Patch
Tutorials
Forum
Help
Links
Archive
Please
login
or
register
.
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
76794
Posts in
13503
Topics by
1651
Members - Latest Member:
Arnold99
December 07, 2024, 08:00:26 pm
|
Home
|
Help
|
Search
|
Login
|
Register
|
WinMX World :: Forum
|
Discussion
|
WinMx World News
|
Important WPN attack information
« previous
next »
Print
Pages: [
1
]
2
3
...
5
Go Down
Author
Topic: Important WPN attack information (Read 67066 times)
0 Members and 1 Guest are viewing this topic.
silicon_toad2000
WMW Team
Important WPN attack information
«
on:
June 04, 2011, 04:38:34 pm »
All,
I have recently been made aware that the targeting of the attack on the winmx community has changed.
background here
More recently the attacks have been targetted to trick parts of the winmx network into believing certain IPs have requested a room listing. As such these parts of the winmx network respond to these spoofed IPs.
At the time of writing, the attacks on the winmx community are directing these responses at various parts of the US Department of Defence.
The parts of the network most affected seem to be chat room servers, which are responding to spoofed channel list requests.
What are you to do about it?
There are a few options open, in no particular order.
-switch your room to the opennap network.
-leave your room in offline mode
These options will stop the spoofed packets from reaching you through the network.
-run peerblock with
https://www.winmxworld.com/files/pblist.txt
This can be updated if the attacker alters the attack target.
As always we do not reccommend the use of the default lists.
Using peerblock this way will stop outgoing traffic to the addresses on the list.
Logged
GhostShip
Ret. WinMX Special Forces
WMW Team
Re: Important WPN attack information
«
Reply #1 on:
June 04, 2011, 06:35:30 pm »
Sensible advice Silicon
I would also urge all primary users hosting a room or not to use the same blocking method as a temporary security measure.
Logged
White Stripes
Core
Je suis aimé
Re: Important WPN attack information
«
Reply #2 on:
June 04, 2011, 06:43:48 pm »
request;
they (the dod) hold the 6.0.0.0/8 range as well... pls to add this... better to be safe than... uh... investigated....
Logged
Free n' Legal:
http://vo.do/
,
http://jamendo.com
,
http://kahvi.org
,
http://modarchive.org
,
http://publicdomaintorrents.net
nylly444
The /root of all evil ;-)
WMW Team
Re: Important WPN attack information
«
Reply #3 on:
June 04, 2011, 07:56:28 pm »
Actually there are more ranges they hold or that can be associated with them.
Honestly there's no telling which range will be afected next though.
The reason we made it into a list at all is that we can update if and when it's needed.
Be sure that atm we're closely monitoring things, so if they move on to a different range we will add it and let you know about it.
I think it's sensible to only block the ranges we see affected though for the moment.
Logged
LINUX
-
L
egendary
I
ntelligent
N
eedful
U
niversal
X
perienced
silicon_toad2000
WMW Team
Re: Important WPN attack information
«
Reply #4 on:
June 04, 2011, 11:32:55 pm »
Further to this of course is to block the ranges yourself through your own router/firewall solution.
Please ensure to keep abreast of any developments and monitor your outgoing traffic for changes if possible.
At the time of writing I can still see traffic trying to get out to the 7.x.x.x range from one of my machines which I have chosen to block at the firewall on my router.
Logged
White Stripes
Core
Je suis aimé
Re: Important WPN attack information
«
Reply #5 on:
June 05, 2011, 07:03:43 pm »
this range should be in patch blocklist too ive got -no- chatserver installed and mx is still making requests to this range....
that is if the patch can hold that large of a range....
Logged
Free n' Legal:
http://vo.do/
,
http://jamendo.com
,
http://kahvi.org
,
http://modarchive.org
,
http://publicdomaintorrents.net
GhostShip
Ret. WinMX Special Forces
WMW Team
Re: Important WPN attack information
«
Reply #6 on:
June 05, 2011, 08:39:35 pm »
I did profer that same advice some posts ago, however its always good to see others independently reaching the same conclusions and delivering the right advice.
