gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76775 Posts in 13501 Topics by 1651 Members - Latest Member: insider4ever May 19, 2024, 12:11:58 pm
*
gfx*gfx
gfx
WinMX World :: Forum  |  WinMX World Community  |  Winmxworld.com Strategic Directions  |  2011, the year that was.
gfx
gfxgfx
 

Author Topic: 2011, the year that was.  (Read 17592 times)

0 Members and 1 Guest are viewing this topic.

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: 2011, the year that was.
« Reply #20 on: January 13, 2012, 10:12:45 am »
Quote
Example the caches. They sit aroud sending fake ips all over the wpn, trying to connect to silly things, like random ip on ports 25, 53, etc, etc. Simple crap to block. Ports that should be obvious to block. But no... the caches still are sending that garbage globally to winmx primaries. The caches are simply a list of ips and ports. It should not be horribly difficult to purge them of obviously false data.

the caches arent sending that data... there is a 'mini' cache server in winmx itself that is getting posioned and sending that... the cache servers were patched from that a long time ago...

Quote
That thing will connect, just long enough to knock you offline. I have firewalled it, but that doesnt block its attempts.

poisoned internal cache again.... use a firewall rule of 'reject' rather than 'drop' ...... if you have that option.... will give the port right back.... (if you are using a free firewall for windows you may not have options like that at all)

Quote
Worry about the wonderful new GUI later.

a gui can be built faster than the program thats 'behind' the gui (even the apps that dont have a gui such as a patch)

a thing to think about in regards to a patch..... a .dll style patch uses 'dll injection' ... what that means is that when the 'host' program is run ... in this case winmx.exe the .dll modifies the program in-memory (as apposed to modifiying it on disk)... its ugly but it works (ask any virus writer).... the kicker? you need to know a hell of a lot about the program that you are modifying in order to modify it without crashing it.... add the need to stay running stable for long periods of time and im sure you can see the problem...

writing the program from scratch gives the writers source code to work with rather than a binary .exe written in 2004 for the OSen of that era... a -lot- of things would need to be 'patched' to make it completely friendly with modern osen (just look at the forum posts of vista and win7 users who are having problems)

tbh its not even fully compatible with win2k and xp... try running winmx with a limited user account on one of those machines.... doesnt work cos winmx uses its program directory for its settings and data files and not the registry or a subfolder of the users directory...

--

new client from scratch == better cos;
1) sourcecode... easier and quicker to fix a bug or close another attack vector since the main program is being fixed rather than an elder app having another bandaid stuck on it...

2) new client not 'copyright' frontcode ... (nuff said)

3) new client can evolve.... ever wanted usernames to show as color in the chat userlist? i know i have... ever wanted to turn that color off? yep... that'd be a nice one too... howbout unicode support.... ....real unicode support... ...any language the users OS has support for can be displayed (imagine all the annoyingly creative usernames this will spawn) properly without the need to hack/change settings to a specific language...

...and thats just the tip of the iceburg in what can be done...

Offline RebelMX

  • Core
  • *****
  • *****
Re: 2011, the year that was.
« Reply #21 on: January 13, 2012, 07:45:53 pm »
Actually, as it happens, I agree with MinersLantern in some cases, although he has completely misunderstood how the network operates.  As Stripes mentions the caches are not actually affected by the attacks, and play no part in aiding them.

However, by working on the/a patch for winmx it is actually EASIER to fix the issues than writing a new program.  The patch can even change the settings folder, and therefore be made to work perfectly with newer OS's if it was decided to.  As Stripes mentions, a patch changes the data stored in memory, and therefore any information stored in memory can be modified, including where to retrieve settings from along with many other things.  The difficulty in working on a patch/dll injection method, is not, as was suggested, in knowing alot about the host program, since you just need to hijack/hook the windows function calls and add your code, then pass on the original/newly modified info, back to winmx.  The functions called are fairly easy to guess since its a Windows programme, using socket calls.  Therefore there are the obvious calls required such as recv, send, socket, accept etc etc
The discussion point about copyright is irrelevant, since patch or client, its still not copyrighted to Frontcode, so no real difference.  The protocol can be modified for ipv6, and even > 2gb files if it was required.  Seriously there are no limits on what you can do in a patch, the limit is only on what programmers can do, and how well written any patch is to allow further development or bug fixes to be added.  The winmx GUI can be controlled even, as we have seen with the hijack/hook into the patch bar, and even previous update bars that allowed new patches to be "forced" on users.

