Gnutella Forums  

Go Back   Gnutella Forums > Current Gnutella Client Forums > Phex (Cross-platform) > General Discussion
Register FAQ The Twelve Commandments Members List Calendar Arcade Find the Best VPN Search Today's Posts Mark Forums Read

General Discussion For anything which doesn't fit somewhere else (for PHEX users)


Welcome To Gnutella Forums

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, fun aspects such as the image caption contest and play in the arcade, and access many other special features after your registration and email confirmation. Registration is fast, simple and absolutely free so please, join our community today! (click here) (Note: we use Yandex mail server so make sure yandex is not on your email filter or blocklist.)

If you have any problems with the Gnutella Forum registration process or your Gnutella Forum account login, please contact us (this is not for program use questions.) Your email address must be legitimate and verified before becoming a full member of the forums. Please be sure to disable any spam filters you may have for our website, so that email messages can reach you.
Note: Any other issue with registration, etc., send a Personal Message (PM) to one of the active Administrators: Lord of the Rings or Birdy.

Once registered but before posting, members MUST READ the FORUM RULES (click here) and members should include System details - help us to help you (click on blue link) in their posts if their problem relates to using the program. Whilst forum helpers are happy to help where they can, without these system details your post might be ignored. And wise to read How to create a New Thread

Thank you

If you are a Spammer click here.
This is not a business advertising forum, all member profiles with business advertising will be banned, all their posts removed. Spamming is illegal in many countries of the world. Guests and search engines cannot view member profiles.



           Deutsch?              Español?                  Français?                   Nederlands?
   Hilfe in Deutsch,   Ayuda en español,   Aide en français et LimeWire en françaisHulp in het Nederlands

Forum Rules

Support Forums

Before you post to one of the specific Client Help and Support Conferences in Gnutella Client Forums please look through other threads and Stickies that may answer your questions. Most problems are not new. The Search function is most useful. Also the red Stickies have answers to the most commonly asked questions. (over 90 percent).
If your problem is not resolved by a search of the forums, please take the next step and post in the appropriate forum. There are many members who will be glad to help.
If you are new to the world of file sharing please do not be shy! Everyone was ‘new’ when they first started.

When posting, please include details for:
Your Operating System ....... Your version of your Gnutella Client (* this is important for helping solve problems) ....... Your Internet connection (56K, Cable, DSL) ....... The exact error message, if one pops up
Any other relevant information that you think may help ....... Try to make your post descriptive, specific, and clear so members can quickly and efficiently help you. To aid helpers in solving download/upload problems, LimeWire and Frostwire users must specify whether they are downloading a torrent file or a file from the Gnutella network.
Members need to supply these details >>> System details - help us to help you (click on blue link)


Moderators

There are senior members on the forums who serve as Moderators. These volunteers keep the board organized and moving.
Moderators are authorized to: (in order of increasing severity)
Move posts to the correct forums. Many times, members post in the wrong forum. These off-topic posts may impede the normal operation of the forum.
Edit posts. Moderators will edit posts that are offensive or break any of the House Rules.
Delete posts. Posts that cannot be edited to comply with the House Rules will be deleted.
Restrict members. This is one of the last punishments before a member is banned. Restrictions may include placing all new posts in a moderation queue or temporarily banning the offender.
Ban members. The most severe punishment. Three or more moderators or administrators must agree to the ban for this action to occur. Banning is reserved for very severe offenses and members who, after many warnings, fail to comply with the House Rules. Banning is permanent. Bans cannot be removed by the moderators and probably won't be removed by the administration.


The Rules

1. Warez, copyright violation, or any other illegal activity may NOT be linked or expressed in any form. Topics discussing techniques for violating these laws and messages containing locations of web sites or other servers hosting illegal content will be silently removed. Multiple offenses will result in consequences. File names are not required to discuss your issues. If filenames are copyright then do not belong on these forums & will be edited out or post removed. Picture sample attachments in posts must not include copyright infringement.

2. Spamming and excessive advertising will not be tolerated. Commercial advertising is not allowed in any form, including using in signatures.

3. There will be no excessive use of profanity in any forum.

4. There will be no racial, ethnic, or gender based insults, or any other personal attacks.

5. Pictures may be attached to posts and signatures if they are not sexually explicit or offensive. Picture sample attachments in posts must not include copyright infringement.

