Folks for a month or so now I and others have been monitoring some renewed attacks on the network and for the most part we are holding our own against Media Defender and one or two other annoyances however in undertaking the increased monitoring its become clear we are running low on western primaries and that the majority of folks are connecting to the network via Japanese primaries, this in itself is not a bad thing but what is a problem is that that cartel are launching many of their network disruptions via those same primaries and thus folks have been complaining about odd and obscure problems thinking MX is broken when the problems are more often due to illegal DOS (denial of service) attacks from Media Defender using their latest proxy "front" company in the 174 range.
They are using a simple system of waiting for primaries to request a room list from the other primaries and then they head in trying to join from around 150+ IP's within the block I mentioned above, this can cause primaries to become disconnected and disrupt your perfectly legal activity of chatting and sharing your own content, this is what I believe they are really attempting to stifle, you all sharing your own content represents a threat to the media cartels and their excessive profit making schemes.
For those wishing to see this for themselves you can run a TCP viewer
and you'll note that at the stage they attack your not looking for files or downloading.
Media Defender have in the past tried to justify this type of activity by saying they are disrupting copyright infringement but as I stated above this cannot be the case when they are attacking prior to any such activity and stealing your bandwidth into the bargain.
I,m making this latest information public because I feel you all have a right to know who is attacking the network illegally, unfortunately we have further problems to hand, if this was a single attacker we would feel very happy to continue laughing at them but the real topic I wish to speak to you all about is a new threat.
The monitoring I spoke of above was undertaken not to detect media defender but an attacker operating via a Chinese proxy who was launching a new type of attack on the network, to aid in the detection activity I had to "deputise" 5 more folks into a new team I named the "Network Support Group" and 2 of our well known community programmers rapidly developed new detection tools to help in the battle, within a day or so we had obtained the information necessary to block this new attacker, but importantly there are still one or two weevils out there operating in a more controlled fashion and thus far these have avoided our pinpointing detection methods, this is once again a problem because more folks are using Japanese primaries and thus the attackers are joining the network at that point outside of our primary coverage area.
OK so that's the problem and if we are to help each other I need your help by doing the following actions while your using the network folks, if you can follow these guidlines where possible we can minimise any disruption that our enemies can deliver, here's what I need you all to do.1 : Ensure your running a patch utilising the blocklist (the community patch most of you use does this automatically).
2 : If your a primary watch out for excessive secondary joining when you first start WinMX up, if you see 6 or 7 secondaries when you have only just joined the network please restart WinMX as its very probable your patch hasn't loaded the blocklist.
3 : If you have the capability to run a primary please do so so we have a bigger pool of stable primaries to lessen disruptions to secondaries and the network in general. You can find information on operating as a primary here
4 : When you request a chat list (or open the chat tab) ensure you close the main room-listing window after you have found the room you want as they will keep attackng you while you leave that open as it updates the roomlist automatically all the while it is open, this is more important for primaries but will help save network overheads if used by secondaries also.
5 : Report any suspicious activity/strange network problems here or in the chat room so we can look out for new attackers, don't be concerned about false alarms, any time saved in tracking down these folks is more bandwidth saved for your own activities .
If we can all follow these simple guidlines where possible folks it will leave the attackers less opportunities while we look at further technical options to deliver them a killer-blow, that being said there are currently only a few options to choose from at this stage and all will involve changes to our current systems, I have spoken to our mxpie.com colleagues to ensure they are fully aware of the problems we are dealing with and discussions are still ongoing as to what futher action will deliver the most benefit with minimal disrupion to users.
To make clear the seriousness of the new attack problem I also spoke to Sabre of the breakaway pie group and asked if he wished to join the community blocking initiatives, he made it clear he doesnt use mx much anymore and had no interest in cleaning up the mess he and the break-away group continue to create, this was expected so there is no point repeating anything further except to say it was yet another blow to impoving the network for all winmx users and the long term general health of the network.