gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76793 Posts in 13502 Topics by 1651 Members - Latest Member: Arnold99 November 23, 2024, 08:08:58 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Important WPN attack information
gfx
gfxgfx
 

Author Topic: Important WPN attack information  (Read 66997 times)

0 Members and 1 Guest are viewing this topic.

Important WPN attack information
« on: June 04, 2011, 04:38:34 pm »
All,

I have recently been made aware that the targeting of the attack on the winmx community has changed.

background here

More recently the attacks have been targetted to trick parts of the winmx network into believing certain IPs have requested a room listing. As such these parts of the winmx network respond to these spoofed IPs.

At the time of writing, the attacks on the winmx community are directing these responses at various parts of the US Department of Defence.

The parts of the network most affected seem to be chat room servers, which are responding to spoofed channel list requests.

What are you to do about it?
There are a few options open, in no particular order.
-switch your room to the opennap network.
-leave your room in offline mode
   These options will stop the spoofed packets from reaching you through the network.

-run peerblock with https://www.winmxworld.com/files/pblist.txt
   This can be updated if the attacker alters the attack target.
   As always we do not reccommend the use of the default lists.
       Using peerblock this way will stop outgoing traffic to the addresses on the list.

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: Important WPN attack information
« Reply #1 on: June 04, 2011, 06:35:30 pm »
Sensible advice Silicon  8)

I would also urge all primary users hosting a room or not to use the same blocking method as a temporary security measure.

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Important WPN attack information
« Reply #2 on: June 04, 2011, 06:43:48 pm »
request;

they (the dod) hold the 6.0.0.0/8 range as well... pls to add this... better to be safe than... uh... investigated....

Offline nylly444

  • The /root of all evil ;-)
  • WMW Team
  • *****
    • WinMX World
Re: Important WPN attack information
« Reply #3 on: June 04, 2011, 07:56:28 pm »
Actually there are more ranges they hold or that can be associated with them.
Honestly there's no telling which range will be afected next though.
The reason we made it into a list at all is that we can update if and when it's needed.
Be sure that atm we're closely monitoring things, so if they move on to a different range we will add it and let you know about it.
I think it's sensible to only block the ranges we see affected though for the moment.
LINUX - Legendary Intelligent Needful Universal Xperienced


Re: Important WPN attack information
« Reply #4 on: June 04, 2011, 11:32:55 pm »
Further to this of course is to block the ranges yourself through your own router/firewall solution.
Please ensure to keep abreast of any developments and monitor your outgoing traffic for changes if possible.

At the time of writing I can still see traffic trying to get out to the 7.x.x.x range from one of my machines which I have chosen to block at the firewall on my router.

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Important WPN attack information
« Reply #5 on: June 05, 2011, 07:03:43 pm »
this range should be in patch blocklist too ive got -no- chatserver installed and mx is still making requests to this range....

that is if the patch can hold that large of a range....

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: Important WPN attack information
« Reply #6 on: June 05, 2011, 08:39:35 pm »
I did profer that same advice some posts ago, however its always good to see others independently reaching the same conclusions and delivering the right advice.

Any Primary or chat server host need to block that IP range at their own location using the software suggested above, in our democratic ways of thinking we never envisaged anyone would want to censor the whole of winmx via the chat room listing and so that has never been filtered in the patch, its a shame that those who started this nonsense are simply forcing more responsibilities on those who deliver the patches and thus weakening the communitys freedom.

I shall be thankful when all these abusers are not able to drive away the thousands of users they already have done, in the last 2 months we have seen at least 30% of the chats disappear I think that and the lower user count confirms the true motives of these cowards.


Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Important WPN attack information
« Reply #7 on: June 05, 2011, 10:22:33 pm »
* Silver Stripes wonders what in the world gs is talking about....


i ment adding it (the 7 range) to this; https://www.winmxworld.com/block/cache_list.txt so it gets spread to the patch users.....

Re: Important WPN attack information
« Reply #8 on: June 05, 2011, 10:37:06 pm »
My understanding is the patch does not filter this kind of outgoing traffic.
The range was added to the blocklist to see if it would have any effect and it did not so we removed it.

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Important WPN attack information
« Reply #9 on: June 05, 2011, 11:08:41 pm »
ahh ok... thought the patch had a 'peerblock' like effect of its own... didnt know... thx for clearing that up...

Offline Bundoker

  • Forum Member
Re: Important WPN attack information
« Reply #10 on: June 06, 2011, 05:46:19 am »
Anything new about  hackers hosing basic Beta 4 winmx searches like they did in May?   

Between then and now someone posted we should switch to using chat rooms ... which now are under attack.
Looks like the beasties are smart enough to read winmx world postings. 
Maybe we should converse in Visayan or tagalog but saw a post in Yahoo from someone in the Phiippines wondering waz happenin,
I'm so stupid last May I swithced tthe 53 version and when the zillions of hits went away I thought it was a Beta thing ,,, wrong ... 't was timing.

Anything we can do to help?   