Any Primary or chat server host need to block that IP range at their own location using the software suggested above, in our democratic ways of thinking we never envisaged anyone would want to censor the whole of winmx via the chat room listing and so that has never been filtered in the patch, its a shame that those who started this nonsense are simply forcing more responsibilities on those who deliver the patches and thus weakening the communitys freedom.
I shall be thankful when all these abusers are not able to drive away the thousands of users they already have done, in the last 2 months we have seen at least 30% of the chats disappear I think that and the lower user count confirms the true motives of these cowards.
Logged
White Stripes
Core
Je suis aimé
Re: Important WPN attack information
«
Reply #7 on:
June 05, 2011, 10:22:33 pm »
* Silver Stripes wonders what in the world gs is talking about....
i ment adding it (the 7 range) to this;
https://www.winmxworld.com/block/cache_list.txt
so it gets spread to the patch users.....
Logged
Free n' Legal:
http://vo.do/
,
http://jamendo.com
,
http://kahvi.org
,
http://modarchive.org
,
http://publicdomaintorrents.net
silicon_toad2000
WMW Team
Re: Important WPN attack information
«
Reply #8 on:
June 05, 2011, 10:37:06 pm »
My understanding is the patch does not filter this kind of outgoing traffic.
The range was added to the blocklist to see if it would have any effect and it did not so we removed it.
Logged
White Stripes
Core
Je suis aimé
Re: Important WPN attack information
«
Reply #9 on:
June 05, 2011, 11:08:41 pm »
ahh ok... thought the patch had a 'peerblock' like effect of its own... didnt know... thx for clearing that up...
Logged
Free n' Legal:
http://vo.do/
,
http://jamendo.com
,
http://kahvi.org
,
http://modarchive.org
,
http://publicdomaintorrents.net
Bundoker
Forum Member
Re: Important WPN attack information
«
Reply #10 on:
June 06, 2011, 05:46:19 am »
Anything new about hackers hosing basic Beta 4 winmx searches like they did in May?
Between then and now someone posted we should switch to using chat rooms ... which now are under attack.
Looks like the beasties are smart enough to read winmx world postings.
Maybe we should converse in Visayan or tagalog but saw a post in Yahoo from someone in the Phiippines wondering waz happenin,
I'm so stupid last May I swithced tthe 53 version and when the zillions of hits went away I thought it was a Beta thing ,,, wrong ... 't was timing.
Anything we can do to help?
Logged
allenx1966
Forum Member
Re: Important WPN attack information
«
Reply #11 on:
June 10, 2011, 03:28:15 am »
I hope limewire isn't a dirty word anymore. I used to hate it, but since winmx is down, and the new limewire pirate 5.6 is running,I like it ,I got no choice.
Actually, there is something I am really diggin on limewire, it actually works better WITHOUT a static IP. It sure is burning up the peerblocker though, be sure to use it. This is my second post about this,just trying to spread the word. I am no PC expert, I just know successfully running winmx right now is impossible for me. I tried limewire a few weeks ago, and it was horrible. I messed with it tonight, fired up peerblock and released my static ip and BAM success. I am not in the "CLIC" here, and I hope I am not stepping on toes or making anyone mad. Just trying to help out.
Be sure to let me know if I need to shut up about this.
Logged
bu44er
Forum Member
Hack The Planet
Re: Important WPN attack information
«
Reply #12 on:
June 10, 2011, 07:08:51 am »
We have people working very hard, to resolve the current issue. We can not say at this moment how long it will be, before everything goes back to normal. We can say that eventually things will go back to normal.
I understand that for loads of users, this is frustrating. Please rest assured that as soon as something is developed, we will post information on it here.
Logged
System(s) Configuration
Intel(R) Core(TM)2 Duo T4500 CPU @ 2.3Ghz, 2048MB RAM, Windows 7 Ultimate 32bit
silicon_toad2000
WMW Team
Re: Important WPN attack information
«
Reply #13 on:
June 10, 2011, 08:10:33 am »
My understanding is the specific attacks outlined above have stopped.