I'm not going to continue on this subject, as it's clear most peoples minds are made up that a new client is an essential requirement to fix the network.  If thats what it takes to fix it then so be it, but it didn't require 9+ months to really get a patch to fix JUST the network attacks.  Yes I know, the client isn't JUST a fix for the attacks, but as mentioned even with the patch further updates/upgrades almost everything COULD be added to the current client.

Anyways, just my thoughts, don't expect (m)any to agree but who cares thats what opinions are for.

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: 2011, the year that was.
« Reply #22 on: January 13, 2012, 09:37:07 pm »
Its been clear for some time that althought the majority of the attacks can and have been defeated at a technical level we would be simply handing the attackers a stick to beat us all with if we stuck to using a known flawed protocol implementation, serious protocol changes have to be made and due to the scope of them its fairly obvious that if you have to replicate half the client in a patch its a whole lot more efficient to go the whole hog and allow for further updates and counter measures by removing the reliance on an old code base that the attacker has spent years practicing to attack.

No one likes wasted time but to create a patch thats not going to fulfill the key criteria of defeating all current attacks without having a meg of code added is simply a more major waste of time in the long run, we have the capabilities to deliver a client project that can change to cope with any type of future attack and for that reason alone the wait is worth it, thats my opinion.

Offline cuttingedge

  • Forum Member
  • I will gladly pay U Tuesday, for a hamburger today
Re: 2011, the year that was.
« Reply #23 on: January 13, 2012, 10:01:17 pm »
Boy...I tell ya!.....Heated debate......I think some people Just dont like change, and some people do!
I think I am stuck some where in the middle....I like WinMX as it is now with the minor fixes, but I also like the idea of a new version.
I know it has been said that the old client version will work as secondary only...Well thats all I can run in my current configuration.
With that being said, I hope both versions stay working just in case the new version does not work for me.
 

I CAN HANDLE IT!

Offline Will

  • WMW Team
  • *****
  • *****
  • ***
  • It wasn't me
Re: 2011, the year that was.
« Reply #24 on: January 14, 2012, 03:11:49 am »
The new client is compatible with mx, any new features or protocol extensions won't be however.

Offline Hans-Linux

  • Forum Member
  • *****
    • index.hmtl
Re: 2011, the year that was.
« Reply #25 on: January 14, 2012, 04:50:25 am »
Minerslantern:

I have commenced preliminary work to extend secure, privacy protecting, p2p network software. The development of this software under GPL is sponsored and supported  by a major EU and Nato member government, where their Pirate Party holds seats in the various parliaments, house of representatives, congress, or whatever you call this in the jurisdiction where you reside. 

Please list and name the jurisdictions where SOPA is law and where it is illegal to code and/or p2p software and/or publish the code in print or electronic form, own, hold or use p2p computer software.

Hans  :walk:


 
AMD Phenom II x4, 3000Mhz; 24,115 Bogo MIPS; 
 Main Op. System: Gentoo, Xfce Desktop; 
Wine 3.0.3; WinMx; Bit-Torrent;
Up-Speed 20 Mb/s Down-Speed 50 Mb/s;
 "C" programmer.

Offline Bluey_412

  • Forum Member
  • I'm Watching...
Re: 2011, the year that was.
« Reply #26 on: January 14, 2012, 03:49:06 pm »
Miners, if it's so easy, why dont you just go ahead and do...?
What you think is important is rarely urgent
But what you think is Urgent is rarely important

Just remember that...

