Gnutella Forums  

Go Back   Gnutella Forums > Gnutella News and Gnutelliums Forums > General Gnutella / Gnutella Network Discussion
Register FAQ The Twelve Commandments Members List Calendar Arcade Find the Best VPN Search Today's Posts Mark Forums Read

General Gnutella / Gnutella Network Discussion For general discussion about Gnutella and the Gnutella network.
For discussion about a specific Gnutella client program, please post in one of the client forums above.


Welcome To Gnutella Forums

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, fun aspects such as the image caption contest and play in the arcade, and access many other special features after your registration and email confirmation. Registration is fast, simple and absolutely free so please, join our community today! (click here) (Note: we use Yandex mail server so make sure yandex is not on your email filter or blocklist.)

If you have any problems with the Gnutella Forum registration process or your Gnutella Forum account login, please contact us (this is not for program use questions.) Your email address must be legitimate and verified before becoming a full member of the forums. Please be sure to disable any spam filters you may have for our website, so that email messages can reach you.
Note: Any other issue with registration, etc., send a Personal Message (PM) to one of the active Administrators: Lord of the Rings or Birdy.

Once registered but before posting, members MUST READ the FORUM RULES (click here) and members should include System details - help us to help you (click on blue link) in their posts if their problem relates to using the program. Whilst forum helpers are happy to help where they can, without these system details your post might be ignored. And wise to read How to create a New Thread

Thank you

If you are a Spammer click here.
This is not a business advertising forum, all member profiles with business advertising will be banned, all their posts removed. Spamming is illegal in many countries of the world. Guests and search engines cannot view member profiles.



           Deutsch?              Español?                  Français?                   Nederlands?
   Hilfe in Deutsch,   Ayuda en español,   Aide en français et LimeWire en françaisHulp in het Nederlands

Forum Rules

Support Forums

Before you post to one of the specific Client Help and Support Conferences in Gnutella Client Forums please look through other threads and Stickies that may answer your questions. Most problems are not new. The Search function is most useful. Also the red Stickies have answers to the most commonly asked questions. (over 90 percent).
If your problem is not resolved by a search of the forums, please take the next step and post in the appropriate forum. There are many members who will be glad to help.
If you are new to the world of file sharing please do not be shy! Everyone was ‘new’ when they first started.

When posting, please include details for:
Your Operating System ....... Your version of your Gnutella Client (* this is important for helping solve problems) ....... Your Internet connection (56K, Cable, DSL) ....... The exact error message, if one pops up
Any other relevant information that you think may help ....... Try to make your post descriptive, specific, and clear so members can quickly and efficiently help you. To aid helpers in solving download/upload problems, LimeWire and Frostwire users must specify whether they are downloading a torrent file or a file from the Gnutella network.
Members need to supply these details >>> System details - help us to help you (click on blue link)


Moderators

There are senior members on the forums who serve as Moderators. These volunteers keep the board organized and moving.
Moderators are authorized to: (in order of increasing severity)
Move posts to the correct forums. Many times, members post in the wrong forum. These off-topic posts may impede the normal operation of the forum.
Edit posts. Moderators will edit posts that are offensive or break any of the House Rules.
Delete posts. Posts that cannot be edited to comply with the House Rules will be deleted.
Restrict members. This is one of the last punishments before a member is banned. Restrictions may include placing all new posts in a moderation queue or temporarily banning the offender.
Ban members. The most severe punishment. Three or more moderators or administrators must agree to the ban for this action to occur. Banning is reserved for very severe offenses and members who, after many warnings, fail to comply with the House Rules. Banning is permanent. Bans cannot be removed by the moderators and probably won't be removed by the administration.


The Rules

1. Warez, copyright violation, or any other illegal activity may NOT be linked or expressed in any form. Topics discussing techniques for violating these laws and messages containing locations of web sites or other servers hosting illegal content will be silently removed. Multiple offenses will result in consequences. File names are not required to discuss your issues. If filenames are copyright then do not belong on these forums & will be edited out or post removed. Picture sample attachments in posts must not include copyright infringement.

2. Spamming and excessive advertising will not be tolerated. Commercial advertising is not allowed in any form, including using in signatures.

3. There will be no excessive use of profanity in any forum.

4. There will be no racial, ethnic, or gender based insults, or any other personal attacks.

5. Pictures may be attached to posts and signatures if they are not sexually explicit or offensive. Picture sample attachments in posts must not include copyright infringement.

6. Remember to post in the correct forum. Take your time to look at other threads and see where your post will go. If your post is placed in the wrong forum it will be moved by a moderator. There are specific Gnutella Client sections for LimeWire, Phex, FrostWire, BearShare, Gnucleus, Morpheus, and many more. Please choose the correct section for your problem.

