Posted by FinnTroll on 09/26/05 23:30

"db" <@ .> skrev i meddelandet
news:43385b4a$0$73599$ed2619ec@ptn-nntp-reader03.plus.net...
>
>><snip>... I understand an IP is being blocked if it can be found in the BendMX
>>but what makes it "bad" and be rewarded a place in the "hall of shame", so to
>>speak?
>
> Hmm, it's a pretty complicated thing to answer. Basically, the IP addresses
> contained in the bendmx.dat file are addresses of computers owned by companies
> employed by media companies to do whatever they can get away with to disrupt the
> WinMX peer network. Most of the addresses are computers that exploit the WinMX
> client by acting as secondaries which connect into primary users on the WinMX
> peer network, upload a a load of fake files names to the primary, and then
> basically sit on the primary connection doing nothing. When a user initiates a
> search in their WinMX client the search query gets broadcast around primary
> operators on the network; those primaries receive the search queries and respond
> with any matches they have stored. Thing to remember here is that primary users
> store a list of all files shared by the primary user themself, and more
> importantly, they store lists of all files shared by secondary users that
> connect into the primary (primaries host secondary users). So what happens is
> that, because the media companies run secondary clients that hook into
> primaries, the primaries end up housing huge lists of fake files (actually the
> files don't usually exist so it's just fake information) so that whenever a user
> on the WinMX peer network runs a search for a file they're trying to protect,
> such as "britney", the primaries respond with tons of fake results to the
> initiator of the query (the user that searched).

hmm .... so if I understood all this, you mean that the fakers are those hiding
among the searches showing all red ... like saying "11 in queue (0 of 1 available)
or is it that they hide within those green marks that says like 30 of 30 available
users and when you click on the <+> sign all of the sudden it's red light all
over, or is there another way to spot them, other than by trying to download from
them, I mean?

> Anyway, to cut what would probably otherwise be a ridiculously complicated
> answer, short, the 'BadIP' entries are addresses that host media company
> 'anti-p2p' computers that have been postitively identified as being what they
> are.
>
> There's a lot more detail but I won't go into it unless you really want
> (assuming I could even answer the question). ;P

ok ... I get the general idea here and I am interested. Thank you for telling me,
I would like it if you wanted to tell more, but I figure I should aquaint myself a
little further with WinMX before I start acting like the "fake hunter". like I
said I am a newbie around here.

> As an additional note, some of the BadIP entries are not 'fakers', or haven't
> been seen operating as fakers, but run other tasks such as continuously running
> searches for artists/filenames in, I imagine, an attempt to drown the network in
> search queries and/or attempt to disrupt the user's primary connection to which
> it is attached (difficult to say what exactly their game is).
>
>> I have been running WinMX now for a couple of hours ... no d/l, but a mere
>> couple in the beginning to check things. Since then I have been watching the
>> transfers window, trying to figure out what makes some u/l'ers never be
>> connected, while others are being que'ed. While watching the u/l speed I notice
>> that it doesn't matter much what type of connection speed they have ... speed
>> ranges between 2,5K/s to around 30K/s. It makes me wonder if there's something
>> I missed in the settings. I would expect a higher rate since I am on a 7/1 DSL
>> and I have set the Queing to allow 4/2 at once.
>
> I could do with knowing whether you're running a primary or secondary connection
> here (and any other details like firewall type, router, etc) if you're having
> problems transferring files. Generally you can't gauge the capability of a
> user's connection based on what connection type is reported at all (56K, DSL,
> T1, etc).

I run as a primary...
firewall software is actually WinXP SP2's own, where I have only opened up the
necessary tasks needed to share files. Otherwise there's only the routers "built
in" firewall. I have set it to not respond to internet calls, other than those
ports needed to connect to ex.number of P2P software that I use. For the moment
there are three, DC++, Shareaza and also WinMX, but they're not running at the
same time, nor from the same computer.

The router, NetGear WGT624, hosts a intranet of total nine computers + one
Mediaplayer, a D-Link DMS320, that are connected via two 10/100 switches - minus
one computer that is connected wireless.
My connection, as I said earlier, are DSL 7/1 using a D-Link DSL300-T for the
internet connection. The regular down/up link stays around 6,8Mbps/0,8Mbps, while
through the intranet there's no problems transfering files at 108Mbps,
wire/wireless.

Now, the numbers of computers are the real reason for my choice of broadband
connection. I figured I would need a little more than 128K ISDN, so to speak,
since there's also my kids using their computers to share stuff among their
friends.

Yeah well ... end of braggin' ... I use the standard ports on WinMX... 6699/TCP
and 6257/UDP, and not using a proxy ... bandwith settings are set to 9Kb/s out and
13,5Kb/s in ... If I chose the default 7Kb/s - 10,5Kb/s doesn't change much ... as
I am typing I have three u/l, one T1 at a speed of appr. 4,5K/s and two DSL on
25-30K/s... which sounds a bit odd considering the type of connection

btw ... on the case of "timeouts" ... it seems that there's only timeouts on those
who searches me for my "Creed" videos .. for the moment I only share different
types of music videos (mpg/avi) ... no mp3's or DVD's ... I wonder, are those
"timeouts" what you meant in the paragraph above talking about fakers?

> You'll see the BadIPs attempting to connect very frequently as they repeatedly
> attempt to connect into any primary user advertising the capacity to host
> secondary users (this is automatically controlled by the WinMX client software).
>
> If you operate a secondary type connection you'll probably rarely ever see
> entries in the log file. The BadIP blocks are specifically for primary users
> (though it has no negative impact against running it on secondary).

Ahhh... yeah, I see ... so generally speaking it would be better to connect as a
secondary and avoid the BadIPs, but doing it one would loose in connectivity and
risc being cast out by the ones running as primary users ... kinda smart if you
think about it? Creating distrust and defensive actions among the sharers and thus
slowly but surely "choke" the network...

[Back to original message]