Author Topic: Network Status Information - Important - Please Read (Read 9703 times)

GhostShip · « **on:** May 22, 2009, 01:22:49 am »

Folks for a month or so now I and others have been monitoring some renewed attacks on the network and for the most part we are holding our own against Media Defender and one or two other annoyances however in undertaking the increased monitoring its become clear we are running low on western primaries and that the majority of folks are connecting to the network via Japanese primaries, this in itself is not a bad thing but what is a problem is that that cartel are launching many of their network disruptions via those same primaries and thus folks have been complaining about odd and obscure problems thinking MX is broken when the problems are more often due to illegal DOS (denial of service) attacks from Media Defender using their latest proxy "front" company in the 174 range.

They are using a simple system of waiting for primaries to request a room list from the other primaries and then they head in trying to join from around 150+ IP's within the block I mentioned above, this can cause primaries to become disconnected and disrupt your perfectly legal activity of chatting and sharing your own content, this is what I believe they are really attempting to stifle, you all sharing your own content represents a threat to the media cartels and their excessive profit making schemes.

For those wishing to see this for themselves you can run a TCP viewer and you'll note that at the stage they attack your not looking for files or downloading.
Media Defender have in the past tried to justify this type of activity by saying they are disrupting copyright infringement but as I stated above this cannot be the case when they are attacking prior to any such activity and stealing your bandwidth into the bargain.
I,m making this latest information public because I feel you all have a right to know who is attacking the network illegally, unfortunately we have further problems to hand, if this was a single attacker we would feel very happy to continue laughing at them but the real topic I wish to speak to you all about is a new threat.

The monitoring I spoke of above was undertaken not to detect media defender but an attacker operating via a Chinese proxy who was launching a new type of attack on the network, to aid in the detection activity I had to "deputise" 5 more folks into a new team I named the "Network Support Group" and 2 of our well known community programmers rapidly developed new detection tools to help in the battle, within a day or so we had obtained the information necessary to block this new attacker, but importantly there are still one or two weevils out there operating in a more controlled fashion and thus far these have avoided our pinpointing detection methods, this is once again a problem because more folks are using Japanese primaries and thus the attackers are joining the network at that point outside of our primary coverage area.

OK so that's the problem and if we are to help each other I need your help by doing the following actions while your using the network folks, if you can follow these guidlines where possible we can minimise any disruption that our enemies can deliver, here's what I need you all to do.

1 : Ensure your running a patch utilising the blocklist (the community patch most of you use does this automatically).

2 : If your a primary watch out for excessive secondary joining when you first start WinMX up, if you see 6 or 7 secondaries when you have only just joined the network please restart WinMX as its very probable your patch hasn't loaded the blocklist.

3 : If you have the capability to run a primary please do so so we have a bigger pool of stable primaries to lessen disruptions to secondaries and the network in general. You can find information on operating as a primary here

4 : When you request a chat list (or open the chat tab) ensure you close the main room-listing window after you have found the room you want as they will keep attackng you while you leave that open as it updates the roomlist automatically all the while it is open, this is more important for primaries but will help save network overheads if used by secondaries also.

5 : Report any suspicious activity/strange network problems here or in the chat room so we can look out for new attackers, don't be concerned about false alarms, any time saved in tracking down these folks is more bandwidth saved for your own activities .

If we can all follow these simple guidlines where possible folks it will leave the attackers less opportunities while we look at further technical options to deliver them a killer-blow, that being said there are currently only a few options to choose from at this stage and all will involve changes to our current systems, I have spoken to our mxpie.com colleagues to ensure they are fully aware of the problems we are dealing with and discussions are still ongoing as to what futher action will deliver the most benefit with minimal disrupion to users.

To make clear the seriousness of the new attack problem I also spoke to Sabre of the breakaway pie group and asked if he wished to join the community blocking initiatives, he made it clear he doesnt use mx much anymore and had no interest in cleaning up the mess he and the break-away group continue to create, this was expected so there is no point repeating anything further except to say it was yet another blow to impoving the network for all winmx users and the long term general health of the network.

