Silly Question ???

[Bearded Blunder]

Wouldn't running a blocklist on the new cache servers prevent the flooders from ever being given the details of a primary node to connect to?

Would this not get them off the WPN ?

Second silly question:

Can Sherwood be used to protect a third party chatserver (ie Ouka) from connecting any flooders?  I've only heard of it's use in relation to WinMX.

I know PG2 will block them in this situation, but PG2 keeps crashing & taking my system & room both down with it.

[Me Here]

Bearded Blunder

Not a silly question at all.
It would make perfect sense if they used the same method of connection as you or I do.  The truth is they dont use the new peer caches nor did they use the old front code ones for that matter to get connected.  In theory with the correct software and a known list of current primary connection to the network thats all they need to get on the WPN.  

How they get their list of primary connections I dont know exactly, but they are very successful in what ever method it is.  Its not hard to come up with the technology to do this.

The best way to get them off of the WPN is to have an accurate list of the IPs they use, something we have the technology to do, and to make sure all primaries are using this list to keep them from connecting to them.  This can be accomplished with Peerguardian, Sherwood, Protowall, your firewall or our patch the 1.9 .dll. as long as you include the list of known IPs they use on the WPN.  This list can be found here:
https://www.winmxworld.com/tutorials/block_the_riaa.html
Along with instructions for adding it to your PeerGuardian.
Sherwood uses virtually the same list already.


They also ,as your aware maybe, do not make primary connection to users, they connect via a secondary connection to these known primaries for this reason there is no need to block them from your third party chat servers because these make what is known as a 'fake' primary connection.  Basically just means they dont support actual network traffic or secondaries.
They are capable of jamming up your ports with massive connection attempts and therefore could cause you to loose a room of people on a Third party chat server, if your running WinMX for them to find you with in the first place.  After all that is the whole reason we push folks to block them so much, the DOS attacks they perform on primaries.

As far as your Pg2, that was a known issue with the original PG, but if your having problems with it just let us know if you need information on an alternative approach.

[Bearded Blunder]

Hmmm...

I don't generally run WinMX on the same PC as my chatserver, although with the current situation I have run a second copy on that PC as a primary, with no share, purely to add capacity to host secondaries.  I stopped doing so after the problems I had with Peer Guardian 2 on it.

The other PC I have Runs PG2 without problems.

I wondered if it might be OS related, On 2000 Pro I have no difficulty.

The PC where it causes issues is running 2000 Server Service Pack 4 & is configured as a domain controller ( .local domain ) & providing local DNS.

Very little besides the OS Ouka & sometimes WinMX runs on this PC I am using Sygate Pro as a firewall.

[Me Here]

Well aside from overloading the primaries you connected to via Ouka, which is possible but out of your control, I dont see a way they would be able to make your room unstable directly.

That said there is a way to add the IPs to your sygate firewall if this would make you feel better and might then also imporve the stability.

I am working on instructions for this and will post them to you if you like as soon as I finish them..

[Bearded Blunder]

Have added the addresses and ranges from your blocklist to Sygate today (manually) on the PC with PG2 installed as well & blocks on those addresses & hosts have vanished..

Interestingly I'm still seeing plenty of traffic to/from my WinMX blocked, presumably from addresses on the Bluetack p2p blocklist, this list is way too long to add by hand (or keep updated as firewall rules) on the machine where I can't run PG2 & I'm having no success converting it with blutack's converter.. which simply causes my IE to hang either when loading the level1 list, or at the next stage.

[Me Here]

I had that same trouble when trying to convert those lists Bearded, The only thing I wasnt happy about was the limited ability to use the lists in other applications by editing it in notepad.

One thing to note on this, I am working on a post for the block list.  Just a bit of basics on how and why numbers do or do not get added, but for your sygate I do suggest (you prolly are already doing this) to update that list daily, the list is checked daily and things are added mostly and some removed nearly every day...

[Bearded Blunder]

Converting them I sorted, there is a blocklist manager program available to download at bluetack, which will convert the lists, & can be pointed at lists you saved & edited too, it can also combine lists.

As to editing lists I find Excel more helpful than notepad, PG2 lists import easily, and separate the IP range from name by telling it : is delimiter, then you can sort alphabetically etc.. & at the end simply export again using : as delimiter

[Me Here]

Kewl, I dont have much experience with Excel but thats great to know thanks ...

