gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76793 Posts in 13502 Topics by 1651 Members - Latest Member: Arnold99 November 05, 2024, 04:58:49 pm
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  Think Tank  |  QI
gfx
gfxgfx
 

Author Topic: QI  (Read 3683 times)

0 Members and 1 Guest are viewing this topic.

Offline Alwaysaway

  • Forum Member
QI
« on: August 31, 2009, 07:05:12 pm »
i stumbled across this, thought it was quite interesting.

[Post edited by GhostShip]

Offline ']['affy

  • Forum Member
Re: QI
« Reply #1 on: August 31, 2009, 08:19:04 pm »
what exactly is this always

Offline Stevi

  • #1 DJ
  • MX Hosts
  • *****
  • Ooops! I blew up the commercials!
    • WinMX Radio
Re: QI
« Reply #2 on: August 31, 2009, 11:51:09 pm »
I am unsure what it is. When I downloaded it there was a file named WMW.bat in there. Until there is further research done, I feel this is unsafe to download.

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: QI
« Reply #3 on: September 01, 2009, 12:14:31 am »
Tech 87 is another name for {MXC} Michael who did create a trojan some time ago.

Can I strongly suggest no one download from this address until I have looked the beast over.

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: QI
« Reply #4 on: September 01, 2009, 12:17:29 am »
the bat file in of itself technically has nothing harmful to your own system in it..... but its what it does that has me confused...

it pings an old .arpa IP address (somewhere near or in pheonix, az -- united states) continously.... its basically a very weak DoS attack on something thats had an IP address since before the internet was the internet (still called arpanet)... so its either an old but technically advanced college.... or a military installation of some sort.....

....or in other words.... dont mess with it....

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: QI
« Reply #5 on: September 01, 2009, 12:24:53 am »
Hmm its basically a file of the sort Stripes noted and why anyone here would be interested in pinging random IP addresses is beyond me  :/

Address removed.

Offline wonderer

  • MX Hosts
  • *****
  • ***
Re: QI
« Reply #6 on: September 01, 2009, 06:43:35 pm »
What's wrong with endless pinging a host? is that not what all our clients do?

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: QI
« Reply #7 on: September 01, 2009, 09:12:18 pm »
inside the protocol it pings yes... this was using the 'ping' command which uses ICMP... not exactly winmx.... and its pinging a random ancient arpanet IP... not a p2p user... for reasons unknown....

you might as well be spamming the IP if its continous.... the ping comand sending then recieving ~32bytes of data once every second... its basically useless junk..... and if a whole lot of ppl are doing it it becomes an annoyance or even a denial of service...

now the motive as to why that ip address... i dunno....

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: QI
« Reply #8 on: September 01, 2009, 09:18:35 pm »
The range referenced was one the site was hosted on some years, so it may well be the same address, however I dont have the time or inclination to check it out, let sleeping dogs lie is I think the best policy for this topic  :yes:


Offline wonderer

  • MX Hosts
  • *****
  • ***
Re: QI
« Reply #9 on: September 01, 2009, 10:05:22 pm »
Just wondering while I'm adviced by the ISP to run this kind of test to all hops in the trace to detect where the dataloss I'm having troubles with occur, not that it matters anymore, I'm changing ISP anyway afer this month ends, but, if it was seen as denial of service attack, they won't ask me to ping with 1024 bit pings would they?,btw, interval of 600 msecs which is less than a second :)

Offline Forested665

  • Forum Member
  • Linux:2003 FreeBSD:2004 Debian/BSD developer:2006
Re: QI
« Reply #10 on: September 02, 2009, 09:55:17 pm »
your just one person and it would make the losses appearent when you do it that fast.
What this script and most likely this person was trying to do was get like i unno 300 people to do the same thing to ONE address which in a since stalls or ovelroads that computer.
if its on an arpanet one or two people could take it offline the max theoretical speed in 75 was 260kbit/s and supposidly they were all taken offline in 1989
interesting enough though a .arpa isnt an arpanet its a top level domain that was used for the transition from the arpanet to nsfnet and the internet . in 89 they fully replaced them with DNS servers

quicks or stripes i would like to look over this batch script though if you could paste and send the contents in a pm?
BSD -  The Daemons Are No Longer Just Inside My Head.

Offline {MXC}michael

  • Forum Member
Re: QI
« Reply #11 on: September 03, 2009, 07:11:49 am »
i wrote that 3 years ago, it has 2 lines in its script, ping -t "address" pause,       the ip address  was being used by this site 3 years ago, it is so irrelivant now,  just forget about it, it had no malicious intent.

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: QI
« Reply #12 on: September 03, 2009, 08:38:22 am »
Cheers for confirming that Michael, I did suspect its vintage as it was rather spartan, anyway nice to see you around.

Offline Joshua203

  • MX Hosts
  • *****
  • *****
  • www.DutchaGoGo.com
    • www.DutchaGoGo.com and a few more like WinMX.ComXa.com and WinMX.ExoFire.net
Re: QI
« Reply #13 on: September 03, 2009, 05:24:43 pm »
hmmm, from my point of view the ip used in that file is the exact same one as this site is hosted on right now
Windows 7 Ultimate 64bit Edition, CPU Intel64 Family 6 Model 26 Stepping 5 Genuine Intel Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, RAM: 12GB

WebSite: www.DutchaGoGo.com

WinMX World :: Forum  |  Discussion  |  Think Tank  |  QI
 

gfxgfx
gfx
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.02 seconds with 24 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!