Gnutella Forums  

Go Back   Gnutella Forums > Gnutella News and Gnutelliums Forums > General Gnutella / Gnutella Network Discussion
Register FAQ The Twelve Commandments Members List Calendar Arcade Find the Best VPN Today's Posts

General Gnutella / Gnutella Network Discussion For general discussion about Gnutella and the Gnutella network.
For discussion about a specific Gnutella client program, please post in one of the client forums above.


Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old June 12th, 2008
Neglacio's Avatar
Flox Developer
 
Join Date: May 5th, 2007
Posts: 79
Neglacio is flying high
Default Bearshare DDOS'ing Webcaches

Beacon GnutellaWebCaches (GWC's) like the one here are able to log floods and poisoning attacks, mostly performed by anti-P2P companies.

Beacon already has a DDoS security, but still one of them has fainted, and the others are under a heavy attack.
Why?

Well, out of nowhere, all clients with the Bearshare vendor (so not the iMesh clone) are crazily connecting to GWC's. This causes a lot of stress on them. I, myself, have a Beacon cache that doesn't have Gnutella enabled and only G2 (Yeah, sorry). Still, Bearshare's are vastly connecting to my cache.

This flooding really come out of nothing. Newer versions of Beacon will include a full block for Bearshare's until it is solved.

Why is this happening? Is it similar with the island Limewire "virus" from their developers a few months ago? Or is it an exploit found by the anti-P2P?
What are the stats of this on other GWC's and UDP caches?

Please, answer this. If such services fail to work, Gnutella may possible die down, because this is it's weak spot.
__________________

Reply With Quote
  #2 (permalink)  
Old June 12th, 2008
Peerless's Avatar
Riding a Pale Horse and Wielding THE Sword of the Forum
 
Join Date: June 19th, 2002
Location: Your Worst Nightmare
Posts: 2,993
Peerless is a jewel in the rough
Default

I just fired up BearShare, using PG2 and my firewall of course , and have only connected to BearShare UPs....10 at this point and I'm going to end up at about 30 connections within an hour or so...I usually see only a few non-BS UPs and those are usually LW....been pretty slow finding good UPs to connect to lately, but that's probably because PG2 has been blocking so many attempts at connection for a while now....

in short I think you are seeing some of the mafiaa using BS as a client to spam the network...
__________________


So Long and Thanks for All the Files
_____________________________________________

Beware of the big 3 insurance companies in Texas! Read your policies carefully (maybe you'll need a lawyer) Allstate, Farmers & State Farm are overextended and their 'coverage' is worthless...a true waste of your money Read This
Reply With Quote
  #3 (permalink)  
Old June 12th, 2008
Neglacio's Avatar
Flox Developer
 
Join Date: May 5th, 2007
Posts: 79
Neglacio is flying high
Default

So you really think it's not something wrong in the settings or a copy of the "LW Island" """virus"""?
__________________

Reply With Quote
  #4 (permalink)  
Old July 25th, 2008
AaronWalkhouse's Avatar
***ּLegendary Axeman***ּ
 
Join Date: January 17th, 2005
Location: My igloos melt in June.
Posts: 1,974
AaronWalkhouse is a great assister to others; your light through the dark tunnel
Default

The old hardcoded bootstrap sites are hostile now and the original
default web caches are outdated too. They are probably falling back on
the few they can find and there's your flood. At least it's a relatively
small flood. ;]

I updated my gwebcache.dat manually with new sites and put all the old
caches in HOSTS list a few years ago when Free Peers shut down. I'll
ask our BearDiag guy to add this minor housekeeping to his program.

Do you think the Spybot S&D guys would be willing to add some more
bad and missing sites to their HOSTS filters? That goes out only to
Windows machines, where BearShare works. The Bluetack guys have
already blocked the worst of them as anti-p2p so things should settle
down as the weaker users migrate to newer software.
Reply With Quote
  #5 (permalink)  
Old July 25th, 2008
AaronWalkhouse's Avatar
***ּLegendary Axeman***ּ
 
Join Date: January 17th, 2005
Location: My igloos melt in June.
Posts: 1,974
AaronWalkhouse is a great assister to others; your light through the dark tunnel
Default

In the meantime, I'll scan the remaining BearShare nodes out there and see if the
versionless BEARs are any of the real versions.
Reply With Quote
  #6 (permalink)  
Old September 2nd, 2008
Apprentice
 
Join Date: August 3rd, 2007
Posts: 6
coolg1026 is flying high
Default It seems the load has gone down.

