|
|
Posted by gregfarr on 10/20/05 06:30
On Wed, 19 Oct 2005 21:15:31 -0700, -Angela-
<TarapiaTapioco@jetmail.com> wrote:
>On Wed, 19 Oct 2005 18:26:44 -0700, gregfarr <gregfarr@comcast.net>
>wrote:
>
>>On Wed, 19 Oct 2005 16:39:04 -0700, -Angela-
>><TarapiaTapioco@jetmail.com> wrote:
>>
>>>On Wed, 19 Oct 2005 15:12:28 -0700, gregfarr <gregfarr@comcast.net>
>>>wrote:
>>>
>>>>Just minutes age I was watching winmx at the time, the bottom just
>>>>dropped out of the bandwidth. The Primary's started changing from 6 to
>>>>5 to 3, several of the up loaders with cancelled out, my d/l's went
>>>>from a 100 down to almost nothing. This has happened before, just not
>>>>while I was looking. I'm cable comcast.
>>>>
>>>>Greg
>>>>http://gregsplace.50megs.com
>>>>http://www.picturetrail.com/fugitive1
>>>
>>>Check your bandwidth graph when this is happening. You'll probably
>>>see a huge spike on your outgoing WPN packets. This would indicate
>>>that you are hosting a fake / flooder (secondary) that has sent their
>>>results from someones' search, and you being the priamary they are
>>>served by, your connection just suffered a UDP packet storm that
>>>overwhelmed (killed) your TCP connections.
>>>I keep saying it, and nobody is listening: Do *NOT* trust the patches
>>>and Dll's to protect you from the flooders. You have more than your
>>>TCP connections to loose. Use your own firewall and enter the TCP
>>>blocks I posted before here:
>>>
>>>news:jbj3l1hn4ih1mje1015incs1quo9pbup0r@4ax.com
>>>
>>
>>
>>Ok, good, so that's what that was, someone doing what, why did it go
>>down? So this is dangerous as far as riaa thing goes? Which Firewall,
>>would you recommend, and where do these numbers go? Thanks.
>>
>>Greg
>>http://gregsplace.50megs.com
>>http://www.picturetrail.com/fugitive1
>
>
>Woa, I wish my dad was here.
>I called him, wrote down notes and this is what it is:
>Searches are in UDP form, file transfers and secondary connections to
>primary host are TCP. TCP has error checking and the receiving
>computer sends a type of 'ok' packet back to the sender for more if
>what it just got arrived error-free. (very simple terms here, but you
>get the idea I hope). Searches are sent in UDP 'streams' that have no
>error checking, so they get sent as a burst of data and if it makes
>it- fine, if not, well- too bad. UDP data waits for nobody, it just
>goes and since there is no easy method of throttling UPD, it will
>saturate a connection leaving no bandwidth for TCP transfers. This is
>to say UDP will literally "take over" the connection until the data
>stream is completed. Your TCP connections were totally displaced by
>the UDP stream from a flooder system you were hosting. This caused
>the TCP connections to see no activity and they timed-out (TCP
>couldn't get a word in edgewise). You saw all your downloads and
>uploads go to zero and your connections to other primary and secondary
>users break-off from TCP timeout. If a large search result is
>returned by a flooder, it will also cause your Winmx connection to be
>severed and you'll get the yellow "connecting" indicator again, until
>the UDP "packet storm" (as they are called) is over.
>
>It is only dangerous with the RIAA insofar as you were hosting one of
>their minions that was directly connected to you, as a secondary
>connection. They do have the ability to browse your files when
>connected to you. This makes hosting a flooder system very risky as
>now they know the time, your IP number, and every file you were
>sharing.
>
>Firewalls: Stay away from any Symantic (Norton) firewalls. They are
>one of the most untrustworthy firewalls on the market. A good
>firewall is the Internet Security Systems (ISS) BlackIce firewall.
>www.BlackICE.iss.net
>The numbers I have listed are "rules" your firewall will follow. They
>are added to whatever firewall you decide to use. See the help
>section of your firewall for instructions on how to add a new "rule."
>The IP numbers above are to be added as: Block, TCP, Incomming,
>forever.
>
>About the DLL's and the PiePatch: It's a pie-in-the-sky, don't trust
>them with your legal affairs. They screw up all the time, thus- what
>version are they on now? or, if your were using one of them, why were
>you hosting a flooder as one of your seconday connections??? Didn't
>they say they would block the flooders? I rest my case.
>
>Surf Safe? Better Trade Safe too.
>
>-Angela-
I have a Sygate on hand is that one any good? I've had norton and
problems. Kinda liked AGV anti virus but it's not up right now.
I'm still confussed, how do some of you learn so much about what goes
on behind the curtain? Why do some do this flooding, to what end? TIA
Greg
http://gregsplace.50megs.com
http://www.picturetrail.com/fugitive1
Navigation:
[Reply to this message]
|