6. Remember to post in the correct forum. Take your time to look at other threads and see where your post will go. If your post is placed in the wrong forum it will be moved by a moderator. There are specific Gnutella Client sections for LimeWire, Phex, FrostWire, BearShare, Gnucleus, Morpheus, and many more. Please choose the correct section for your problem.

7. If you see a post in the wrong forum or in violation of the House Rules, please contact a moderator via Private Message or the "Report this post to a moderator" link at the bottom of every post. Please do not respond directly to the member - a moderator will do what is required.

8. Any impersonation of a forum member in any mode of communication is strictly prohibited and will result in banning.

9. Multiple copies of the same post will not be tolerated. Post your question, comment, or complaint only once. There is no need to express yourself more than once. Duplicate posts will be deleted with little or no warning. Keep in mind a forum censor may temporarily automatically hold up your post, if you do not see your post, do not post again, it will be dealt with by a moderator within a reasonable time. Authors of multiple copies of same post may be dealt with by moderators within their discrete judgment at the time which may result in warning or infraction points, depending on severity as adjudged by the moderators online.

10. Posts should have descriptive topics. Vague titles such as "Help!", "Why?", and the like may not get enough attention to the contents.

11. Do not divulge anyone's personal information in the forum, not even your own. This includes e-mail addresses, IP addresses, age, house address, and any other distinguishing information. Don´t use eMail addresses in your nick. Reiterating, do not post your email address in posts. This is for your own protection.

12. Signatures may be used as long as they are not offensive or sexually explicit or used for commercial advertising. Commercial weblinks cannot be used under any circumstances and will result in an immediate ban.

13. Dual accounts are not allowed. Cannot explain this more simply. Attempts to set up dual accounts will most likely result in a banning of all forum accounts.

14. Video links may only be posted after you have a tally of two forum posts. Video link posting with less than a 2 post tally are considered as spam. Video link posting with less than a 2 post tally are considered as spam.

15. Failure to show that you have read the forum rules may result in forum rules breach infraction points or warnings awarded against you which may later total up to an automatic temporary or permanent ban. Supplying system details is a prerequisite in most cases, particularly with connection or installation issues.

Violation of any of these rules will bring consequences, determined on a case-by-case basis.


Thank You! Thanks for taking the time to read these forum guidelines. We hope your visit is helpful and mutually beneficial to the entire community.


Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old January 12th, 2008
Share Junkie
 
Join Date: July 18th, 2007
Location: AZ
Posts: 41
Nick Storm is flying high
Default Uploads Aborting

I just installed Phex a couple of hours ago. It seemed to go smoothly, with one exception: Every single upload has a status of "aborted". I've been through the forums looking for an answer, and found nothing so far that really hits the mark.

I'm a veteran Limewire and Bearshare user, and both run just fine, utilizing the same port.

System info:

Win XP Pro w/ SP2
1gb Ram
300+ gb free disk space
Phex ver. 3.2.0.102
Listening on port 6348
Connection is Async Cable with 16Mbps/down and 2Mbps/up

This is a dedicated P2P machine. It is outside the firewall, in a DMZ. Ports are also forwarded in the router.

I am running in Ultrapeer set at 32 peers, 30 leaves. TCPIP.SYS is set at 100 connections. Sharing approx 21,000 files.

Thanks in advance for any help anyone can give!

Cheers

Nick
Reply With Quote
  #2 (permalink)  
Old January 12th, 2008
AaronWalkhouse's Avatar
***ּLegendary Axeman***ּ
 
Join Date: January 17th, 2005
Location: My igloos melt in June.
Posts: 1,974
AaronWalkhouse is a great assister to others; your light through the dark tunnel
Default

That's those forged TCP reset packets again. It wouldn't help if you blocked them because they
are also sending them to the uploaders as well.
Reply With Quote
  #3 (permalink)  
Old January 13th, 2008
Share Junkie
 
Join Date: July 18th, 2007
Location: AZ
Posts: 41
Nick Storm is flying high
Default forged TCP packets

I sort of get the concept of what they're doing, but could you elaborate a bit? I'm a little foggy on the process, I suppose. It looks like I'm getting valid upload requests (as far as the originating addresses are concerned. Instead, they are bogus, and the end result is that legitimate uploads are being blocked, as BS (and Phex, now) is being swamped. Does that sound about right? Blocking addresses wouldn't work, because they're hijacking legit addresses, right?

