|
|
Posted by db on 09/26/05 20:33
"FinnTroll" <yab@roll.uc> wrote in message
news:5dYZe.34764$d5.190029@newsb.telia.net...
>
>> Good stuff. It shouldn't actually affect anything transfer-wise. It's
>> actually just a very simple, transparent, package that acts as a
>> middleman between the WinMX client and the Windows WS2_32.DLL "Winsock"
>> which handles all TCP/UDP communications. All it does is check the IP
>> addresses that run through the middleman DLL (WS2_32R.DLL) against those
>> listed in the bendmx.dat file, so, if an address contained in the DAT
>> file matches one the WinMX client is trying to either send to, or receive
>> from, it blocks it dead.
>>
>
> I see ... I better admit straight away I am a newbie on WinMX, but have
> been learning by reading here in the NG ... I get the picture of the
> WSR_32.DLL's role as a "doorkeeper", but in the context I need to ask ...
> what is is that makes a certain IP approved vs. blocked in the first
> place? I understand an IP is being blocked if it can be found in the
> BendMX but what makes it "bad" and be rewarded a place in the "hall of
> shame", so to speak?
Hmm, it's a pretty complicated thing to answer. Basically, the IP addresses
contained in the bendmx.dat file are addresses of computers owned by
companies employed by media companies to do whatever they can get away with
to disrupt the WinMX peer network. Most of the addresses are computers that
exploit the WinMX client by acting as secondaries which connect into primary
users on the WinMX peer network, upload a a load of fake files names to the
primary, and then basically sit on the primary connection doing nothing.
When a user initiates a search in their WinMX client the search query gets
broadcast around primary operators on the network; those primaries receive
the search queries and respond with any matches they have stored. Thing to
remember here is that primary users store a list of all files shared by the
primary user themself, and more importantly, they store lists of all files
shared by secondary users that connect into the primary (primaries host
secondary users). So what happens is that, because the media companies run
secondary clients that hook into primaries, the primaries end up housing
huge lists of fake files (actually the files don't usually exist so it's
just fake information) so that whenever a user on the WinMX peer network
runs a search for a file they're trying to protect, such as "britney", the
primaries respond with tons of fake results to the initiator of the query
(the user that searched).
Anyway, to cut what would probably otherwise be a ridiculously complicated
answer, short, the 'BadIP' entries are addresses that host media company
'anti-p2p' computers that have been postitively identified as being what
they are.
There's a lot more detail but I won't go into it unless you really want
(assuming I could even answer the question). ;P
As an additional note, some of the BadIP entries are not 'fakers', or
haven't been seen operating as fakers, but run other tasks such as
continuously running searches for artists/filenames in, I imagine, an
attempt to drown the network in search queries and/or attempt to disrupt the
user's primary connection to which it is attached (difficult to say what
exactly their game is).
> I have been running WinMX now for a couple of hours ... no d/l, but a mere
> couple in the beginning to check things. Since then I have been watching
> the transfers window, trying to figure out what makes some u/l'ers never
> be connected, while others are being que'ed. While watching the u/l speed
> I notice that it doesn't matter much what type of connection speed they
> have ... speed ranges between 2,5K/s to around 30K/s. It makes me wonder
> if there's something I missed in the settings. I would expect a higher
> rate since I am on a 7/1 DSL and I have set the Queing to allow 4/2 at
> once.
I could do with knowing whether you're running a primary or secondary
connection here (and any other details like firewall type, router, etc) if
you're having problems transferring files. Generally you can't gauge the
capability of a user's connection based on what connection type is reported
at all (56K, DSL, T1, etc).
>> Sure. Just edit it in Notepad if you like. Ultimately you'd probably be
>> required to do this in order to maintain an accurate blocklist as the
>> media companies change addresses fairly frequently (some of them, at
>> least). I'll update the bendmx.dat files for a period of time but can't
>> guarantee for how long.
>
> yeah ... I found the "readme"-txt file right after I had hit the <send>
> button :-)
>
>> Thanks for the feedback.
>
> You're welcome ... I thank you in return for your efforts in making WinMX
> a great product.
No problem.
>> P.S. It should create a log file in your WinMX program folder when it
>> blocks addresses so have a look for that to see how well it's doing
>> (should be very busy on primary connections).
>
> fer sure :-) ... I opened the log file and had a look inside it... during
> 6.20pm upto 8.20pm this evening I had 500 "blocked IP".. however several
> of those came from the same source, with the same user number, or changed.
> Something odd though, I am still running the WinMX as I type and there's
> been no added IP's in the log file since then :-\
You'll see the BadIPs attempting to connect very frequently as they
repeatedly attempt to connect into any primary user advertising the capacity
to host secondary users (this is automatically controlled by the WinMX
client software).
If you operate a secondary type connection you'll probably rarely ever see
entries in the log file. The BadIP blocks are specifically for primary
users (though it has no negative impact against running it on secondary).
hth.
Navigation:
[Reply to this message]
|