Logged
dabud
MX Hosts
Re: Important WPN attack information
«
Reply #14 on:
June 12, 2011, 01:27:38 pm »
OS - openSUSE 11.3 64 bit kde 4.4 WinMX 3.54b with Eagle patch Primary connection thru Wine 1.2 WCS185b3 or EServ 0.28 Asus RT16N using modified software DSL PPPOE connection Firewalled with router and OS firewall.
I have successfully run a Winmx room for a number of years, without any major problems. My ISP is not an issue, they don't engage in throttling like other bigger ISP's.
I am having a lot of trouble connecting and staying connected to the peercaches. Users are dropped from my room. Also, I cannot stay in other rooms for long periods, eventually I get dumped. Whether I use EServ or WCS doesn't seem to matter, they both crash and disconnect me at times. When I restart them, it takes forever to get connected. Also, Winmx crashes at times.
It has become such an issue that many users are not coming back. I have been collecting email addies so that when a solution is found I can hopefully encourage them to return.
Is there anyway I can use the peer blocking program with the linux system. Or is there any other help you could suggest?
Thank You
Logged
Machine # 1 - Asus Prime Z390A, i7-9700k 3.6GHz, 32.0 GB ram, openSUSE Leap 15.0 64-bit, KDE Plasma 5.12.8
Machine # 2 - Asus P8Z77-V Deluxe, i7-3770k 3.5GHz, 16.0 GB ram, opensuse Tumbleweed KDE Plasma 5.17.0
silicon_toad2000
WMW Team
Re: Important WPN attack information
«
Reply #15 on:
June 12, 2011, 02:07:46 pm »
Do you have the latest wcs? I know after the attacks started, Merlin released an updated WCS to handle one of the attack types.
Also if you monitor outgoing traffic you might spot the spoofed responses and you could block the range:port combination in iptables or firewall to take the load off your router.
Logged
dabud
MX Hosts
Re: Important WPN attack information
«
Reply #16 on:
June 13, 2011, 02:38:40 am »
@ silicon_toad
ty for replying
I am upgrading to latest WCS now
I will try the firewall and blocking info as soon as I get info on how to do it.
Logged
Machine # 1 - Asus Prime Z390A, i7-9700k 3.6GHz, 32.0 GB ram, openSUSE Leap 15.0 64-bit, KDE Plasma 5.12.8
Machine # 2 - Asus P8Z77-V Deluxe, i7-3770k 3.5GHz, 16.0 GB ram, opensuse Tumbleweed KDE Plasma 5.17.0
silicon_toad2000
WMW Team
Re: Important WPN attack information
«
Reply #17 on:
June 13, 2011, 04:43:08 am »
sorry i cant be of more help there, that's too far out of my area to offer any useful advice
Logged
dabud
MX Hosts
Re: Important WPN attack information
«
Reply #18 on:
June 14, 2011, 01:44:49 am »
@silicon_toad
I switched to the new WCS 1.8.3.1 and now it crashes with an error Segmentation fault
Any idea what I can do to correct it?
Logged
Machine # 1 - Asus Prime Z390A, i7-9700k 3.6GHz, 32.0 GB ram, openSUSE Leap 15.0 64-bit, KDE Plasma 5.12.8
Machine # 2 - Asus P8Z77-V Deluxe, i7-3770k 3.5GHz, 16.0 GB ram, opensuse Tumbleweed KDE Plasma 5.17.0
auhgra
Forum Member
Re: Important WPN attack information
«
Reply #19 on:
July 01, 2011, 09:31:11 pm »
OK, something fishy is going on. Seems, maybe, WINMX was hijacked? It doesn't matter what I type in the search field, band name, song name, disc name, etc., a whole lotta crap comes up except what I am looking for. Most of it isn't even legible. Anyone know what is going on? I have the v3.54 beta 4 patch.
auhgra
Logged
Print
Pages: [
1
]
2
3
...
5
Go Up
« previous
next »
WinMX World :: Forum
|
Discussion
|
WinMx World News
|
Important WPN attack information
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19
|
SMF © 2021
,
Simple Machines
|
Terms and Policies
Page created in 0.02 seconds with 23 queries.
Helios Multi
©
Bloc
Loading...