Offline MinersLantern

  • Forum Member
Re: 2011, the year that was.
« Reply #27 on: January 15, 2012, 04:32:27 am »
Firstly, at someone who said 'if its so easy, why dont you do it'? I dont have time to do it. I dont have time to do much of anything due to my real job. Some people have time to code. I dont. Im just saying why take the L-O-N-G route to correct the immediate problem? Is that too complex to understand? If some want me to switch over to programming in C, how about some cash upfront, so I can suddenly quit my real job and still pay the mortgage? It is impossible. Unless one of you guys have an extra $25,000 laying around and want to send it to me via PayPal. I dont want to hear anymore about why if its so easy why dont I do it. ffs. The protocol, as it is, can be altered via a patch. Im just saying that writing an entire new cliet is a dangerous thing to do. Someone is the author, someone owns it. Someone is at risk at being shut down, arrested, or sued off the face of the earth for doing it. Who cares about the EU, etc, etc. Do you see Bearshare free and open? Or any of the other few dozen p2p programs that have been neutered? Keep the original WinMX as is. Nobody can be sued but Kevin. (But Kevin has vanished). It would be nice for small changes such as the 2 gig limit, the weird way how you select multiple incompletes and the thing goes goes crazy and selects some randome bunch of incompletes on its own. But none of that is a threat to WinMX. The attacks are. The attacks wipe out WinMX altogether. WinMX itself and all the chat rooms. What is so complex about removing idiotic connection attempts to ridiculous ports like 22, 53, etc, etc? These are special reserved ports on both Windoze and Linux. It is eating the entire WPN. Why is it soooo complicated to remove any reference to such obvious things via a patch?
Good lord, the hacker(s) KM, **AA or whatever have been using the same method on and off for years. Extra wonderful features can be added later. Perfection doesnt happen on the first try. Ask Microsoft or any other software author. Updates are a constant thing. Dont try to make everything perfect at once, it aint gonna happen. WinMX is dying, big time. I think some small steps should be taken to reduce the damage. At least some steps. Not just ignoring it and letting stuff go on as usual to pursue the perfect client.



Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: 2011, the year that was.
« Reply #28 on: January 15, 2012, 05:06:31 am »
the patch to fix the problem would just about need to be as complex.. if not moreso... than the clone client... along with still limiting winmx to windows ... new client can be ported to other platforms including those not running on intel cpus...

lawsuit problems? i dont see anyone making a profit off of this (like limewire)... and the settings dialog seems to allow users to pick the cache servers they want to use (like the current patch does... tho granted in a less 'user friendly' way) so thats two for the user and new client and 0 for the cartel...

now if sopa passes it'll be illegal in the states but so will a whole lot of other software.... hell even 'wget' and 'ftp' could be considered illegal under that so-called 'law' .... but it doesnt mean mx or other methods of file transfer will be in other countries...


winmx is dying fast? actually... connect to a nap server... openworld is a good one... and run a search (search only that server or disconnect from the wpn before running a search) .... holy shit there are a lot mx users out there... (wait... by your logic... how has opennap not been sued out of existence?)

Re: 2011, the year that was.
« Reply #29 on: January 15, 2012, 05:28:28 am »
Maybe miners lanter has a point, maybe he doesn't.

Maybe Miners Lantern has thought of a method of dropping the attack traffic the hasn't already been covered.
The problem as I understand it is that a bunch of the attack traffic looks an awful lot like genuine traffic. Those bits which do not look like geniune traffic could be made to look like genuine traffic with a bit of clickety click from the attackers.
Initially perhaps a bunch of the traffic could have been dropped from the network. But I think you hit the nail on the head MinersLantern, resources. There is not an army of coders to continually update the patch to drop changing traffic patterns.
I believe if there had been a patch release in the early stages of the attacks, some of the traffic could have been stopped for a period of time, maybe a week, maybe a month, maybe a day. Then the traffic type would have been changed and the patch would not have worked. Resources would have been expended and nothing would have been gained. I feel that we would be sitting here with the same network functionality we have now but with a long term solution which would have been nowhere near as far along the road to completion as it is now.
Even without a patch release, the attack traffic changes in complexity and discounts many of the early methods for detection and protection which were discussed.

MinersLatern's words of frustration strike a cord with all of us. What the attackers are doing sucks. We are all frustrated and with no target for that frustration we look for an outlet.
Is it the right outlet? Nothing about all this is right.

For those of us who choose not to stick together and allow their frustrations to be turned towards others in the community, I think winmx is dead and perhaps was never alive for them.

Offline achilles

  • Core
  • *****
Re: 2011, the year that was.
« Reply #30 on: January 15, 2012, 07:50:54 am »
Eventually the client could be made open source and that could resolve some of the legal implications. At least I think so anyways. Regardless, a new client is the best long term solution to our problem.  Almost everyone has been eagerly waiting for new client for several years now. I work 70 to 80 hours a week, but I would still help if I was a coder.  We could have a better network than ever with a new client to build upon.
I'm a Hardware, and Cyber Security Guy.

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: 2011, the year that was.
« Reply #31 on: January 15, 2012, 11:42:38 am »
Quote
MinersLatern's words of frustration strike a cord with all of us. What the attackers are doing sucks. We are all frustrated and with no target for that frustration we look for an outlet.
Is it the right outlet? Nothing about all this is right.

