[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Mldonkey-users] Someone keeps flooding me with shitty "servers"
|
From: |
crazee_canuck |
|
Subject: |
Re: [Mldonkey-users] Someone keeps flooding me with shitty "servers" |
|
Date: |
Sun, 29 Dec 2002 07:55:51 -0500 |
Sunday, December 29, 2002, 6:51:42 AM, Roland wrote:
Hello,
I don't think that I have anything that's all that helpful to add to this, but
I'm
throwing in my $0.02 and analysis.
RA> I have 2 Problems regarding servers:
RA> compute_md4_delay is 5
RA> max_connected_servers is 2
RA> version 2.02-0
Same as me, except I have compute_md4_delay set to 10, as I have a
slow 5400RPM hard drive that mld is saving files to...
I also have Pango's latest patches applied as well.
RA> I'm deleting my servers.ini* every time I start mldonkey.
Same here.
RA> At startup (while hashing), mldonkey connects to *ALL* servers on my
RA> list (we remember, the list is clean and I did a servers server.met,
RA> so all timestamps are zero (?))
RA> For some time I'm connected to 5 servers (all with LOW-ID
RA> because mldonkey wasn't fast enough in its reply (because of hashing).
RA> Please fix this. I'm messing with the servers and I can't stop it.
That is bizarre...I have never seen anything remotely close to that
happening...
RA> And, even with a clean serverlist I'm receiving very very strange
RA> servers (server propagation?):
RA> I posted a message to the list some time ago, but nobody replied.
RA> Nearly my whole serverlist consists of port 4662-servers (which are
RA> all dead, but I keep receiving them like hell. Is there are problem
RA> with client<->server propagation? Or is someone flooding us?
RA> Here, another snapshot (the complete serverlist is 1 minute old)
{snipped lists of servers}
Once again, I have not seen anything like that, especially after one
minute!
According to my client_stats, mld has been running now for:
Uptime: 6882 seconds (0+01:54)
I have 379 servers in my list, with 141 servers on port 4662.
Here's the output from sorting just the servers and port numbers
reported by mldonkey's vma command. I'm posting it here in the hopes
that it may be useful to solve this possible problem:
-----------------------
$ ./mldonkey_command vma |cut -d']' -f2 |cut -d' ' -f2 |sort |fgrep ':'
12.103.230.13:4662
128.164.159.94:4662
139.133.200.186:23223
141.44.198.26:4662
141.99.131.134:55201
142.177.241.252:4662
151.38.15.228:61046
151.38.15.228:61230
151.38.15.228:62011
151.38.15.228:64444
151.38.15.228:64838
158.42.50.65:2500
161.53.71.194:4662
192.117.106.137:4662
192.76.245.30:4662
193.111.198.139:4242
193.136.66.245:1080
193.189.174.251:4662
193.226.52.146:8662
193.230.129.57:4662
193.253.33.2:45742
193.253.33.2:48624
193.253.33.2:53166
193.54.76.161:4662
193.77.106.144:64790
193.77.106.144:64890
193.77.156.204:4662
193.77.233.140:4662
193.77.8.55:4662
194.102.90.206:4662
194.44.80.214:4662
195.122.27.32:4662
195.158.146.72:4661
195.208.49.170:5662
195.250.168.22:4662
195.37.49.7:4662
195.57.80.169:60031
195.57.80.169:60099
195.57.80.169:60135
195.57.80.169:60213
195.57.80.169:60374
195.57.80.169:60685
195.57.80.169:61074
195.57.80.169:61526
195.57.80.169:61801
195.71.123.76:4662
200.153.134.198:10323
200.153.134.198:10338
200.153.134.198:10382
200.153.134.198:10422
200.153.134.198:10442
200.153.134.198:10490
200.153.134.198:10515
200.153.134.198:11402
200.153.134.198:11724
200.153.134.198:12086
200.153.134.198:12535
200.153.134.198:12565
200.153.134.198:12674
200.153.134.198:12855
200.153.134.198:16913
200.153.134.198:16931
200.153.134.198:17009
200.153.134.198:17190
200.153.134.198:17839
200.153.134.198:18088
200.153.134.198:18181
200.153.134.198:18341
200.153.134.198:18354
200.153.134.198:18361
200.153.134.198:18375
200.153.134.198:18416
200.153.134.198:18510
200.153.134.198:18511
200.153.134.198:18610
200.153.134.198:4662
200.196.36.61:4662
200.204.107.67:4662
200.42.37.154:4662
200.63.75.189:4662
200.80.38.34:4662
202.156.128.195:3662