Offline allenx1966

  • Forum Member
Re: Important WPN attack information
« Reply #11 on: June 10, 2011, 03:28:15 am »
I hope limewire isn't a dirty word anymore. I used to hate it, but since winmx is down, and the new limewire pirate 5.6 is running,I like it ,I got no choice.
   Actually, there is something I am really diggin on limewire, it actually works better WITHOUT a static IP. It sure is burning up the peerblocker though, be sure to use it. This is my second post about this,just trying to spread the word. I am no PC expert, I just know successfully running winmx right now is impossible for me. I tried limewire a few weeks ago, and it was horrible. I messed with it tonight, fired up peerblock and released my static ip and BAM success. I am not in the "CLIC" here, and I hope I am not stepping on toes or making anyone mad. Just trying to help out.
   Be sure to let me know if I need to shut up about this.

Offline bu44er

  • Forum Member
  • Hack The Planet
Re: Important WPN attack information
« Reply #12 on: June 10, 2011, 07:08:51 am »
We have people working very hard, to resolve the current issue. We can not say at this moment how long it will be, before everything goes back to normal. We can say that eventually things will go back to normal.

I understand that for loads of users, this is frustrating. Please rest assured that as soon as something is developed, we will post information on it here.
System(s) Configuration
Intel(R) Core(TM)2 Duo T4500 CPU @ 2.3Ghz, 2048MB RAM, Windows 7 Ultimate 32bit

Re: Important WPN attack information
« Reply #13 on: June 10, 2011, 08:10:33 am »
My understanding is the specific attacks outlined above have stopped.

Offline dabud

  • MX Hosts
  • *****
Re: Important WPN attack information
« Reply #14 on: June 12, 2011, 01:27:38 pm »
OS - openSUSE 11.3  64 bit kde 4.4   WinMX 3.54b with Eagle patch   Primary connection  thru Wine 1.2   WCS185b3 or EServ 0.28   Asus RT16N using modified software DSL PPPOE connection  Firewalled with router and OS firewall.
 
I have successfully run a Winmx room for a number of years, without any major problems. My ISP is not an issue, they don't engage in throttling like other bigger ISP's.

I am having a lot of trouble connecting and staying connected to the peercaches.  Users are dropped from my room.  Also, I cannot stay in other rooms for long periods, eventually I get dumped.  Whether I use EServ or WCS doesn't seem to matter, they both  crash and disconnect me at times.  When I restart them, it takes forever to get connected.   Also, Winmx crashes at times.
It has become such an issue that many users are not coming back.  I have been collecting email addies so that when a solution is found I can hopefully encourage them to return.

Is there anyway I can use the peer blocking program with the linux system.  Or is there any other help you could suggest?
Thank You

Machine # 1 - Asus Prime Z390A, i7-9700k 3.6GHz, 32.0 GB ram, openSUSE Leap 15.0 64-bit, KDE Plasma 5.12.8
Machine # 2 - Asus P8Z77-V Deluxe, i7-3770k 3.5GHz, 16.0 GB ram, opensuse Tumbleweed KDE Plasma 5.17.0

Re: Important WPN attack information
« Reply #15 on: June 12, 2011, 02:07:46 pm »
Do you have the latest wcs? I know after the attacks started, Merlin released an updated WCS to handle one of the attack types.

Also if you monitor outgoing traffic you might spot the spoofed responses and you could block the range:port combination in iptables or firewall to take the load off your router.

Offline dabud

  • MX Hosts
  • *****
Re: Important WPN attack information
« Reply #16 on: June 13, 2011, 02:38:40 am »
@ silicon_toad
ty for replying

I am upgrading to latest WCS now

I will try the firewall and blocking info as soon as I get info on how to do it.
Machine # 1 - Asus Prime Z390A, i7-9700k 3.6GHz, 32.0 GB ram, openSUSE Leap 15.0 64-bit, KDE Plasma 5.12.8
Machine # 2 - Asus P8Z77-V Deluxe, i7-3770k 3.5GHz, 16.0 GB ram, opensuse Tumbleweed KDE Plasma 5.17.0

Re: Important WPN attack information
« Reply #17 on: June 13, 2011, 04:43:08 am »
sorry i cant be of more help there, that's too far out of my area to offer any useful advice

Offline dabud

  • MX Hosts
  • *****
Re: Important WPN attack information
« Reply #18 on: June 14, 2011, 01:44:49 am »
@silicon_toad

I switched to the new WCS 1.8.3.1 and now it crashes with an error    Segmentation fault
Any idea what I can do to correct it?
Machine # 1 - Asus Prime Z390A, i7-9700k 3.6GHz, 32.0 GB ram, openSUSE Leap 15.0 64-bit, KDE Plasma 5.12.8
Machine # 2 - Asus P8Z77-V Deluxe, i7-3770k 3.5GHz, 16.0 GB ram, opensuse Tumbleweed KDE Plasma 5.17.0

Offline auhgra

  • Forum Member
Re: Important WPN attack information
« Reply #19 on: July 01, 2011, 09:31:11 pm »
 :/  OK, something fishy is going on.  Seems, maybe, WINMX was hijacked?  It doesn't matter what I type in the search field, band name, song name, disc name, etc., a whole lotta crap comes up except what I am looking for. Most of it isn't even legible.  Anyone know what is going on?  I have the v3.54 beta 4 patch. 

auhgra

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Important WPN attack information
 

gfxgfx
gfx
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.014 seconds with 21 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!