For those of us who choose not to stick together and allow their frustrations to be turned towards others in the community, I think winmx is dead and perhaps was never alive for them.

if the 'correct' target for anger and frustration cannot be located the fight or flight instinct back-builds and the closest target becomes the subject of the 'attack'...

is it "right"? thats a question i'll leave for the philosophers... is it a normal psychological reaction? yes...

Offline MinersLantern

  • Forum Member
Re: 2011, the year that was.
« Reply #32 on: January 17, 2012, 05:07:38 am »
I am aware of the so called mini cache server in WinMX itself. I am also aware that the PC servers collect primary ips, then test them. Why is it that the patch for the primary in WinMX itself not do that?
Yes WinMX loads WS_32.dll (the original windows one) redo WS2_32.dll and stick that into the same folder that the WinMX exe resides. The redone winsock dll takes priority as far as WinMX is concerned. Once it finds a dll in its own folder, it ignores the actual system one.
At that point, any and all connections, or traffic can be controlled 100% by the patch.
The real WS_32.dll can remain for its true purpose... looking up recipes for little old ladies on Google.  lol

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: 2011, the year that was.
« Reply #33 on: January 17, 2012, 06:04:46 am »
Miners, the DLL file we use to patch WinMX is a variant of the idea you have suggested and it was picked for its lack of multiple dependencies, hijacking winsock directly means you have to write in support for all of its functions whether they are used or not by your application.

Can I suggest you look again at how the network operates and at searches in particular as its clear your not thinking through some of the important ramifications of validating all traffic in real time on the network.

Lastly whilst all traffic can be hijacked as it enters in and out of the client by the third party patch such operation is resource hungry when faced with having to decrypt every single WinMX packet modify it or take further actions then re-encrypt it to pass on to WinMX itself, there is no way of knowing what traffic is what aside from decrypting it, and with an added burden of validation before any traffic is passed on to the WinMX client to deal with I feel little thought is being paid to practically implementing this, whilst its a simple concept its far from trivial to undertake successfully, and to add a further piece of bad news here there are attacks that can bypass the validation mechanism, thus the development team discontinued work on such a patch after making at least 5 or 6 patches of varying efficiency.
 


Offline MinersLantern

  • Forum Member
Re: 2011, the year that was.
« Reply #34 on: January 17, 2012, 07:05:03 am »
I do understand what your saying Ghost. But even without validation, very obvious things like any old ip (fake or not) trying for port 22, 53 aka anything under the normal ports under 1024 should be removed immediately without even a test. Why 22, 53.. I dont know. KM gets a woody for those ports? Perhaps since they are ports used by computers all the time for normal operation he thinks they cannot be closed? WinMX does not need FTP or Email access. It also doesnt need NetBios or any of the other reserved services on the low ports. It cant be so resource hungry that its going to freeze the system, unless written in Java or some 'modern' language aside from plain, old C. The current attacks are already doing that quite nicely. With all the fake traffic sent by winmx or a chatserver even, Windoze assigns more and more ports. They sit around waiting for hours or days awaiting a response that is not going to happen. The OS runs out of ports. Sure it will automagically start deleting them one by one and trying again but that ends up slowing the system down to the point where you have to reboot anyway. It performs somewhat better fresh, then goes slower and slower (packetwise) till you have to reboot yet again. Would be better to eliminate the easy to detect fake traffic and make it so windows doesnt even see the request in the first place.
I firewall 22 and 53. It prevents attempts to the outside. WinMX is decrypting that, the firewall is blocking it. But still the blocked tries sit and wait for nothing. The decryption isnt slowing the system since WinMX is going to decrypt any ips in its list anyway. Another unrelated ip address has been flooding me for years. Only on primary. 204.252.18.x I have firewalled it. I even moved half way across the state and got a totally different isp. That evil ip remains. The firewall blocks it from making a real connection but it still blocks WinMX packets by its attempts. Running Netlimiter and watching for the slot that shows attempts at connections reveals interesting information. There is only one on WinMX. While the attempt is going on, WinMX is blocked from any other legit new connections. That one has been going on way before KM got a bee up his 'bonnet'. Now, during the usual attacks, that slot will sit there flashing one random ip after another so fast that you dont have time to record the number. They normally also repeat in a pattern. zzz.zzz.xxx.xxx kinda thing. Now once again as a few months ago... this ip, that ip... all on port 22 or 25 or 53. If the patch was able to block the cartel ips back in the good old days. It should be able to block other fakes as well. Both methods require decryption on the fly anyway. Back during the Pie Vs KM patch, I was for Pie. Why? Pie was simply, faster. Reason? It did not attempt to detect and block fake files and false flood traffic. I decided that it was worth the extra processing with the dll patch since, even though it was slower and ate more CPU cycles, it also ended up causing more completed files. With the entire WPN at its knees, I dont think utmost speed is the real thing to worry about. You have tried several patches, but they were not spread over the entire WPN. Something like a dozen or so computers are going to fail, no matter if the patch works or not. They have to compete with the thousands worldwide that are unpatched. A few hundred thousand computers each doing a small bit to block the fake traffic will have a big impact on KM (or whoever). Ya know it isnt the cartel doing it? Right? If it was the work of several multibillion dollar corporations operating globally, it would never, ever, for one nanosecond, stop. All the flood servers worldwide are not going to suddenly crash all at once unless a nuclear war has happened. Yet, even now, the attacker fails at random intervals. Sometimes for days, sometimes for hours. True he/she/it can be doing this via a proxy. How about remove any access via proxy? If not, then get the ip. Remove access from the entire range of his isp. Yes, I know... But what about free speech? The network is basically, dead. Time for drastic measures. Those who want to use 'free speech' as an excuse are free to go stand in the town square on a soapbox and speak all they want.

