Gnutella Forums

Gnutella Forums (https://www.gnutellaforums.com/)
-   LimeWire Beta Archives (https://www.gnutellaforums.com/limewire-beta-archives/)
-   -   1000's of 6346 hits from one IP-help! (https://www.gnutellaforums.com/limewire-beta-archives/3673-1000s-6346-hits-one-ip-help.html)

dallas7 September 16th, 2001 02:35 PM
1000's of 6346 hits from one IP-help!
 
For a few days last week I was on the Gnutella network for the first time with Limewire 1.6d. Though it's been several days since I disconnected, my firewall logs show tens of thousands of port 6346 hits from a single IP: 131.116.76.178. And there does not seem to be any end in sight. Having used the Gnutella network for well over a year with various servents, I am quite familiar with the lingering effects of 6346 port activity after terminating the use of a servent. I never considered it to be much of a problem. However, this current situation is beyond tolerance and is affecting my ability to monitor my firewall logs for real threats. Can you offer any help? Thank you.

ps I've already disconnected the computer from the network for 24 hrs

pps I've already sent email to abuse@, registry@ and dns@telia.net

ppps I'm posting here as I would think there is a more powerful user base on this thread than others and perhaps the next Limewire (or next generation of servents in general) can disconnect from the Gnutella network without the lingering 6346 port activity

Thanks again.

Unregistered September 17th, 2001 08:43 AM
Your experience adds to my suspicion that there is some sort of DoS attack taking place in Gnutella these past several months. Since LimeWire offers so little diagnostic info, I haven't been able to prove or disprove anything, but I've definitely noticed a dropoff in network performance. I wouldn't be surprised if the RIAA or the movie industries was secretly paying some hackers to disrupt things.

The question is: what can be done to improve the Gnutella protocol/network to resist DoS attacks?

TruStarwarrior September 17th, 2001 03:54 PM
Blacklist known offenders by their IP address?

SRL September 27th, 2001 12:02 PM
I've noticed a drop-off too. I'm using Gnucleus which gives you more info than LimeWire, but I can't really see anything too unusual. What I'm seeing mostly is a drop-off in the number search results VS. searches. Usually this kind of thing happens when a more popular client makes a change (or has a bug) in its handling of things. In such cases I like to hope it's usually accidental and will be fixed. Unfortunately, as the number of different peers increases this kind of problem may become more likely.

A ddos attack would have to come in the form of a flood of search, ping, or pong packets (etc.) since completely bad packets are usually just dropped, but while I'm seeing a lot of those, it's not unusually high (at least to my eyes).


All times are GMT -7. The time now is 01:50 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.