gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
75436 Posts in 13210 Topics by 2646 Members - Latest Member: Birchy65 December 16, 2017, 10:31:19 pm
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  Think Tank  |  WMW Blocklist
gfx
gfxgfx
 

Author Topic: WMW Blocklist  (Read 3555 times)

0 Members and 1 Guest are viewing this topic.

Offline Blitzen

  • Forum Member
WMW Blocklist
« on: July 14, 2010, 12:33:18 pm »

What are all the "Temp"  ips being added to the wmw blocklist recently ?

Offline Bluey_412

  • Forum Member
  • I'm Watching...
Re: WMW Blocklist
« Reply #1 on: July 14, 2010, 01:10:37 pm »

What are all the "Temp"  ips being added to the wmw blocklist recently ?

IP Adresses, of course...

:D
What you think is important is rarely urgent
But what you think is Urgent is rarely important

Just remember that...

Offline Blitzen

  • Forum Member
Re: WMW Blocklist
« Reply #2 on: July 14, 2010, 02:43:43 pm »

Prat ..........

Asking what is being blocked from your winmx via the wmw patch is not an unreasonable question, whereas some blocked ips clearly state who they belong to i.e media defender, there now appears several ips being blocked being identified only as being "Temp" ?

Offline ']['affy

  • Forum Member
Re: WMW Blocklist
« Reply #3 on: July 14, 2010, 02:51:30 pm »
due to the recent activity we've had to block certain ip's on a temporary basis reason it showing as "temp" untill we investigate this more fully, we can't disclose any further info.

and blitzen please refrain from name calling on the site.

Offline Blitzen

  • Forum Member
Re: WMW Blocklist
« Reply #4 on: July 14, 2010, 03:02:02 pm »

Thankyou Taffy,
so the temp ips are being blocked before being investigated as to who they belong to, so innocent users could be being blocked ?   it only takes a second to put an ip into whois  domain name lookup............. but i guess the blocking wmw team can see enough going on to warrant adding these temp isp to the blocklist.

Offline ']['affy

  • Forum Member
Re: WMW Blocklist
« Reply #5 on: July 14, 2010, 03:12:33 pm »
no innocent ppl are being blocked yet bud and yes the team behind the blocking is doing a terrific job once there is more info i'm sure there will be another post made blitzen.

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: WMW Blocklist
« Reply #6 on: July 14, 2010, 05:43:03 pm »
To clarify this matter the IP's or IP ranges being blocked are in use by or have been in use recently by attackers, as you can guess they like to try to bypass our detection system and find new ways to attack the network and the blocking teams job is to foil them, in some cases the attackers have access to consumer range addresses and we cant block those either as a range or permanently so its a game of cat and mouse to block temporarily the IPs they use and we simply have to be faster than them to win.

Have some faith Blitzen, there is no malicious blocking going on only cold clinical countermeasures to halt any detected attacks, unlike some organisations we dont claim to block attackers before they attack, such claims are I think usually put forward by those who want to block 1.0.0.0 - 255.255.255.255 just in case aliens attack  :lol:

Offline Pri

  • MX Hosts
  • *****
  • *****
Re: WMW Blocklist
« Reply #7 on: July 14, 2010, 05:43:20 pm »
Yeah it is doubtful that these "temp" IP's are innocent users. What likely happened was these IP Addresses were seen making unusually high (automated) search queries on the network and were suspected of data mining and thus blocked.

The ones in the blocklist are as follows

Temp          :220.100.115.30-220.100.115.30
Temp          :113.197.195.241-113.197.195.241
Temp          :193.197.192.68-193.197.192.68
Temp          :220.210.177.126-220.210.177.126
Temp          :113.197.209.190-113.197.209.190
Temp          :219.111.118.66-219.111.118.66
Temp 13/07/10       :121.102.0.0-121.102.255.255
Temp 13/07/10       :220.100.0.0-220.100.255.255

The last two are dated obviously.