7. If you see a post in the wrong forum or in violation of the House Rules, please contact a moderator via Private Message or the "Report this post to a moderator" link at the bottom of every post. Please do not respond directly to the member - a moderator will do what is required.

8. Any impersonation of a forum member in any mode of communication is strictly prohibited and will result in banning.

9. Multiple copies of the same post will not be tolerated. Post your question, comment, or complaint only once. There is no need to express yourself more than once. Duplicate posts will be deleted with little or no warning. Keep in mind a forum censor may temporarily automatically hold up your post, if you do not see your post, do not post again, it will be dealt with by a moderator within a reasonable time. Authors of multiple copies of same post may be dealt with by moderators within their discrete judgment at the time which may result in warning or infraction points, depending on severity as adjudged by the moderators online.

10. Posts should have descriptive topics. Vague titles such as "Help!", "Why?", and the like may not get enough attention to the contents.

11. Do not divulge anyone's personal information in the forum, not even your own. This includes e-mail addresses, IP addresses, age, house address, and any other distinguishing information. Don´t use eMail addresses in your nick. Reiterating, do not post your email address in posts. This is for your own protection.

12. Signatures may be used as long as they are not offensive or sexually explicit or used for commercial advertising. Commercial weblinks cannot be used under any circumstances and will result in an immediate ban.

13. Dual accounts are not allowed. Cannot explain this more simply. Attempts to set up dual accounts will most likely result in a banning of all forum accounts.

14. Video links may only be posted after you have a tally of two forum posts. Video link posting with less than a 2 post tally are considered as spam. Video link posting with less than a 2 post tally are considered as spam.

15. Failure to show that you have read the forum rules may result in forum rules breach infraction points or warnings awarded against you which may later total up to an automatic temporary or permanent ban. Supplying system details is a prerequisite in most cases, particularly with connection or installation issues.

Violation of any of these rules will bring consequences, determined on a case-by-case basis.


Thank You! Thanks for taking the time to read these forum guidelines. We hope your visit is helpful and mutually beneficial to the entire community.


Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old March 18th, 2005
Gaggle
Guest
 
Posts: n/a
Default New Gnutella attack underway? 3-2005

I am seeing a lot of connections to some IP addresses with the same two starting numbers, like 216.34.XXX.XXX and they are ultrapeers using gnuc.
They connect for a little while and drop off, then I see another connection right after that for the same IP block, maybe with a different port number also and it goes on and on for a while.
We know who has the money and time to buy blocks of IPs to try to do this, it's some sort of DOS attack to try to shut down the network by making nodes think they are connected when they are not really.
The defense for this is easy, never connect to just one ultrapeer and check if it has good traffic or not by sending some test searches or something.
If the people who are doing this are who I think they are, then they are trying to shut down a perfectly LEGAL network and if they are tracked down (follow the money) they should be held accountable same as any other person doing a DOS attack to shut down an internet site or section of the internet. So beware!
Reply With Quote
  #2 (permalink)  
Old March 18th, 2005
Lord of the Rings's Avatar
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 616
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default

Would you suggest then these addesses should be blocked?

I came across these: http://www.gnutellaforums.com/showth...threadid=17691

http://www.gnutellaforums.com/showth...hlight=216.%2A

Last edited by Lord of the Rings; March 18th, 2005 at 06:15 AM.
Reply With Quote
  #3 (permalink)  
Old March 18th, 2005
Gaggle
Guest
 
Posts: n/a
Default

I'm seeing..

64.15.174.*
64.14.210.*
64.14.225.*
66.128.227.*
216.114.64.*

and ports on these same IPs keep going up as you connect, like this:

64.14.225.xx:6358
64.14.225.xx:6359
64.14.225.xx:6360
64.14.225.xx:6361
64.14.225.xx:6362
64.14.225.xx:6363

Since this doesn't stay connected long I would say the reason for this is simply trying to tie up as many nodes as possible, thus reducing the size of the network. I call that a DOS attack!

All they do is seed the hostlist when you connect so your hostlist gets full of their crap.

Someone should track this down and trace it back to you know who and counter sue the crap out of those *******s!

please refrain from posting exact addys here...we should not be help responsible for your possible chicanery

Last edited by Peerless; March 18th, 2005 at 04:09 PM.
Reply With Quote
  #4 (permalink)  
Old March 18th, 2005
et voilà's Avatar
+Modérateur à ses heures+
 
Join Date: July 26th, 2002
Location: Le Québec
Posts: 2,904
et voilà is a great assister to others; your light through the dark tunnel
Default

Are they those broken Gnucleus 1.8.4 hosts or are they using a newer implementation? I see lot of Gnucleus spam results these days too.