The thing is, I do have a considerable amount of computer resources to throw at the problem, which I would love to do, just to counter what they're doing. A better understanding of the latter might give me some idea of what I could do with the former. I'd be interested to see what firing up Phex on a parallel processor Unix machine might accomplish. If nothing else, it might keep them quite busy keeping up with it.

Cheers,

Nick

PS (Why is Limewire evidently impervious to these attacks? It just cooks along, with 5 or 10 users getting through consistently.)
Reply With Quote
  #4 (permalink)  
Old January 13th, 2008
AaronWalkhouse's Avatar
***ּLegendary Axeman***ּ
 
Join Date: January 17th, 2005
Location: My igloos melt in June.
Posts: 1,974
AaronWalkhouse is a great assister to others; your light through the dark tunnel
Default

Those are valid uploads, but Cox has a Sandvine router that detects attempts to
download from you and creates two forged TCP packets with the RST flag on and
falsified source addresses copied from you and the other person. You won't be
able to pinpoint this illegal abuse of the TCP protocol because the originating
addresses in both packets at both ends are forged.

This will probably be ruled illegal in the ComCast case because they were caught
doing it to bittorrent users and are persistently lying about it to the press and the
authorities, claiming that they were only "delaying" uploads while it is obvious to
all the independant observers who tested it that they were actually stopping all
uploads completely.

Once that is done, Sandvine will probably have to upgrade all their routers to
disable this illegal method of hacking that interferes with net neutrality. If they
don't, the next thing we'll see is millions of users adding filtering to disable
all reset packets, breaking the normal TCP protocol, which will probably get
the big network companies sweating bullets. Even now, Linux users all over the
world are taking advantage of it's flexibility and disabling reset packets with a
simple command to their firewalls.
Reply With Quote
  #5 (permalink)  
Old January 13th, 2008
Share Junkie
 
Join Date: July 18th, 2007
Location: AZ
Posts: 41
Nick Storm is flying high
Default Phex vs. Cox

Oops, I think I might have broken something over at Cox.
I fired up Phex on my Sun Fire Server (w/ 4 Quad Xeon processors on it). Before attempting this endeavor, I did some reading on reset attacks - pretty grim stuff.

I installed Phex, and immediately starting getting the constant aborts. So, I set the firewall in the router to reject all TCP reset packets. The aborts continued for about 5 minutes after that, then stopped.

I read a white paper on the reset attacks, and therein saw some calculations based on how many packets could actually be killed, based on connection speed. You've gotta figure that if Cox was doing it, they pretty much have unlimited bandwidth to play with. Nevertheless, neither that bandwidth nor the device that's doing the tampering has infinite capacity. Unless they're running a mainframe, I've gotta believe my Sun Fire is about as fast as anything they have. So, I set the program to accept as many incoming requests as possible, rejecting the resets, and within minutes, the attack was over.

I just fired up BS on the XP machine, and it's running fine, humming along with 12 uploads at once, and a full queue.

Honestly, I'm not sure what I did, but I felt the need to try *something* in retaliation. Hopefully, I won't have to do it again, as this sort of escapade is not what the Sun Fire is meant to be used for (it does climate modeling, normally).

It has also occured to me that Cox might not have been the culprit. I know of no way to trace those reset packets, since the originating address is legit. I'm not sure that the reset attack would have to live in the route I'm using. Guess I need to do some more reading.

Anyway, there it is. A solution of sorts, I think, but probably not one that's going to work for many of us. I've no idea how long it will work here, for that matter.

Well, I'm off to fix the Sun Fire, before some people start complaining.

Cheers

Nick
Reply With Quote
  #6 (permalink)  
Old January 13th, 2008
Share Junkie
 
Join Date: July 18th, 2007
Location: AZ
Posts: 41
Nick Storm is flying high
Default Ah... that fleeting feeling of victory

It took someone over at Cox (or wherever) about 2 hours to figure out their program needed to be rebooted. After which time, the reset attacks resumed.

