QI

[Alwaysaway]

i stumbled across this, thought it was quite interesting.

[Post edited by GhostShip]

[']['affy]

what exactly is this always

[Stevi]

I am unsure what it is. When I downloaded it there was a file named WMW.bat in there. Until there is further research done, I feel this is unsafe to download.

[GhostShip]

Tech 87 is another name for {MXC} Michael who did create a trojan some time ago.

Can I strongly suggest no one download from this address until I have looked the beast over.

[White Stripes]

the bat file in of itself technically has nothing harmful to your own system in it..... but its what it does that has me confused...

it pings an old .arpa IP address (somewhere near or in pheonix, az -- united states) continously.... its basically a very weak DoS attack on something thats had an IP address since before the internet was the internet (still called arpanet)... so its either an old but technically advanced college.... or a military installation of some sort.....

....or in other words.... dont mess with it....

[GhostShip]

Hmm its basically a file of the sort Stripes noted and why anyone here would be interested in pinging random IP addresses is beyond me 

Address removed.

[wonderer]

What's wrong with endless pinging a host? is that not what all our clients do?

[White Stripes]

inside the protocol it pings yes... this was using the 'ping' command which uses ICMP... not exactly winmx.... and its pinging a random ancient arpanet IP... not a p2p user... for reasons unknown....

you might as well be spamming the IP if its continous.... the ping comand sending then recieving ~32bytes of data once every second... its basically useless junk..... and if a whole lot of ppl are doing it it becomes an annoyance or even a denial of service...

now the motive as to why that ip address... i dunno....

[GhostShip]

The range referenced was one the site was hosted on some years, so it may well be the same address, however I dont have the time or inclination to check it out, let sleeping dogs lie is I think the best policy for this topic 

[wonderer]

Just wondering while I'm adviced by the ISP to run this kind of test to all hops in the trace to detect where the dataloss I'm having troubles with occur, not that it matters anymore, I'm changing ISP anyway afer this month ends, but, if it was seen as denial of service attack, they won't ask me to ping with 1024 bit pings would they?,btw, interval of 600 msecs which is less than a second

[Forested665]

your just one person and it would make the losses appearent when you do it that fast.
What this script and most likely this person was trying to do was get like i unno 300 people to do the same thing to ONE address which in a since stalls or ovelroads that computer.
if its on an arpanet one or two people could take it offline the max theoretical speed in 75 was 260kbit/s and supposidly they were all taken offline in 1989
interesting enough though a .arpa isnt an arpanet its a top level domain that was used for the transition from the arpanet to nsfnet and the internet . in 89 they fully replaced them with DNS servers

quicks or stripes i would like to look over this batch script though if you could paste and send the contents in a pm?

[{MXC}michael]

i wrote that 3 years ago, it has 2 lines in its script, ping -t "address" pause,       the ip address  was being used by this site 3 years ago, it is so irrelivant now,  just forget about it, it had no malicious intent.

[GhostShip]

Cheers for confirming that Michael, I did suspect its vintage as it was rather spartan, anyway nice to see you around.

[Joshua203]

hmmm, from my point of view the ip used in that file is the exact same one as this site is hosted on right now