[Bearded Blunder]

OK here's what I've done so far:

1. Added the specific WinMX blocklist to Sygate on both machines as an advanced rule.

2. (tepmporarily) added the bluetack level one list as an advanced rule on the server (well 98 advanced rules) this is way too cumbersome to keep up to date & causes Sygate to hog resources

3. Monitored PG2 for who's trying to connect & blocked (since it only sees what Sygate isn't blocking) & made a list to add as an advanced rule on both machines (so PG2 will stop seeing the same people).

For what it's worth the first day I had to add 78 ranges frpm the bluetack list, & the second a furthur 8 only.. it looks like I'm onto a winning strategy, it's far less cumbersome to process the PG2 log than enter the bluetack list.

There are a couple of companies (well 3) from whom I've seen MUCH traffic,  should anyone want to find out what ranges I've found to block this way I have retained the list in PG2 format.  I hesitate to clutter the forum posting it.

[Me Here]

Please feel free Bearded to post them if you dont mind, we have a section just for dodgy IP addresses in the 'Think Tank' area, I would be most interested in seeing them and investigating them also ..

I am aware that there are many companies that make connections through WinMX ports and are a problem, but not as damaging in the tatics they use to disrupt the Network.. I am curious if you have found better performance with this method on the machine that you run Ouka on..

[Bearded Blunder]

Well I've considerably reduced CPU overhead, compared to having the entire level one list loaded as advanced rules within sygate, lol in that configuration I couldn't run WinMX as a primary on it, because the cumulative processor load made the room unresponsive.

I have posted the list of ranges I've logged traffic from in the think tank here:
https://forum.winmxworld.com/ 6058#6058


Reducing to 2 easily updated rules, one for your blocklist & one for the list posted there has enabled me to run as a primary on there again, the point of which is purely to provide capacity to the network, using that WinMX to search download or share is too cumbersome, as the box has to be controlled remotely across my LAN.

It's not as strong a primary as my main sharing MX, despite being run on better hardware with more capacity, with identical bandwith & search thread duty cycles, currently as I post:

Server
<P=6 S=8 SPM=8203>

PC (800 MHz compared to 2GHz)
<P=13 S=14 SPM=15516>

[ñòóKýçrÕôK]

Bearded Blunder

Not a silly question at all.
It would make perfect sense if they used the same method of connection as you or I do.  The truth is they dont use the new peer caches nor did they use the old front code ones for that matter to get connected.  In theory with the correct software and a known list of current primary connection to the network thats all they need to get on the WPN.  

How they get their list of primary connections I dont know exactly, but they are very successful in what ever method it is.  Its not hard to come up with the technology to do this.

The best way to get them off of the WPN is to have an accurate list of the IPs they use, something we have the technology to do, and to make sure all primaries are using this list to keep them from connecting to them.  This can be accomplished with Peerguardian, Sherwood, Protowall, your firewall or our patch the 1.9 .dll. as long as you include the list of known IPs they use on the WPN.  This list can be found here:
https://www.winmxworld.com/tutorials/block_the_riaa.html
Along with instructions for adding it to your PeerGuardian.
Sherwood uses virtually the same list already.


They also ,as your aware maybe, do not make primary connection to users, they connect via a secondary connection to these known primaries for this reason there is no need to block them from your third party chat servers because these make what is known as a 'fake' primary connection.  Basically just means they dont support actual network traffic or secondaries.
They are capable of jamming up your ports with massive connection attempts and therefore could cause you to loose a room of people on a Third party chat server, if your running WinMx for them to find you with in the first place.  After all that is the whole reason we push folks to block them so much, the DOS attacks they perform on primaries.

As far as your Pg2, that was a known issue with the original PG, but if your having problems with it just let us know if you need information on an alternative approach.

I imagine all they would need is an IP scanner to find all available connections to a specific IP, or even a multiple range scanner, to detect multiple IP ranges and multiple connection to each IP in a range. I have had the software myself although I can't really remember the name of it. One may try going to www.majorgeeks.com and clicking on their link for internet monitoring to find such a software. Or at least I THINK that's how it goes.  :roll: