|
|
Posted by -Angela- on 10/20/05 04:15
On Wed, 19 Oct 2005 18:26:44 -0700, gregfarr <gregfarr@comcast.net>
wrote:
>On Wed, 19 Oct 2005 16:39:04 -0700, -Angela-
><TarapiaTapioco@jetmail.com> wrote:
>
>>On Wed, 19 Oct 2005 15:12:28 -0700, gregfarr <gregfarr@comcast.net>
>>wrote:
>>
>>>Just minutes age I was watching winmx at the time, the bottom just
>>>dropped out of the bandwidth. The Primary's started changing from 6 to
>>>5 to 3, several of the up loaders with cancelled out, my d/l's went
>>>from a 100 down to almost nothing. This has happened before, just not
>>>while I was looking. I'm cable comcast.
>>>
>>>Greg
>>>http://gregsplace.50megs.com
>>>http://www.picturetrail.com/fugitive1
>>
>>Check your bandwidth graph when this is happening. You'll probably
>>see a huge spike on your outgoing WPN packets. This would indicate
>>that you are hosting a fake / flooder (secondary) that has sent their
>>results from someones' search, and you being the priamary they are
>>served by, your connection just suffered a UDP packet storm that
>>overwhelmed (killed) your TCP connections.
>>I keep saying it, and nobody is listening: Do *NOT* trust the patches
>>and Dll's to protect you from the flooders. You have more than your
>>TCP connections to loose. Use your own firewall and enter the TCP
>>blocks I posted before here:
>>
>>news:jbj3l1hn4ih1mje1015incs1quo9pbup0r@4ax.com
>>
>
>
>Ok, good, so that's what that was, someone doing what, why did it go
>down? So this is dangerous as far as riaa thing goes? Which Firewall,
>would you recommend, and where do these numbers go? Thanks.
>
>Greg
>http://gregsplace.50megs.com
>http://www.picturetrail.com/fugitive1
Woa, I wish my dad was here.
I called him, wrote down notes and this is what it is:
Searches are in UDP form, file transfers and secondary connections to
primary host are TCP. TCP has error checking and the receiving
computer sends a type of 'ok' packet back to the sender for more if
what it just got arrived error-free. (very simple terms here, but you
get the idea I hope). Searches are sent in UDP 'streams' that have no
error checking, so they get sent as a burst of data and if it makes
it- fine, if not, well- too bad. UDP data waits for nobody, it just
goes and since there is no easy method of throttling UPD, it will
saturate a connection leaving no bandwidth for TCP transfers. This is
to say UDP will literally "take over" the connection until the data
stream is completed. Your TCP connections were totally displaced by
the UDP stream from a flooder system you were hosting. This caused
the TCP connections to see no activity and they timed-out (TCP
couldn't get a word in edgewise). You saw all your downloads and
uploads go to zero and your connections to other primary and secondary
users break-off from TCP timeout. If a large search result is
returned by a flooder, it will also cause your Winmx connection to be
severed and you'll get the yellow "connecting" indicator again, until
the UDP "packet storm" (as they are called) is over.
It is only dangerous with the RIAA insofar as you were hosting one of
their minions that was directly connected to you, as a secondary
connection. They do have the ability to browse your files when
connected to you. This makes hosting a flooder system very risky as
now they know the time, your IP number, and every file you were
sharing.
Firewalls: Stay away from any Symantic (Norton) firewalls. They are
one of the most untrustworthy firewalls on the market. A good
firewall is the Internet Security Systems (ISS) BlackIce firewall.
www.BlackICE.iss.net
The numbers I have listed are "rules" your firewall will follow. They
are added to whatever firewall you decide to use. See the help
section of your firewall for instructions on how to add a new "rule."
The IP numbers above are to be added as: Block, TCP, Incomming,
forever.
About the DLL's and the PiePatch: It's a pie-in-the-sky, don't trust
them with your legal affairs. They screw up all the time, thus- what
version are they on now? or, if your were using one of them, why were
you hosting a flooder as one of your seconday connections??? Didn't
they say they would block the flooders? I rest my case.
Surf Safe? Better Trade Safe too.
-Angela-
[Back to original message]
|