View Single Post
  #1 (permalink)  
Old June 10th, 2001
JD
Guest
 
Posts: n/a
Exclamation BEARSHARE clients & its encrypted packets (NOTE: Not related to it's 'spyware')

Bearshare is a very stable and good Gnutella Net client.
However, it does things, which are covert, deliberately encrypted to avoid us users in knowing what the packets contain, and apart from this, it installs 'spyware' into your PC.
The author of Bearshare tries to tell you, that it isn't spyware, but semantics are used by many to try to 're-educate' your conception of meaning to their meaning(s).

This thread is NOT in regards to this 'spyware', which is dealt with in other threads and forums already!

It is in regards to encryped packets, Bearshare clients send
out, to each other, over the Gnutella Network.

The 'Gnutella Net' is much more important than ONE (1) client, as good as it may be.
The Gnutella Net MUST stay FREE of uncessary traffic (packets) and free of ellbowing tactics from certain programs and their creators.

Bearshare falls into this category. There may be others, and there will be others.

Thanks to one amazing person, the creator of the original 'gnutella.exe', we now have a 'Gnutella Net', used by more and more people.
Here is where the problems start and won't stop. Commercialism, Greed for control and money suddenly rake their heads. Popup banners, surfing data covertely collected, surfing programs becoming copyright and doing all sorts of strange things, unbeknown to most users.
advantage of it (their advantage).

Before I get carried away further, below is what I have found so far on the 'Bearshare encryped packet' behaviour:
(Note that these are preliminary observations, and may contain 'incorrect assumptions').

Version used for testing: V2.23

1. Bearshare does NOT contact 'base' or 'phone home'.
It does its upgrade function (which one cannot turn off)
by communicating with AND through the host(s) one is
connected to!

2. It sends short & ENCRYPTED packes before, inbetween
and/or after 'normal' Gnutella Net Protocoll packets.
They must contain (at least) it's own version number
and some queries, which are only understood by other
Bearshare programs.

3. It instantly pops up the UPDATE Notice, when one
connects to another Bearshare client user, who uses
a higher version of Bearshare!
This can be several minutes AFTER one has started the
program.

4. If the host(s) connected to, don't use the Bearshare
program, (e.g. uses Gnotella, PHEX or whatever), it waits, sends sporadically (there must be some
timing/messaging sequence behind it) the encrypted
packets, and BINGO, there is somewhere another host with a higher version of Bearshare connected to us via other hosts, and up pops the UPDATE notice.
Now this host could be several hops away!!!
And could be connected to oneself via upto 7 (or whatever
max. TTL we all have set) other hosts (speak computers).

5. The creator of Bearshare, Vinnie, has acknowledged, that
(at least) previous versions of Bearshare where designed to preferably connected to OTHER Bearshare clients.
It seemed at times, that these earlier versions did
not connect to anyone else, but Bearshare users!
This 'feature' has beem either removed or at least
toned down.

6. The Encryption is more or less unbreakable, according to its author. Now this should get any programming wizzard
a spin in trying to 'translate' it!

7. Summary:
- Bearshare does not contact any specific IP or site
(only of course the 2 host servers) on startup or
thereafter.
- It sends encrypted packets to contact other Bearshare
programs on the Gnutella Network.
- It receives update information from these other
Bearshare programs it 'sees' on the network (which
also send their encrypted packets around of course).
- There is no stopping these packets.
- They cannot be decoded (at this stage) other than
by the author of Bearshare (and maybe his/her associated sponsors).
- The packets are short, around 600 bits of hex.
- The power such encrypted packets communicating with
each other and their own sources have, is too BIG.
They open doors for all sorts of doings. (Control of the Gnutella Net for starters).

Please continue to post any helpful findings on these encrypted packets either under this thread (preferable for easier compilation and finding) or make your own.

Hopefully somebody can come up with some answers on how to block these packets going out onto the network (and in/out of our computers).

JD
Reply With Quote