, the reset attacks resumed. Point of note: Once this began again, I did a hard reset of the cable modem and router, and forced Cox to reissue my IP address. The attacks continue, which leads me to believe that it is a system-wide process aimed at gnutella traffic, versus one that is targeting specific users at whom they're annoyed (I'm sure I fall into that category, by now). Looks like it's time to figure out how to block reset packets under XP... Cheers Nick |
|
January 14th, 2008
| ||||
| ||||
| That's quite an impressive test you did. I'm not sure I understand all specifics, but as far as I see it, you managed to avoid their attack by just telling your router to reject it. If I understand it correctly, this also means, that the utilized TCP implementation of the program is the target. Does the TCP management happen at the OS level, or at the program level? If it is at the program level, it might be possible to add some code which detects excess levels of reset packets in the pipe and just ignores them. Maybe that's what LimeWire already does...
__________________  -> put this banner into your own signature! <- -- Erst im Spiel lebt der Mensch. Nur ludantaj homoj vivas. GnuFU.net - Gnutella For Users Draketo.de - Shortstories, Poems, Music and strange Ideas. |
|
January 14th, 2008
| |||
| |||
| TCP Reset Packets From what I understand, the "device" in the pipeline will take packets and essentially clone them, with the exception of setting the RST control bit in the header. There must be some way of identifying Gnutella packets, possibly by the usual ports most P2P software uses. I don't believe they're simply nailing all the packets at a specific address, since most other traffic is getting through (and going out) just fine. Also, I don't think that whatever they're using is 100% effective, which is probably why my brute force response gave them a little more work than they could handle. With Limewire (vs. Bearshare or Phex), if the software can handle sufficient incoming requests then *some* valid ones are getting through, hence Limewire's ability to find the good amid all the crap coming in. Of course, that's just a theory, and isn't really based on anything other than observation, which means it could be completely wrong. I don't know enough about Limewire's internals to hazard a real (intelligent) guess. So, if your question is "are they aiming this at P2P apps?" and not just all TCP packets, I'd say yes, my testing would seem to indicate that it is targeting P2P. Which also would mean that it is indeed Cox, or some other anti-sharing entity, who's behind the attacks. I'm going to try and think up some more tests, and I may bring another (not quite so fast) Sparc online to do it with, since there's a little more control with TCP than under WinXP. Idea's would be appreciated. Cheers Nick |
|
January 15th, 2008
| ||||
| ||||
| Finding Gnutella packets is quite easy, because, even though they are inflated, they all begin with the same TCP headers, so they can be spotted quite easily, since all deflated message will begin the same: Handshaking - Gnutella Specification What my current question is: Does Phex have enough control over TCP to just the RST bit, if it is sent in excess.
__________________ -> put this banner into your own signature! <- -- Erst im Spiel lebt der Mensch. Nur ludantaj homoj vivas. GnuFU.net - Gnutella For Users Draketo.de - Shortstories, Poems, Music and strange Ideas. |
|
January 15th, 2008
| ||||
| ||||
| Maybe you could try sending a forged Gnutella Connect packet to yourself, and see if the RST herader gets added.
__________________ -> put this banner into your own signature! <- -- Erst im Spiel lebt der Mensch. Nur ludantaj homoj vivas. GnuFU.net - Gnutella For Users Draketo.de - Shortstories, Poems, Music and strange Ideas. |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