Ciao
Reply With Quote
  #5 (permalink)  
Old March 18th, 2005
Gaggle
Guest
 
Posts: n/a
Default

As you can see from the many ports open at those addresses that this is a modified version of, well, anything. They could be saying it's gnuc but maybe it's not. it was like 2.0.6 or something like that but it could say joesbarandgrill 5.6.5

The point is that it plugs up your connections and you can't search.

For those of you running programs that don't show the connections, this will be hard to figure out. All you will know is for some reason you can't search but yet you seem to be connected to a lot of nodes, or one ultrapeer if that's the way your client developer programmed it.

I just started putting those addresses in my block list and it has pretty much stopped.

So if you have a block list, just add those in and watch your connections for a ultrapeer that just sits there doing nothing.
Reply With Quote
  #6 (permalink)  
Old March 18th, 2005
Lord of the Rings's Avatar
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 616
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default

It would help us to know which client or version or variation of version of client you are using!?
Which client & version or variaton b/c it might just make a difference!!

Last edited by Lord of the Rings; March 18th, 2005 at 09:20 PM.
Reply With Quote
  #7 (permalink)  
Old March 31st, 2005
Gaggle
Guest
 
Posts: n/a
Default

This is a modified client, the SAME IP has many ports numbered in sequence.

6350, 6351, 6452, 6353, 6354

Isn't anyone else seeing this or do most of these clients hide the connection list?
If they do, then they are doing you a great disservice, because this attack will make it seem like you can't search for anything!

Checking into it further, it reports as Gnucleus 2.0.0.6, which icould easily be changed, any idiot can change a print statement. And the headers say GnucDNA 1.0.2.4

It then does all the GNUTELLA/0.6 OK stuff and then sends up to 30 small packets of who knows what and just sits there. It doesn't send any searches, which a normal client does do right away.

What makes me think this is a attack is the many port numbers at the same IP address.

Other versions of Gnuc connect just fine, as does bearshare, limewire etc.. so if it's ap roblem with this version of Gnuc, what changed to make it so incompatible?

It smells like an attack to me. Walks like a duck...
Reply With Quote
  #8 (permalink)  
Old April 1st, 2005
Gaggle
Guest
 
Posts: n/a
Default

These nodes connect, send you some packets and do nothing else!
No searches, if you are connected to them they do not pass on searches and they respond to nothing, mp3, mpg, avi, a e i o u, fart, mega, big, kinky, homeless, more, less, and, the, at, me, run, dont, freak, and a whole lot of other words.
It's an attack.
Why aren't you people seeing this on your clients?
Does your client show you a list of connected nodes?
Have you ever had a lot of connections and then not be able to search for anything?
This is the reason!
Reply With Quote
  #9 (permalink)  
Old April 1st, 2005
et voilà's Avatar
+Modérateur à ses heures+
 
Join Date: July 26th, 2002
Location: Le Québec
Posts: 2,904
et voilà is a great assister to others; your light through the dark tunnel
Default

We are seeing those spammers! I, for one, am too used to that spammed so I don't care anymore (never tried to dl a spam link too, they are so easy to spot ). I agree newbies are those who suffer by their inexperience with bogus results.

In future LW might include banning by sha1 (patch actually submitted by an open sourcer) and a confidence system (Credence or home brew).

We'll see, the attack is bearable for now

Ciao
Reply With Quote
  #10 (permalink)  
Old April 1st, 2005
Gaggle
Guest
 
Posts: n/a
Default

This is a CONNECTION issue, not a spam file issue, that's old and the files are easy to spot because they are small.

If you have a connection list, you will see a lot of connections to the same IP but different ports.

You will see a lot of connection attempts that will fail, and the list will show the same IP over and over with different ports going up in number sequence, or close to that.

These connections do not return search results at all, they "surround" your node and give you nothing! They prevent you from searching.

The attackers are counting on the fact that most of these "clients" out there hide the connection list because user's think it's booring to look at.

These nodes will drop off for lack of activity if your client does that, but then a bunch more on different ports come on and you are stuck.

You have to block these IPs and it's not easy.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is livewire under attack? chrisbaby Download/Upload Problems 2 July 17th, 2006 01:08 PM
Gnutella DoS attack? sdsalsero Open Discussion topics 9 June 1st, 2003 04:01 AM
Attack against Gnutella Network tiagonmas General Gnutella / Gnutella Network Discussion 5 October 3rd, 2002 07:42 AM
TCP SYN flood (DoS attack) colbyd General Gnutella / Gnutella Network Discussion 0 November 28th, 2001 09:04 AM
Gnutella/filesharing under attack...notice from Sony to ISPs Unregistered General Gnutella / Gnutella Network Discussion 4 November 22nd, 2001 07:44 PM


All times are GMT -7. The time now is 08:59 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.