Offline MinersLantern

  • Forum Member
Re: 2011, the year that was.
« Reply #35 on: January 17, 2012, 07:37:39 am »
PS:
I have been told before that I couldn't do an operation in chat because it would be much too slow and would fail. Im sure youve heard of it. Block access to anyone using Tor. When someone was popping into rooms, trying to start arguments with other rooms, which they had nothing to do with. I originally came up with the idea to scan a list of updated Tor nodes for each and every person entering the room. Everyone at the time said thats never going to work, to slow, going to lag the system. I tryied it anyway. Compare the new person entering against all 700-800 ips on Tor. No room speech access granted until Metis said their ip was not on that list. It worked very nicely anyway. No delay whatsoever. The scan was done in a nanosecond. Even peeps with auto greetings set up were not blocked or delayed. This on a super slow 200Mhz pc running 3 rooms and 3 bots all different. Dont assume that something is going to be so slow as to be useless.

Offline achilles

  • Core
  • *****
Re: 2011, the year that was.
« Reply #36 on: January 17, 2012, 08:36:57 am »
There's no reason to keep beating ones head against the wall trying to develop a patch that may work for only a while. Especially when we are so close to having a new client completed. No reason to keep adding band aids to a flawed protocol. A new client will allow improvements to be made to the network, and that will bring more users to the network. We need a new foundation. We need something that can  be continually improved. We needed that even before the attacks began.
I'm a Hardware, and Cyber Security Guy.

Offline ANTS

  • Forum Member
  • I love WinMX!
Re: 2011, the year that was.
« Reply #37 on: January 17, 2012, 01:16:16 pm »
MinersLantern have you heard of paragraphs?  ;)

Offline MinersLantern

  • Forum Member
Re: 2011, the year that was.
« Reply #38 on: January 23, 2012, 04:09:14 am »
New client and all that is very exciting. If it ever happens.
Yesterday, I had discovered a stable two way connection via primary on port 6699 from, guess who?
The dept of Defense. I found it going on and terminayed it after a half hour. The current patch should include outgoing as well as incoming connetions.
I have went and made the thing use a local file on my own hard drive to get the block list from.
Its very fast to do things that way, of course, it would be all kinds of nice if the block list would also disallow outgoing connection attempts. For the past few days all WinMX and anything related to it has been doing is flooding the DoD. Yall can worry about a new client that works perfectly under all conditions later, imo.
Things need to be changed, NOW.
Good god, how long do you think sites like the US government itself are going to tolerate the bullshit?
If the patch can block a list of incoming connections, it can also block a list of outgoing ones.
Unless, nobody here has any idea of how the current patch works?
Certain things need to be taken care of now. Not later.

Offline cuttingedge

  • Forum Member
  • I will gladly pay U Tuesday, for a hamburger today
Re: 2011, the year that was.
« Reply #39 on: January 23, 2012, 04:16:53 am »
Kinda makes me wonder why DoD is excepting the connection? I would think the requests would get blocked on their end....

I CAN HANDLE IT!

WinMX World :: Forum  |  WinMX World Community  |  Winmxworld.com Strategic Directions  |  2011, the year that was.
 

gfxgfx
gfx
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.027 seconds with 26 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!