202.79.122.148:4662
210.8.44.26:4662
211.202.3.102:3388
211.243.204.141:5220
212.106.138.238:4662
212.116.149.195:4662
212.144.194.43:4662
212.146.48.63:30000
212.160.139.49:4662
212.185.222.99:4662
212.202.176.198:22222
212.202.202.195:4662
212.202.202.216:4662
212.42.67.78:4662
212.51.58.114:4662
212.55.141.17:4662
212.62.80.224:63706
212.62.80.224:64608
212.62.84.176:62880
212.62.84.176:63151
212.62.86.158:61309
212.69.76.26:4662
212.7.38.254:4662
212.75.108.237:4662
213.140.17.151:4662
213.154.136.141:4662
213.157.1.176:4662
213.199.68.23:62142
213.199.68.23:64479
213.200.17.170:4662
213.22.108.32:16172
213.22.108.32:23133
213.22.108.32:4662
213.25.174.65:4662
213.25.249.50:4662
213.37.36.206:4662
213.39.192.8:50692
213.45.70.243:4662
213.46.20.156:4772
213.77.149.113:1020
213.77.149.113:4662
213.96.13.162:60472
213.96.13.162:60613
213.96.13.162:60665
213.96.13.162:61024
213.96.13.162:61148
213.96.13.162:61287
213.96.13.162:61373
213.96.13.162:61455
213.96.13.162:61608
213.96.13.162:61714
213.96.13.162:61825
213.96.13.162:61982
213.96.149.240:4662
213.97.247.124:4662
213.98.16.183:4662
216.127.64.31:4661
216.127.86.91:4661
216.40.245.33:4661
217.116.227.50:4662
217.127.143.109:60840
217.128.57.197:10092
217.128.63.61:4661
217.136.33.184:4662
217.157.177.25:4662
217.162.183.84:4662
217.1.73.110:4662
217.186.131.86:4662
217.215.149.49:4662
217.215.28.153:4662
217.225.220.59:4662
217.225.233.71:4662
217.226.101.167:4662
217.226.147.181:4662
217.226.203.210:4662
217.226.244.154:4662
217.227.104.21:1022
217.227.104.21:4662
217.227.211.152:61264
217.227.211.152:61336
217.227.211.152:62236
217.227.211.152:62893
217.227.211.152:62949
217.227.232.114:4662
217.227.67.43:4661
217.227.79.216:4662
217.227.85.138:4662
217.228.154.184:61750
217.228.154.184:62408
217.228.154.184:62725
217.229.141.203:4662
217.229.195.124:4661
217.229.91.124:4662
217.230.111.158:4662
217.230.210.122:61296
217.230.210.122:61829
217.230.210.122:62473
217.230.210.122:62834
217.230.210.122:63930
217.230.210.122:64291
217.230.210.122:64685
217.230.66.237:4662
217.232.40.20:4662
217.236.118.241:1021
217.5.92.203:4662
217.80.107.32:4662
217.80.250.145:4661
217.80.64.149:61492
217.80.64.149:61735
217.81.219.223:4662
217.81.65.128:4662
217.83.181.56:4662
217.85.100.37:4661
217.85.170.101:6662
217.85.173.115:6662
217.85.195.98:4662
217.85.227.131:4661
217.85.251.121:63778
217.86.27.217:4661
217.88.171.81:4662
217.88.204.228:4662
217.97.213.19:4662
24.112.7.23:4662
24.150.87.36:4662
24.156.126.204:60282
24.206.87.30:4662
24.247.204.76:2018
24.247.204.76:2368
24.247.204.76:2824
24.58.67.2:4662
24.66.130.116:4682
3.1.0.33:4665
3.1.0.33:9665
62.143.29.18:4662
62.20.141.225:4662
62.212.119.139:4662
62.225.225.146:4662
62.225.225.78:4662
62.233.188.108:4662
62.242.19.54:4662
62.42.202.235:4662
62.4.22.139:4662
62.46.63.84:4662
62.56.174.144:4662
62.57.85.52:4662
64.194.107.133:4662
64.252.40.214:4662
65.27.77.134:37583
65.38.9.25:4662
66.111.46.180:4669
66.111.54.150:10000
66.111.54.190:4224
66.122.240.121:4662
68.18.179.71:4662
68.35.152.50:61542
68.35.152.50:61790
68.35.152.50:62535
68.35.152.50:63738
68.98.118.201:10204
68.98.118.201:20184
68.98.118.201:23429
68.98.118.201:23434
68.98.118.201:44444
80.128.237.239:4662
80.128.250.14:4662
80.128.29.8:4662
80.129.109.243:4662
80.129.189.181:4662
80.129.30.164:4662
80.130.223.216:4678
80.130.25.35:4662
80.131.48.57:4661
80.132.24.45:4662
80.134.111.28:4662
80.134.48.69:4661
80.135.18.172:4661
80.135.235.169:4662
80.136.155.153:4662
80.136.24.251:4662
80.136.24.43:4662
80.136.58.235:4662
80.136.9.216:4662
80.137.138.32:4661
80.14.103.177:4662
80.14.105.189:4662
80.141.127.1:4662
80.142.49.181:4662
80.14.25.173:3000
80.143.100.160:4662
80.143.116.59:61500
80.143.116.59:62070
80.143.116.59:62269
80.143.116.59:62549
80.143.116.59:62588
80.143.116.59:62822
80.143.116.59:63138
80.143.116.59:63270
80.143.116.59:64760
80.143.12.113:50288
80.143.12.113:51591
80.143.12.113:52365
80.143.12.113:52977
80.143.12.113:53699
