Someone is trying to use your client to spam
 

News:

29 December 2022 - PtokaX 0.5.3.0 (20th anniversary edition) released...
11 April 2017 - PtokaX 0.5.2.2 released...
8 April 2015 Anti child and anti pedo pr0n scripts are not allowed anymore on this board!
28 September 2015 - PtokaX 0.5.2.1 for Windows 10 IoT released...
3 September 2015 - PtokaX 0.5.2.1 released...
16 August 2015 - PtokaX 0.5.2.0 released...
1 August 2015 - Crowdfunding for ADC protocol support in PtokaX ended. Clearly nobody want ADC support...
30 June 2015 - PtokaX 0.5.1.0 released...
30 April 2015 Crowdfunding for ADC protocol support in PtokaX
26 April 2015 New support hub!
20 February 2015 - PtokaX 0.5.0.3 released...
13 April 2014 - PtokaX 0.5.0.2 released...
23 March 2014 - PtokaX testing version 0.5.0.1 build 454 is available.
04 March 2014 - PtokaX.org sites were temporary down because of DDOS attacks and issues with hosting service provider.

Main Menu

Someone is trying to use your client to spam

Started by sphinx_spb, 13 May, 2009, 04:33:38

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

sphinx_spb

A user of our hub complains about this message:

" [2009-05-12 20:07] Someone (NMDC Hub: dc.ozerki.net:411) is trying to use your client to spam 87.247.109.100:2501, please urge hub owner to fix this"

But obviosly our hub is set up properly. Is this a bug of Apex1.2.0, or a new kind of Ddos?

As said here: http://dcpp.wordpress.com/2007/05/22/denying-distributed-attacks/#comments
attack is possible client-side, is that true?

PPK

DC++ and his mods in default on startup generate for active port from range 1024 - 32000. This stupid detection reporting users who use port 80 or 2501 (thas was in most cases randomly generated on client startup) as attackers. It is "feature" in StrongDC++ and his mods.
That DC++ blog entry is old, they simply don't understand how that attack is done. They think that someone that is OP on hubs use users on that hubs to attack. But attacker don't need to be OP, he can simply connect to many unsecure hubs and sending $ConnectToMe commands to users with ip and port of target. That is why it is client side, because it is not redirect by hub to another hub (target as they thinks on that blog) but requested client->client connection to target.
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

monster

Hi
How can you stop this happening stop strongdc++ clients comming into your hub?

CrazyGuy

You could block StrongDC++ clients from entering your hub, but an easier way would be to inform people that get that message to change client port to something other than port 80.

PPK

Quote from: CrazyGuy on 20 May, 2009, 13:11:07
but an easier way would be to inform people that get that message to change client port to something other than port 80.
It is not user who get that message who is using port 80 or 2501, it is other user on hub and user who get that message from ip don't know who is that other user who is using port 80 or 2501 ::)
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

CrazyGuy

well yes, but this can be discussed with the hubowner.
I have tested this with FlipFlop (I believe it was him  ;)) a while back and I remember it was possible to get enough information through hubsoft to determine who's the cause

PPK

Yes it is possible to find who it is, that message contains his IP 8)
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

SMF spam blocked by CleanTalk