Important WPN attack information

[silicon_toad2000]

All,

I have recently been made aware that the targeting of the attack on the winmx community has changed.

background here

More recently the attacks have been targetted to trick parts of the winmx network into believing certain IPs have requested a room listing. As such these parts of the winmx network respond to these spoofed IPs.

At the time of writing, the attacks on the winmx community are directing these responses at various parts of the US Department of Defence.

The parts of the network most affected seem to be chat room servers, which are responding to spoofed channel list requests.
What are you to do about it?
There are a few options open, in no particular order.
-switch your room to the opennap network.
-leave your room in offline mode
   These options will stop the spoofed packets from reaching you through the network.

-run peerblock with https://www.winmxworld.com/files/pblist.txt
   This can be updated if the attacker alters the attack target.
   As always we do not reccommend the use of the default lists.
       Using peerblock this way will stop outgoing traffic to the addresses on the list.

[GhostShip]

Sensible advice Silicon 

I would also urge all primary users hosting a room or not to use the same blocking method as a temporary security measure.

[White Stripes]

request;

they (the dod) hold the 6.0.0.0/8 range as well... pls to add this... better to be safe than... uh... investigated....

[nylly444]

Actually there are more ranges they hold or that can be associated with them.
Honestly there's no telling which range will be afected next though.
The reason we made it into a list at all is that we can update if and when it's needed.
Be sure that atm we're closely monitoring things, so if they move on to a different range we will add it and let you know about it.
I think it's sensible to only block the ranges we see affected though for the moment.

[silicon_toad2000]

Further to this of course is to block the ranges yourself through your own router/firewall solution.
Please ensure to keep abreast of any developments and monitor your outgoing traffic for changes if possible.

At the time of writing I can still see traffic trying to get out to the 7.x.x.x range from one of my machines which I have chosen to block at the firewall on my router.

[White Stripes]

this range should be in patch blocklist too ive got -no- chatserver installed and mx is still making requests to this range....

that is if the patch can hold that large of a range....

[GhostShip]

I did profer that same advice some posts ago, however its always good to see others independently reaching the same conclusions and delivering the right advice.

Any Primary or chat server host need to block that IP range at their own location using the software suggested above, in our democratic ways of thinking we never envisaged anyone would want to censor the whole of winmx via the chat room listing and so that has never been filtered in the patch, its a shame that those who started this nonsense are simply forcing more responsibilities on those who deliver the patches and thus weakening the communitys freedom.

I shall be thankful when all these abusers are not able to drive away the thousands of users they already have done, in the last 2 months we have seen at least 30% of the chats disappear I think that and the lower user count confirms the true motives of these cowards.

[White Stripes]

* Silver Stripes wonders what in the world gs is talking about....

i ment adding it (the 7 range) to this; https://www.winmxworld.com/block/cache_list.txt so it gets spread to the patch users.....

[silicon_toad2000]

My understanding is the patch does not filter this kind of outgoing traffic.
The range was added to the blocklist to see if it would have any effect and it did not so we removed it.

[White Stripes]

ahh ok... thought the patch had a 'peerblock' like effect of its own... didnt know... thx for clearing that up...

[Bundoker]

Anything new about  hackers hosing basic Beta 4 winmx searches like they did in May?   

Between then and now someone posted we should switch to using chat rooms ... which now are under attack.
Looks like the beasties are smart enough to read winmx world postings. 
Maybe we should converse in Visayan or tagalog but saw a post in Yahoo from someone in the Phiippines wondering waz happenin,
I'm so stupid last May I swithced tthe 53 version and when the zillions of hits went away I thought it was a Beta thing ,,, wrong ... 't was timing.

Anything we can do to help?   

[allenx1966]

I hope limewire isn't a dirty word anymore. I used to hate it, but since winmx is down, and the new limewire pirate 5.6 is running,I like it ,I got no choice.
   Actually, there is something I am really diggin on limewire, it actually works better WITHOUT a static IP. It sure is burning up the peerblocker though, be sure to use it. This is my second post about this,just trying to spread the word. I am no PC expert, I just know successfully running winmx right now is impossible for me. I tried limewire a few weeks ago, and it was horrible. I messed with it tonight, fired up peerblock and released my static ip and BAM success. I am not in the "CLIC" here, and I hope I am not stepping on toes or making anyone mad. Just trying to help out.
   Be sure to let me know if I need to shut up about this.

[bu44er]

We have people working very hard, to resolve the current issue. We can not say at this moment how long it will be, before everything goes back to normal. We can say that eventually things will go back to normal.

I understand that for loads of users, this is frustrating. Please rest assured that as soon as something is developed, we will post information on it here.

[silicon_toad2000]

My understanding is the specific attacks outlined above have stopped.

[dabud]

OS - openSUSE 11.3  64 bit kde 4.4   WinMX 3.54b with Eagle patch   Primary connection  thru Wine 1.2   WCS185b3 or EServ 0.28   Asus RT16N using modified software DSL PPPOE connection  Firewalled with router and OS firewall.
 
I have successfully run a Winmx room for a number of years, without any major problems. My ISP is not an issue, they don't engage in throttling like other bigger ISP's.

I am having a lot of trouble connecting and staying connected to the peercaches.  Users are dropped from my room.  Also, I cannot stay in other rooms for long periods, eventually I get dumped.  Whether I use EServ or WCS doesn't seem to matter, they both  crash and disconnect me at times.  When I restart them, it takes forever to get connected.   Also, Winmx crashes at times.
It has become such an issue that many users are not coming back.  I have been collecting email addies so that when a solution is found I can hopefully encourage them to return.

Is there anyway I can use the peer blocking program with the linux system.  Or is there any other help you could suggest?
Thank You

[silicon_toad2000]

Do you have the latest wcs? I know after the attacks started, Merlin released an updated WCS to handle one of the attack types.

Also if you monitor outgoing traffic you might spot the spoofed responses and you could block the range:port combination in iptables or firewall to take the load off your router.

[dabud]

@ silicon_toad
ty for replying

I am upgrading to latest WCS now

I will try the firewall and blocking info as soon as I get info on how to do it.

[silicon_toad2000]

sorry i cant be of more help there, that's too far out of my area to offer any useful advice

[dabud]

@silicon_toad

I switched to the new WCS 1.8.3.1 and now it crashes with an error    Segmentation fault
Any idea what I can do to correct it?

[auhgra]

   OK, something fishy is going on.  Seems, maybe, WINMX was hijacked?  It doesn't matter what I type in the search field, band name, song name, disc name, etc., a whole lotta crap comes up except what I am looking for. Most of it isn't even legible.  Anyone know what is going on?  I have the v3.54 beta 4 patch. 

auhgra