~~RReactor~~ · « **Reply #1 on:** May 22, 2009, 01:47:35 am »

hmm sabre does not want to do anything because that would take his power away and his ability to block people and such. maybe if he was offered a managers position at burger king he would stop being against the cause

White Stripes · « **Reply #2 on:** May 22, 2009, 02:21:45 am »

well.... that explains why the channel list never comes up correctly.... (i just use robomx anymore... starting winmx only to get a list of channels... since... well.. apparently the use of japanese primaries also makes filesharing on winmx useless... so two puzzlers answered with one post...)

some 'western' folks out there need to RTFM for their routers methinks.....

MinersLantern · « **Reply #3 on:** May 24, 2009, 04:15:45 am »

interesting.
I have had the 174 bunch firewalled from the entire system for weeks.
Anything from (red) china i'm instantly suspicious of anyway and I block them when I see them since its extremely unlikely they have anything I want to trade and their evil little government controls their internet.
I guess I will go primary more often now. It runs quite stable with both the patch blocking and firewall in place.
Do you suppose I can bait them by actually doing a channel list from winmx? That would give me entertainment. lol
I rarely do channel lists from the real winmx. Normally Robo.
Let the goofball flooding companies outsource all the american jobs they wish, just makes it easier to detect and block them.

Forested665 · « **Reply #4 on:** May 24, 2009, 05:10:49 pm »

Robo still loads the list from Primaries similar to the way a secondary winmx user does.
I wont say exactly the same because i havent looked at that portion of code for either.
More then likely though you can be affected the same way.

wonderer · « **Reply #5 on:** May 24, 2009, 11:57:14 pm »

well, RoboMx has the option to connect to a primary by IP or hostname and port, no problem to use a trusted IP (your local winmx).

Lagerlout666 · « **Reply #6 on:** May 25, 2009, 12:40:25 pm »

In all honesty These tricks are fed to you via one person. An i have brought this up before but Winmx hasnt been in this such short supply of western patched primaries since frontcode shut down. Now the real route course of all this is Saber. Now not because he is actually doing it. But he is providing a solution for these companies to stay connected to this network and perform these attacks. Now id like to say their is a way to get everyone to switch from the hostfile straight away but to be honest its not possible, Unless saber either A:) Closes down B:) Takes a version of our blocking soloution like we did with MXpie.com C:) Lets sleeping dogs lie and joins us.

Now none of that is going to happen. A few of us have tried speaking to saber. Have even offered him the dll. But he flatly refuses. So in my eyes what i think we need to do is push him them. Now im not calling for attacks or anything like that. But a way of stopping these floods on the chat list deep in our protected part of the network is to add his caches to the block list.

Then his caches would only index his hostfile users which are full of media companies. This would huddle his unprotected primarys together in a group and they could basicly flood each other and would segregate them away from the healthy part of our patched network and stop the better of us having to put up with all the flooding. It would also start to increase connection times for the hostfile users and might make them go looking for a quicker better soloution. In either Mxpie or our own.

So yes, I think we really need to do something an do something now. An a option that is quick and simple to us is to add saber to the blocklist. What do you guys think? As we do need to do something fast.

Forested665 · « **Reply #7 on:** May 25, 2009, 03:25:28 pm »

Several people have mentioned this before.
GS will flat out say no because we would lose people and sabre would start propoganda to ruin us.
And theres always a chance a user will end up connecting to him and bridging us back together.
besides the cache is only used once to find a primary node.

Lagerlout666 · « **Reply #8 on:** May 25, 2009, 03:40:04 pm »

I wasnt talking about splitting the network. My method wont split the network at all. Over the space of a month what it will do is cluster the hostfile folks together. But all the while all still be connected. I dont think your thinking right what im saying. And their shouldnt be any loss of users by adding him. Only maybe increased connection times but so what. Maybe when they realise its taking like 2 minutes to connect that something isnt right and go looking for a answer. Where we will be sat ready.

Forested665 · « **Reply #9 on:** May 25, 2009, 08:33:52 pm »

It already takes them 2-8 minutes.
If you firewall the cache it will divide the network.
eventually the primarys will disconnect from each other.
any secondarys using the host file will be stuck on sabre's primarys.