The first IP looks to be in Japan, it is not listed in any of the common blocking lists and Google comes up with no listings for it either. I haven't checked the other IP's as I'm a little busy right now but there they are for others to check out :)

Offline Blitzen

  • Forum Member
Re: WMW Blocklist
« Reply #8 on: July 14, 2010, 06:03:08 pm »


I wasnt suspecting anything malicious ghostie me ole mukka i was more curious as to what the "temp" blocked ips were and now it has been explained i can appreciate that if they team see them doing obscure things on the network then blocking them is a good course of action ;)

Offline Max™

  • MX Hosts
  • *****
  • If Im Not Back later... Wait Longer
    • Maxtech
Re: WMW Blocklist
« Reply #9 on: July 14, 2010, 06:28:09 pm »
Yeah it is doubtful that these "temp" IP's are innocent users. What likely happened was these IP Addresses were seen making unusually high (automated) search queries on the network and were suspected of data mining and thus blocked.

The ones in the blocklist are as follows

Temp          :220.100.115.30-220.100.115.30
Temp          :113.197.195.241-113.197.195.241
Temp          :193.197.192.68-193.197.192.68
Temp          :220.210.177.126-220.210.177.126
Temp          :113.197.209.190-113.197.209.190
Temp          :219.111.118.66-219.111.118.66
Temp 13/07/10       :121.102.0.0-121.102.255.255
Temp 13/07/10       :220.100.0.0-220.100.255.255

The last two are dated obviously.

The first IP looks to be in Japan, it is not listed in any of the common blocking lists and Google comes up with no listings for it either. I haven't checked the other IP's as I'm a little busy right now but there they are for others to check out :)
Temp          :220.100.115.30-220.100.115.30 - Japan
Temp          :113.197.195.241-113.197.195.241 - japan
Temp          :193.197.192.68-193.197.192.68 - Germany
Temp          :220.210.177.126-220.210.177.126 - Japan
Temp          :113.197.209.190-113.197.209.190 - Japan
Temp          :219.111.118.66-219.111.118.66 - Japan
Temp 13/07/10       :121.102.0.0-121.102.255.255 - Japan
Temp 13/07/10       :220.100.0.0-220.100.255.255 - Japan

as you can see, only 1 is in fact not Japan, the rest are.



Try Connecting, the attacks may let you http://patch.winmxconex.com/

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: WMW Blocklist
« Reply #10 on: July 14, 2010, 08:15:16 pm »
* Silver Stripes wonders if it would be feesable to turn the .txt file into a cgi script... (grabbing .txt file grabs from cache server so everything is always in sync)

Offline Joshua203

  • MX Hosts
  • *****
  • *****
  • www.DutchaGoGo.com
    • www.DutchaGoGo.com and a few more like WinMX.ComXa.com and WinMX.ExoFire.net
Re: WMW Blocklist
« Reply #11 on: July 15, 2010, 12:08:59 am »
i hope you guys realise that right at this moment the network is being flooded, probably quu.me is the cause  :whistle:
Windows 7 Ultimate 64bit Edition, CPU Intel64 Family 6 Model 26 Stepping 5 Genuine Intel Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, RAM: 12GB

WebSite: www.DutchaGoGo.com

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: WMW Blocklist
« Reply #12 on: July 15, 2010, 12:14:59 am »
It wouldnt surprise me Joshua, that was the reason why we stopped making the list too public, we have seen before when the blocked IPs are publicised they are then dropped and new ones fire up, I,ll get on the case right now and see what my logs show , cheers for the heads up  8)

Offline Joshua203

  • MX Hosts
  • *****
  • *****
  • www.DutchaGoGo.com
    • www.DutchaGoGo.com and a few more like WinMX.ComXa.com and WinMX.ExoFire.net
Re: WMW Blocklist
« Reply #13 on: July 15, 2010, 12:22:47 am »
i just happened to notice as i fired up winmx and as usual i immediately do my "weird" test search method i noticed ...checking the peers after that ..qme gave me connection errors on the list and sec connections after checking ...both on your patch and "mine" my search was filled with fakes, your welcome GS ;)