80.143.12.113:54948
80.143.12.113:55019
80.143.12.113:55856
80.143.12.113:56515
80.143.12.113:57595
80.143.12.113:57745
80.143.12.113:58116
80.143.12.113:58829
80.143.12.113:59540
80.143.12.113:59966
80.143.12.113:60132
80.143.12.113:61229
80.143.12.113:61372
80.143.12.113:62446
80.143.12.113:63815
80.143.12.113:65229
80.143.12.113:65425
80.143.223.134:4661
80.143.45.95:50035
80.143.45.95:50743
80.143.45.95:51467
80.143.45.95:51707
80.143.45.95:51799
80.143.45.95:52157
80.143.45.95:52951
80.143.45.95:53181
80.143.45.95:53287
80.143.45.95:53379
80.143.45.95:55754
80.143.45.95:55850
80.143.45.95:56901
80.143.45.95:58097
80.143.45.95:58288
80.143.45.95:58919
80.143.45.95:59325
80.143.45.95:59726
80.143.45.95:59837
80.143.45.95:60273
80.143.45.95:60444
80.143.45.95:60515
80.143.45.95:60541
80.143.45.95:60567
80.143.45.95:62241
80.143.45.95:63058
80.143.45.95:63177
80.143.45.95:63650
80.143.45.95:64486
80.143.45.95:64635
80.143.45.95:64721
80.143.45.95:64821
80.143.77.131:4662
80.143.87.197:61068
80.143.87.197:61663
80.143.87.197:62171
80.143.87.197:62191
80.143.87.197:63661
80.143.87.197:63970
80.143.87.197:64365
80.196.133.153:4662
80.197.62.174:4662
80.198.26.93:4662
80.200.129.33:4662
80.202.84.11:18613
80.212.8.27:63380
80.212.8.27:63785
80.212.8.27:64428
80.222.68.194:4662
80.224.158.11:50058
80.224.158.11:50102
80.224.158.11:50118
80.224.158.11:50211
80.224.214.145:4662
80.224.250.44:50032
80.224.250.44:50082
80.224.250.44:50177
80.228.64.211:4662
80.24.59.82:4662
80.32.232.73:4662
80.36.203.158:61090
80.36.203.158:61326
80.36.203.158:62082
80.36.203.158:63480
80.36.203.158:64756
80.36.203.158:64883
80.36.203.158:64930
80.37.230.182:4662
80.56.148.223:4662
80.60.49.144:13400
80.60.49.144:14624
80.60.49.144:65216
80.65.224.254:4662
80.8.5.13:4662
81.64.242.209:4662
81.89.224.243:61406
-----------------------
So...I notice serveral IPs that have multiple port numbers, but
nothing as extreme as you have. For the heck of it, I tried a random
IP from that list with the multiple ports.
Running nmap on it, examining those ports' accessibility with UDP:
-----------------------
nmap -sU 80.36.203.158 -p 61090,61326,62082,63480,64756,64883,64930 -P0
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on 158.Red-80-36-203.pooles.rima-tde.net (80.36.203.158):
Port State Service
61090/udp open unknown
61326/udp open unknown
62082/udp open unknown
63480/udp open unknown
64756/udp open unknown
64883/udp open unknown
64930/udp open unknown
Nmap run completed -- 1 IP address (1 host up) scanned in 13 seconds
-----------------------
Checking this host with TCP:
nmap -sT 80.36.203.158 -p 61090,61326,62082,63480,64756,64883,64930 -P0
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on 158.Red-80-36-203.pooles.rima-tde.net (80.36.203.158):
Port State Service
61090/tcp filtered unknown
61326/tcp filtered unknown
62082/tcp filtered unknown
63480/tcp filtered unknown
64756/tcp filtered unknown
64883/tcp filtered unknown
64930/tcp filtered unknown
Nmap run completed -- 1 IP address (1 host up) scanned in 36 seconds
-----------------------
So...what does that mean? There's some service of some sort running
here, but WTF is it? I highly doubt there'd be one host running
multiple eDonkey servers on it.
RA> Is there perhaps a new bug, who adds/sends clients with the server
RA> propagation?
I'd say it's possible, although the only other instance of this that I
know of is from your previous e-mail to the group about this...
RA> Is there a way to port-blacklist 4662 servers without affecting the
RA> clients I'm connecting to?
Just now tried adding port 4662 to the server blacklist...waiting to
see what that possibly does...
RA> Is there a way to blacklist IPs who appear more than 2 times with the
RA> same IP but another port on the server list?
That I think would be a great idea, if it could be implemented
correctly...
RA> And please: Someone reply.
Doing so, but don't know how much of a help this will be...
RA> -roland
-Ed