Point of note: Once this began again, I did a hard reset of the cable modem and router, and forced Cox to reissue my IP address. The attacks continue, which leads me to believe that it is a system-wide process aimed at gnutella traffic, versus one that is targeting specific users at whom they're annoyed (I'm sure I fall into that category, by now).

Looks like it's time to figure out how to block reset packets under XP...

Cheers

Nick
Reply With Quote
  #7 (permalink)  
Old January 14th, 2008
arne_bab's Avatar
Draketo, small dragon.
 
Join Date: May 31st, 2002
Location: Heidelberg, Germany
Posts: 1,881
arne_bab is a great assister to others; your light through the dark tunnel
Default

That's quite an impressive test you did.

I'm not sure I understand all specifics, but as far as I see it, you managed to avoid their attack by just telling your router to reject it.

If I understand it correctly, this also means, that the utilized TCP implementation of the program is the target.

Does the TCP management happen at the OS level, or at the program level?

If it is at the program level, it might be possible to add some code which detects excess levels of reset packets in the pipe and just ignores them. Maybe that's what LimeWire already does...
__________________

-> put this banner into your own signature! <-
--
Erst im Spiel lebt der Mensch.
Nur ludantaj homoj vivas.
GnuFU.net - Gnutella For Users
Draketo.de - Shortstories, Poems, Music and strange Ideas.
Reply With Quote
  #8 (permalink)  
Old January 14th, 2008
Share Junkie
 
Join Date: July 18th, 2007
Location: AZ
Posts: 41
Nick Storm is flying high
Default TCP Reset Packets

From what I understand, the "device" in the pipeline will take packets and essentially clone them, with the exception of setting the RST control bit in the header. There must be some way of identifying Gnutella packets, possibly by the usual ports most P2P software uses. I don't believe they're simply nailing all the packets at a specific address, since most other traffic is getting through (and going out) just fine.

Also, I don't think that whatever they're using is 100% effective, which is probably why my brute force response gave them a little more work than they could handle.
With Limewire (vs. Bearshare or Phex), if the software can handle sufficient incoming requests then *some* valid ones are getting through, hence Limewire's ability to find the good amid all the crap coming in. Of course, that's just a theory, and isn't really based on anything other than observation, which means it could be completely wrong. I don't know enough about Limewire's internals to hazard a real (intelligent) guess.

So, if your question is "are they aiming this at P2P apps?" and not just all TCP packets, I'd say yes, my testing would seem to indicate that it is targeting P2P. Which also would mean that it is indeed Cox, or some other anti-sharing entity, who's behind the attacks.

I'm going to try and think up some more tests, and I may bring another (not quite so fast) Sparc online to do it with, since there's a little more control with TCP than under WinXP. Idea's would be appreciated.

Cheers

Nick
Reply With Quote
  #9 (permalink)  
Old January 15th, 2008
arne_bab's Avatar
Draketo, small dragon.
 
Join Date: May 31st, 2002
Location: Heidelberg, Germany
Posts: 1,881
arne_bab is a great assister to others; your light through the dark tunnel
Default

Finding Gnutella packets is quite easy, because, even though they are inflated, they all begin with the same TCP headers, so they can be spotted quite easily, since all deflated message will begin the same:

Handshaking - Gnutella Specification

What my current question is: Does Phex have enough control over TCP to just the RST bit, if it is sent in excess.
__________________

-> put this banner into your own signature! <-
--
Erst im Spiel lebt der Mensch.
Nur ludantaj homoj vivas.
GnuFU.net - Gnutella For Users
Draketo.de - Shortstories, Poems, Music and strange Ideas.
Reply With Quote
  #10 (permalink)  
Old January 15th, 2008
arne_bab's Avatar
Draketo, small dragon.
 
Join Date: May 31st, 2002
Location: Heidelberg, Germany
Posts: 1,881
arne_bab is a great assister to others; your light through the dark tunnel
Default

Maybe you could try sending a forged Gnutella Connect packet to yourself, and see if the RST herader gets added.
__________________

-> put this banner into your own signature! <-
--
Erst im Spiel lebt der Mensch.
Nur ludantaj homoj vivas.
GnuFU.net - Gnutella For Users
Draketo.de - Shortstories, Poems, Music and strange Ideas.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 09:49 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.