Gnutella Forums  

Go Back   Gnutella Forums > Current Gnutella Client Forums > Phex (Cross-platform) > General Discussion
Uploads Aborting Uploads Aborting
Register FAQ The Twelve Commandments Members List Calendar Arcade Find the Best VPN Today's Posts

General Discussion For anything which doesn't fit somewhere else (for PHEX users)


Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old January 14th, 2008
arne_bab's Avatar
Draketo, small dragon.
  
Join Date: May 31st, 2002
Location: Heidelberg, Germany
Posts: 1,881
arne_bab is a great assister to others; your light through the dark tunnel
Default
That's quite an impressive test you did.

I'm not sure I understand all specifics, but as far as I see it, you managed to avoid their attack by just telling your router to reject it.

If I understand it correctly, this also means, that the utilized TCP implementation of the program is the target.

Does the TCP management happen at the OS level, or at the program level?

If it is at the program level, it might be possible to add some code which detects excess levels of reset packets in the pipe and just ignores them. Maybe that's what LimeWire already does...
__________________

-> put this banner into your own signature! <-
--
Erst im Spiel lebt der Mensch.
Nur ludantaj homoj vivas.
GnuFU.net - Gnutella For Users
Draketo.de - Shortstories, Poems, Music and strange Ideas.
Reply With Quote
  #2 (permalink)  
Old January 14th, 2008
Share Junkie
  
Join Date: July 18th, 2007
Location: AZ
Posts: 41
Nick Storm is flying high
Default TCP Reset Packets
From what I understand, the "device" in the pipeline will take packets and essentially clone them, with the exception of setting the RST control bit in the header. There must be some way of identifying Gnutella packets, possibly by the usual ports most P2P software uses. I don't believe they're simply nailing all the packets at a specific address, since most other traffic is getting through (and going out) just fine.

Also, I don't think that whatever they're using is 100% effective, which is probably why my brute force response gave them a little more work than they could handle.
With Limewire (vs. Bearshare or Phex), if the software can handle sufficient incoming requests then *some* valid ones are getting through, hence Limewire's ability to find the good amid all the crap coming in. Of course, that's just a theory, and isn't really based on anything other than observation, which means it could be completely wrong. I don't know enough about Limewire's internals to hazard a real (intelligent) guess.

So, if your question is "are they aiming this at P2P apps?" and not just all TCP packets, I'd say yes, my testing would seem to indicate that it is targeting P2P. Which also would mean that it is indeed Cox, or some other anti-sharing entity, who's behind the attacks.

I'm going to try and think up some more tests, and I may bring another (not quite so fast) Sparc online to do it with, since there's a little more control with TCP than under WinXP. Idea's would be appreciated.

Cheers

Nick
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 08:11 PM.

Contact Us - Gnutella Forums - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.