Idea for detecting fakers

[plasticfrock]

Personally I think for an application like Rabbit (I'm not familiar with this) to connect to '5' primaries that just happen to be 5 'modified client' faker monitors would be immensly unlikely.  I don't know how many primaries are generally active on the WPN, maybe 10-20,000 at any given time (?), and say 10 of those are 'faker monitors', well, what chance would there be for a single client call upon a cache or caches and receive the addresses of, and connect to, '5' of those 10 monitors from a pool of 10-20,000?

Anyway...

I agree about the monitoring for multiple connection attempts problem.  I've seen it myself where some fakers will only attempt to connect a 'single' time, whereas others will hammer on all day.  Just mentioned it as being at least one thing that fakers tend to do that normal clients don't.

"there is also the idea of having a primary that receives the shared files list from the client, then checks that for flooders" - I can't imagine how you'd go about checking such a client unless by a rudimentary shared-files path check or something (user+files?).

Anyway, I'll leave it be now.  Good luck with the mission, maybe one day you'll actually have an impact (not meaning to be mean, but... (and you'd probably be a damn site more effective if not for 'the others';) )). :PP

[edit]attack suggestion removed - perhaps it has already been done? but don't want to give people ideas[/edit]

[KM]

highly unlikely, but an example of a program that does connect to multiple primaries

trying to check shared files of flooders wouldn't be too hard, of course the \users\files thing gives it away for most of them, also a simple check that they have too many files with almost exactly the same name is a big clue as well... but i don't think that detection method will be used for any practical application

and with any luck 3.0 will finally get rid of all those that support flooding once and for all... and i don't just mean macrovision

[plasticfork]

Yeah man good work with that v3.0, nice indeed.  Maybe this will change things for the better now.

P.S.  NP about the edit, I half expected it, <evil grin>

hf.

[Wizzzzard]

the reason for not automating it is because in theory a real user could get caught by it - however unlikely it is, for example if we had 4 primaries monitoring connections and someone happened to use 5 copies of MX on 1 IP and 4 of them connected to the monitoring primaries then it would get a false hit... in reality the chances of that happening are so small it's barely worth considering, however the only way to do it with no chance of false results is with a lot more than a few primaries

for now the various ways used to catch flooders all seem to agree with each other and manually verifying things works "quick enough", for now...

Anyone running multiple winmx connections to primarys is greedy IMO, I've always used 1 install and if i had the bandwidth to run multiple copies of winmx then i would run 1 primary instead.

[KM]

and if you ran 3 copies of winmx, then you would have 2 of them not connected to primary users? (ie. they would be disconnected from the network) seems slightly pointless running winmx without connecting to the network IMO