EDIT: small edit to make it a bit more readable
Windows 7 Ultimate 64bit Edition, CPU Intel64 Family 6 Model 26 Stepping 5 Genuine Intel Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, RAM: 12GB

WebSite: www.DutchaGoGo.com

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: WMW Blocklist
« Reply #14 on: July 15, 2010, 12:33:14 am »
Can you PM me with the IP or IPs you believe are filling up your slots as I cant see any flooding at two "honeypot" locations we operate, use a tcp Viewer to see what the addresses are and also let me know the name of the flooded search term so I can see if its specific to one attacker.

Cheers again.

Offline Joshua203

  • MX Hosts
  • *****
  • *****
  • www.DutchaGoGo.com
    • www.DutchaGoGo.com and a few more like WinMX.ComXa.com and WinMX.ExoFire.net
Re: WMW Blocklist
« Reply #15 on: July 15, 2010, 12:59:55 am »
at this moment i ve no tcp view installed ..i must have forgotten that one when i bought the new system ..lol

i hope the search term will help you see the same result ...

dutch agogo

this will show an awfull lot of micheal jackson mp3's atm and their not mine  ...please don t blame me their using my old file tags to immitate a files list heheheheh (even usernames look fammillar but i m sure those are not the ones i know)
Windows 7 Ultimate 64bit Edition, CPU Intel64 Family 6 Model 26 Stepping 5 Genuine Intel Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, RAM: 12GB

WebSite: www.DutchaGoGo.com

Offline Joshua203

  • MX Hosts
  • *****
  • *****
  • www.DutchaGoGo.com
    • www.DutchaGoGo.com and a few more like WinMX.ComXa.com and WinMX.ExoFire.net
Re: WMW Blocklist
« Reply #16 on: July 15, 2010, 01:01:29 am »
PS...i can check a few of those user id's if you like
Windows 7 Ultimate 64bit Edition, CPU Intel64 Family 6 Model 26 Stepping 5 Genuine Intel Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, RAM: 12GB

WebSite: www.DutchaGoGo.com

Offline Joshua203

  • MX Hosts
  • *****
  • *****
  • www.DutchaGoGo.com
    • www.DutchaGoGo.com and a few more like WinMX.ComXa.com and WinMX.ExoFire.net
Re: WMW Blocklist
« Reply #17 on: July 15, 2010, 01:12:45 am »
funny one minute i have a modify button and the next it s gone ...lol

anyway i ll send you four user's info i selected randomly out of this big list
Windows 7 Ultimate 64bit Edition, CPU Intel64 Family 6 Model 26 Stepping 5 Genuine Intel Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, RAM: 12GB

WebSite: www.DutchaGoGo.com

Offline Max™

  • MX Hosts
  • *****
  • If Im Not Back later... Wait Longer
    • Maxtech
Re: WMW Blocklist
« Reply #18 on: July 15, 2010, 06:51:33 am »
Hi guys,
you mantioned tcp view, theres another one i like as well, it shows what tcp view does and has a few more options like custom filters to filter out stuff you dont want to see, like for your tests possibly non winmx related,
its called Currports And Its Here



Try Connecting, the attacks may let you http://patch.winmxconex.com/

Offline Blitzen

  • Forum Member
Re: WMW Blocklist
« Reply #19 on: July 15, 2010, 08:48:07 am »


It maybe an idea to have in the hosts section ( or some section out of public view) on this site an area where people could report suspicious ip activity they notice and what they was doing or searching when it occured as surely the more eyes the better ;) and i do not mean reporting ips of activities within chat rooms.

WinMX World :: Forum  |  Discussion  |  Think Tank  |  WMW Blocklist
 

gfxgfx
gfx
©2005-2017 WinMXWorld.com. All rights reserved.
SMF 2.0.15 | SMF © 2017, Simple Machines
Page created in 0.056 seconds with 20 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!