It seems a lot of the hits are Polish BearShare clients.
Overall, I get 6000-7000 hits top, which is perfectly normal.
Though I do find it weird 90% of the BearShare hits and requests are alone from Poland. O_o

BTW: My GWC is now at: Beacon Cache 0.7.2.3
Reply With Quote
  #7 (permalink)  
Old September 2nd, 2008
Peerless's Avatar
Riding a Pale Horse and Wielding THE Sword of the Forum
 
Join Date: June 19th, 2002
Location: Your Worst Nightmare
Posts: 2,993
Peerless is a jewel in the rough
Default

I have also noticed a preponderance of Polska BS clients....I've also noticed an increase in being DDOS'd after searches...the last one hit me a couple of days ago...over 1,000 hits on me in less than a minute!...though quite a few of the IPs traced to Canada of all places, not Poland...still, I wonder if there is a connection between Polska clients and these DDOS's...spam bot network in action?
__________________


So Long and Thanks for All the Files
_____________________________________________

Beware of the big 3 insurance companies in Texas! Read your policies carefully (maybe you'll need a lawyer) Allstate, Farmers & State Farm are overextended and their 'coverage' is worthless...a true waste of your money Read This
Reply With Quote
  #8 (permalink)  
Old September 3rd, 2008
AaronWalkhouse's Avatar
***ּLegendary Axeman***ּ
 
Join Date: January 17th, 2005
Location: My igloos melt in June.
Posts: 1,974
AaronWalkhouse is a great assister to others; your light through the dark tunnel
Default

I think the Polish users went independent after Free Peers went out of
business and have been supplying their own cache lists because most
of the built-in defaults are no longer online. This could explain heavy
traffic at some webcaches and no problems at others. Hopefully they'll
keep adding good caches to their own list, spreading the load a little
better. I wish I knew someone over there so I could ask because
Polish translation doesn't appear to be available online.

As for the search floods I don't know. I don't get DDOSed after searches.
I guess it depends on what you were searching for. It might be worth
experimenting on to see if it's deliberate or a software problem.

While I was checking this I found an anti-P2P company operating a
cache. It's going directly into a Bluetack list and my own. ;]
Reply With Quote
  #9 (permalink)  
Old September 3rd, 2008
Peerless's Avatar
Riding a Pale Horse and Wielding THE Sword of the Forum
 
Join Date: June 19th, 2002
Location: Your Worst Nightmare
Posts: 2,993
Peerless is a jewel in the rough
Default

searching for certain TV programs certainly garners an attack, that I noted a while back...so yes, there is a correlation between what one is searching for and being attacked...and sometimes one gets attacked just for being connected (most likely as an UP) to the network...I do notice the latter seems to have stopped after I contacted EFF about the subject...I mean really, it is obvious it would be against the law to DDOS a person simply because they are connected to the network (and I verified this by ONLY being connected yet was still constantly being hammered by MediaDefender)
__________________


So Long and Thanks for All the Files
_____________________________________________

Beware of the big 3 insurance companies in Texas! Read your policies carefully (maybe you'll need a lawyer) Allstate, Farmers & State Farm are overextended and their 'coverage' is worthless...a true waste of your money Read This
Reply With Quote
  #10 (permalink)  
Old September 8th, 2008
Peerless's Avatar
Riding a Pale Horse and Wielding THE Sword of the Forum
 
Join Date: June 19th, 2002
Location: Your Worst Nightmare
Posts: 2,993
Peerless is a jewel in the rough
Default

hmmm...well I have suddenly noticed being slammed VERY hard for ANY search by:

Groupe iWeb|anti-P2P : 67.205.103.134

I guess they don't care that it is illegal to DOS a person when they aren't (or even if they are) breaking the law...
__________________


So Long and Thanks for All the Files
_____________________________________________

Beware of the big 3 insurance companies in Texas! Read your policies carefully (maybe you'll need a lawyer) Allstate, Farmers & State Farm are overextended and their 'coverage' is worthless...a true waste of your money Read This
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 07:57 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.