Lagerlout666 · « **Reply #10 on:** May 25, 2009, 08:41:56 pm »

The network wont segregate. Winmx has some pretty cool and dandy ways of stopping such issues. So the network actually splitting is damn hard to do. Segregation is not splitting, and wont cause it to split. And wont necessarily create full segregation. As the primary's will pull node lists from the network. I understand you maybe dont call for this but im sure others will. An action needs to be taken.

GhostShip · « **Reply #11 on:** May 25, 2009, 11:24:07 pm »

Burn I,m not the big boss here I am for want of a better word the "big mouth", if the majority of regular users want action and its backed up by sound reasoning then that's the direction we as a community should take, I myself have made efforts to try the softly softly approach to dealing with the network issues Sabre and others continue to create but I also understand at his particular time doing nothing is looking like a poor second option also, do we have anyone where who is not in favour of exercising this option to help slow down the disruptor's by a helpful percentage ?

I can confirm that doing what Tiny has suggested will not cleave the network apart and that the reasoning behind it will be to ensure your IPs are not being harvested by the peer cache software Sabre runs to be delivered to unblocking primary clients as they may currently be, if he is left to delivering only unblocking primary and secondary client we should see an improvement in the quality of nodes initially handed out by the caches for Community patch users.

The danger:
By doing the above we will be creating a "bottleneck" for host file secondaries using Info caches and there will be major delays for them to connect using the host file as the flooders are taking up all the normally "free" slots they need.

This is why I myself have not suggested this move as I,m aware folks are enjoying the peaceful times we have worked hard for, but if we are down to discussing a major blow to the network or the survival of the fittest then now is the time to free ourselves of those who take no care to safeguard their fellow filesharers.

Forested665 · « **Reply #12 on:** May 25, 2009, 11:35:51 pm »

I personaly have no issues with this.
But i do wonder about th health of the people on our end that get stuck with host file primaries.
That means all traffic searches from both sides of the neck will go through them.

Even so i vote to go ahead. its a short time damage for an exponential growth oppertunity.

White Stripes · « **Reply #13 on:** May 26, 2009, 04:30:18 am »

Quote

But i do wonder about th health of the people on our end that get stuck with host file primaries.

they already dont work.... trust me....

..Ñøßß¥.. · « **Reply #14 on:** May 26, 2009, 07:14:20 am »

I agree with Tiny, i have already spoken with GS several weeks ago on this matter, mxpie.com fully support an effort to clean up. Right now, there are alot of other p2p especially BT under pressure, now is a good time to offer a clean viable network to new homeless users, and that leaves no place for Sabre. Its regretable we may lose some pie.info users, on the flip side, we might find it much easier to upgrade them to the community patch if their Winmx experience suddenly gets very sucky.

Lagerlout666 · « **Reply #15 on:** May 26, 2009, 08:45:25 am »

What we both need to do then is get some sort of page created for the hostfile users. And place it on the front page of both our sites.
Explaining on a hostfile,
Long connection times.
Slow loading chat list
Slow loading searchs.
Millions of fake files
Reason why
And cure

We should make this into a few diffrent language's, and make a hearted effort to publicize it everywhere that winmx wont stand for the shit. Id say we get onto this sooner rather than later.

Anyone else got anything to say on this matter?

White Stripes · « **Reply #16 on:** May 26, 2009, 08:53:48 am »

make sure japanese is one of the languages... even if its just something from google translate...

oh... and when does this start?

Lagerlout666 · « **Reply #17 on:** May 26, 2009, 08:57:39 am »

I think we should start making a tutorial now. And role this out as soon as we are ready. If their are no objections, i see no reason other than in the next 24 hours. Ill just stir the blocklist folks and i dont mind writing the tutorial up threw today. Pie can just copy the page and add it to their own CMS or whatever.

Trestor · « **Reply #18 on:** May 26, 2009, 11:13:03 am »

I don't understand most of what has been discussed in this thread because I only share files and don't understand the technical stuff at all, but if this Sabre person is making trouble then by all means do what has to be done. I'm not at all concerned about offending him if he's been causing trouble for everyone else.
I'm looking forward to reading that mx is safe to use again.

GhostShip · « **Reply #19 on:** May 26, 2009, 01:45:07 pm »

The problems we have with Sabre are not new Trestor but his continuing failure to help secure the network when we are seeing a major increase in attacks on it and not just of the same type as before means we are all being put in danger by those refusing to block these network attackers.