|
ISPs that fish for p2p users I'm noticing something interesting. During more than a few searches, the very title that I search under (a person's name) comes up in first position and the linked file is not what I'm looking for. Not only that, there is no file description. All of these files link back to different Road Runner IP addresses (rr.com) and they appear to be trojans. The IP addresses also seem to come from a wide variety of rr.com addresses and not just one or two. Considering this and what I've been reading about road runner, it makes me wonder if rr.com has gone rogue and is fishing for p2p users to infect. Has anyone else seen this sort of deliberate fishing from an ISP? I have filtered out all IP addresses from rr.com as well. |
This is nonsense. No ISP is "fishing" users on Gnutella. Why do you think the ISP has anything to with that? The IP addresses in results on Gnutella can be trivially forged and in spam results most of them are really forged. The files are really trojans or just spam. The hosts that emit these results are either infected hosts or owned by the spammers themselves. As it is so easy to forge IP addresses in Gnutella, filtering IP addresses is not clever at all. It is useless and in the end you will have trouble downloading or finding anything at all because you are filtering everything out. The only IP addresses you might want to filter are those of hosts which really upload these files. However if those are dynamic IP addresses of infected machines, that's useless as well. Filtering only makes some sense for IP ranges that belong to server farms used by spammers. Assuming that any ISP would try to infect the machines of Gnutella users is very weird though. I really wonder how you get that idea. The infected machines would cause them a lot more trouble than the already have. The legal consequences would be devastating for them. Only business people who consume coke would consider treating their customers this way. |
Nonsense? I tracked the IP addressed back to rr.com. If you check spamhaus.com you will see the increase in spam operations coming out of rr.com as well. It is real. Where do you think zombie machines come from? All I know is what I've observed. I've noticed that certain ISPs that have financial difficulties do resort to spamming and supporting spam operations. I even see Disney doing spaming on the sly. This is the current "demi monde" of making money. Perhaps you a bit uninformed about all this if not naive. I just found another one that links back to rr.com. These guys are blackhats! |
hmm I don't quite follow this, but I do notice that RR is part of Time Warner ... so ...I wonder .......... |
You should really have a little more evidence before you call someone uninformed, naive, a spammer or a blackhat. If you're so clever, Mr Bond, why don't you sue RoadRunner or at least inform the New York Times? I would have assumed a good amount of RR.com users are as smart as bread but your explanation makes much more cents. |
Quote:
I know what I have seen by tracking back files which are suspicious and repeatedly come up as the first file found in a search through Limewire. I began doing this to determine what content was pushed by Loudeye (perhaps you know nothing of them either?) and I have now observed a pattern of trojans that match my exact search string, all coming from various IP addresses that are rr.com. Again, if you had the time to do your homework, you would notice that Spamhaus has listed rr.com as one of the top sources of spam in the world. If you had taken the trouble to read their listings instead of trolling on this forum, you would also see they have multiple reports against them for being the source of trojans (injection?). http://www.spamhaus.org/sbl/listings.lasso?isp=rr.com . rr.com actually has at least one ROKSO spammer and that is a clear indication that something fishy is going on at roadrunner. I think you should do a little more homework before you dismiss these observations as fantasy and yes, I appear to be more clever than you are. I am still hoping that someone with more knowledge about such might post about this. |
Oh you tracked back the files. What do you mean with "track"? Did you click the "track" button, or what? Do you think you're some ub3rh4x0r? Can't you talk plain English and say that you used the "whois" tool and found out the IP address was assigned to RoadRunner? I also wonder what's your obsession with RoadRunner. If you opened your eyes for half a second, you'd see that spam originates from a lot of places, not just RoadRunner. You have proven yourself that you jump to conclusions without having any facts at all. For example, you claim I haven't looked at spamhaus. Well, funny, I believe I did. Maybe you are the spammer though, because you gave an invalid domain name. It is spamhaus.ORG not .COM. But thanks, it shows how sloppy you are. Furthermore, I have already told you that big ISPs are likely to have more spammers and hijacked machines in their network than small ISPs. That is not really that difficult to figure out, is it? What about the other ISPs in the list? And keep in mind that spamhaus can only see what they are looking at. I cannot confirm their values at all. Certain spam comes mostly from Russia, other ongoings originate usually from China or Korea. Regarding your search strings, it is trivial to return results that match exactly your search terms. This is far from being new, that has been happening since the first days of Gnutella. Trojans and spam in Gnutella are nothing new either. That has been going on for at least 2 years if not longer. There was even a widely known worm called "mandragor" (or the like) during its first days. You wonder why spammers choose RoadRunner. That's simply, they offer mostly end-user accounts. End-users are stupid, they cannot take of the security and integrity of their systems. At least the majority cannot. Next, RoadRunner offers solely fast cable access. Spammers need bandwidth, there's no point in hacking machines of 56K-modem users which are online 2 hours a day. You want a machine with permanent internet connectivity and a lot of bandwidth. RoadRunner offers this and their users are obviously easy bait. Maybe there's a flaw in their hard- or software which makes it even easier than usual. What you still don't grasp is that RoadRunner or whatever ISP is not liable or responsible for their users' actions. You really sound like stome dumbass attorney who managed to get Compuserve's boss into jail. You'd probably blame the mail service if someone sent you anthrax. A lot of people received anthrax per mail. Don't you think UPS behind this? There was surely something fishy going on. By the way, yesterday some AOL user around here murdered someone and I remember some month ago, another AOL user also killed the someone. I'm sure AOL is behind this. That's the only explanation. You think someone brighter will read this or even answer you? Man, you're really funny. As I told you before, if you have evidence, tell the newspaper or rather the police. Don't go to a random forum and make up some stupid conspirancy. |
Quote:
Perhaps you don't think it is odd that one might turn up virii in more than a few searches, all originating from a wide range of IP addresses from within one ISP. Over time, I have learned that certain ISPs employee people that work closely with spammers to infect other machines and what I have seen in spam and now virii from rr.com is enough to make me wonder what is going on there and if anyone else has observed the same. |
| All times are GMT -7. The time now is 11:39 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2020 Gnutella Forums.
All Rights Reserved.