Posted by -Angela- on 10/11/05 01:54

On Mon, 10 Oct 2005 19:29:05 -0400, Don Wiss <donwiss@no_spam.com>
wrote:

<snip>
>
>Secondaries only connect to one primary. So the number attached to you is
>the multiplier. If you are seeing S=12, then there are about 12 times the
>number of secondaries as primaries. Last night I was seeing S=18 (and
>P=11). So if we average the two of us then 15 times as many secondaries as
>primaries.
>
>Don <www.donwiss.com> (e-mail link at home page bottom).


Don,

I made a call to someone that offered this in an email.
(or, don't shoot me I'm only the messenger)
Maybe something helpful here? This is all FYI, "take it or leave it"
stuff as that person will not be here to answer questions and I can't
help much when it comes to these things. Comments are of course
encouraged and I will forward them at our next family meeting.


------------------------------------------------------------------------------------
The above statement is incorrect. Secondaries are a count of the
total number of secondaries you are connected to. It is not a ratio.

A system can be connected to many secondaries without being connected
to any other primaries at all, or the WPN (assuming they have, or are
attempting to make a primary connection), but not "Real" secondaries.
"Real" secondaries are sent by the peer cache servers.. but, here the
plot thickens..

The RIAA fake sites (as they get named) do not use the peer cache
servers to connect to primaries in the normal course of their flooding
the network with fakes. They have a previously built database of IP
numbers known to host primary connections and they continually (24-7)
attempt to connect to those primary users until they do. They connect
by being "Imposters" supposedly sent by the peer cache server(s) when
in reality, they just "appear" on the doorstep of primary users to be
connected without ever contacting the peer cache servers in the first
place. Systems running as primary connections cannot tell the
difference from a real secondary, sent by the peer cache server, or a
fake that just showed up. They still "harvest" new primary IP
numbers, adding to their database.

Try this experiment:

Start with WinMX not running, for at least 8 minutes.

Change your "hosts" file to include dead IP numbers, entirely. Dead,
as in not associated to WinMX servers at all.

Remove/rename the ws2_32.dll if you are using it.

Turn off all anti-RIAA protection.

Unshare *all* your files !

Attempt to go online with WinMX as a primary server, you will not
connect... we knew that though..

Watch all the secondary connections fill up, rather quickly too!

Trace-route all your secondary connections (that shouldn't be able to
connect, yet they are there anyway).

See now that they are *ALL* from RIAA flagged sites.

How did they get there?, and what is the "ratio" of primary to
secondary connections now? You have *NOT* connected, yet have 19
secondaries?? (19, maybe less, it varies)
=====================================
Exceptions:

If you do this experiment without waiting at least 8 minutes, the
secondary connections you *were* serving may try to re-connect to you,
as you were their primary and they attempt to re-establish that
connection, or get a new primary. Users that were in your Que will
appear as "UDP" attempts as they check their status with you.
=====================================

If you have a program such as "Netpeeker" you can instantly see every
connection to/from your computer, and do the "whois" on them right
there. You will also see 1-for1 secondary connections, not a ratio
or multiplier.

Let's just say, "They have your number" so be very careful of what you
put up to share. Yes, they can browse your files directly when they
connect if they so desire and put that browse in a database with your
IP number on it.

Best protection?

FIREWALLS! These fake 'sites' connect by TCP, so have your rules in
place to block them. Know your enemy, see with your own eyes that
they are stopped. Use, but "trust" NO program or protection that
won't let you read it's list of 'blocks'.

Block these, and *ANYBODY* that can connect to you before you can
connect to the WPN.
(Do the experiment, 'sniffing' for RIAA-sponsored sites)

212.71.224.0 - 212.71.255.255
213.52.128.0 - 213.52.255.255
213.219.9.192 - 213.219.9.255
216.133.221.198
216.151.128.0 - 216.151.159.255
38.113.214.0 - 38.113.214.255
38.119.64.0 - 38.119.64.255
63.216.0.0 - 63.223.255.255
64.105.76.207
66.134.249.226
72.35.224.0 - 72.35.224.255
81.158.1.0 - 81.158.250.176
82.48.0.0 - 82.63.255.255
88.104.0.0 - 88.111.255.255
88.111.21.0 - 88.111.21.255
204.9.116.0 - 204.9.119.255
204.9.117.0 - 204.9.117.255
204.193.136.48 - 204.193.136.63
204.193.136.96 - 204.193.136.127
209.10.143.64 - 209.10.143.95
209.11.134.0 - 209.11.134.255
209.12.22.0 - 209.12.22.255
209.195.1.0 - 209.195.1.255
209.195.58.0 - 209.195.58.255
64.105.76.207
66.134.249.226

[Back to original message]