www.dead-donkey.com
https://forum.dead-donkey.com/

Help with a test - ipfilter.dat
https://forum.dead-donkey.com/viewtopic.php?f=1&t=5576		 Page 1 of 1
Author:  karstmobile [ Sat Sep 11, 2004 12:37 am ]
Post subject:  Help with a test - ipfilter.dat
Since adding a few ranges specifically to combat fake MLDonkeys, all I get is block after block in my log. Even though I have long since finished the targeted files. Thousands and thousands, over and over.

Just wondering if it would happen to any user with those ranges or just me. Anybody care to add the following to their ipfilter.dat and report if they get hit every few secs or at all?

Code:
038.000.000.000 - 038.255.255.255 , 000 , fake mldonkey (Performance Systems)
062.000.000.000 - 062.255.255.255 , 000 , fake mldonkey (RIPE Network, NL)
063.240.000.000 - 063.242.255.255 , 000 , fake mldonkey (CERFnet)
065.019.128.000 - 065.019.191.255 , 000 , fake mldonkey (Hurricane Electric)
066.036.224.000 - 066.036.255.255 , 000 , fake mldonkey (HopOne Int. Corp, DC)
066.054.064.000 - 066.054.111.255 , 000 , fake mldonkey (NHI Networks, LA)
066.117.000.000 - 066.117.031.255 , 000 , fake mldonkey (New Horizon Coll, LA)
067.015.000.000 - 067.015.111.255 , 000 , fake mldoneky (Everyones Internet Inc., TX)
194.000.000.000 - 194.255.255.255 , 000 , fake mldonkey (RIPE Network, NL)
198.087.000.000 - 198.088.255.255 , 000 , fake mldonkey (Verio Inc., CO)
207.234.128.000 - 207.234.225.255 , 000 , fake mldonkey (CyberGate Inc., FL)
209.133.000.000 - 209.133.127.255 , 000 , fake mldonkey (Abovenet Inc., NY)
Author:  spudthedestroyer [ Sat Sep 11, 2004 2:15 am ]
Post subject: 
its your first two!!!!
Quote:
038.000.000.000 - 038.255.255.255 , 000 , fake mldonkey (Performance Systems)
062.000.000.000 - 062.255.255.255 , 000 , fake mldonkey (RIPE Network, NL)


Block absolutely f*cking loads of ips, what have you got against the netherlands :lol:

62.0.0.0 - 62.255.255.255 is a huge range, RIPE, NL means that its blocking an entire service to the netherlands.

38.0.0.0 - 38.255.255.255 is another huge range, whoever they are have a lot of ips, over 1.5million to be exact :lol:

Please people, use your brains when blocking ips, don't just copy and paste some crap you've read on some board. I can remember copying and pasting an emule block, but I sure as hell don't have those first two in their ;)

You can see that the first two entries alone block
255x255x255= 1,6581,375 ips x 2 = 3,3162,750 ips in total. What kind of a company has 1.5milion ip addresses? ;)

pick an ip at random in one of those range and whois, I just did three and all are residential isps.
Author:  karstmobile [ Sat Sep 11, 2004 3:50 am ]
Post subject: 
Yeah. I figured as much. Believe it or not, but those were not just copied and pasted. It's the first two that finally got rid of all the MLDonkey's. Not surprising because of the wide range. A narrower one would be better. But hell, couldn't find out the damn ip's of the ones causing the problems. Anything to stop the corruption. Get some fake MLDonkey's on your ass and you'd be doing whatever it took too.

I'll remove the first two. Thanks for the help spud.

Anybody know a way to get an ip from userhash? The old tool doesn't work.
Author:  wargand [ Sat Sep 11, 2004 6:06 am ]
Post subject: 
Try 0.0.0.0 - 255.255.255.255 and I promise you that you will never have to worry about fake MLDonkeys again. :D
Author:  karstmobile [ Sat Sep 11, 2004 7:38 am ]
Post subject: 
Thanks wargand. I'll put it in my ipfilter.dat right away.
Code:
000.000.000.000 - 255.255.255.255 , 000 , fake mldonkey (Planet Earth)

:beerchug:




:lol:
Author:  spudthedestroyer [ Sat Sep 11, 2004 6:45 pm ]
Post subject: 
I'm surprised you aren't blocking it already, reading around you have far, far too much on your blocklist. IMO you really need to remove everything and start again ;)
Author:  Netsplite [ Sun Sep 12, 2004 7:25 pm ]
Post subject: 
If you read this topic at the emule forums:

http://forum.emule-project.net/index.ph ... opic=19247

You will see only verified ips there and we are blocking alot of bad people(anti-piracy, leecher/hackers etc..), if you want to report ips there you can and they will be verified by the team there :)
Btw Rick164 is my nick at the emule forums ;)
This ipfilter is also included by default in the latest emule+ version(auto-updated), and the mirror is on a 100 mbit server :-o
Author:  wargand [ Sun Sep 12, 2004 7:36 pm ]
Post subject: 
Netsplite wrote:
we are blocking alot of bad people(anti-piracy, leecher/hackers etc..), if you want to report ips there you can and they will be verified by the team there

Oh really? How do you do this? You find a leecher on a dynamic BT address and put the whole BT block in it? Hey, better block thousands wrongly than let go one leecher free.
Author:  spudthedestroyer [ Sun Sep 12, 2004 8:02 pm ]
Post subject: 
its the whole death penalty argument, let how many guilty go free to save an innocent man? :)

The only good thing is you compromise your own connection more, since your block works both ways.

If your verifiying everysingle ip I guess its not so bad, but who volunteered to check those 1.5million ips blocked in the first mldonkey block posted here?
Author:  Netsplite [ Sun Sep 12, 2004 9:00 pm ]
Post subject: 
Yeah it's not like they are blocking that kinda wide ranges, but it uses ip ranges(from know lists) that are also used in alot of apps like peerguardian.
They are blocking some hackers/leechers(not every small time one) but that is just a small percentage of the list most of them are anti-piracy/anti-privacy company's.
Dunno how they do the verifying, but they do check alot of ranges every time.
Btw blocking those wide ranges only makes everything slower, and as far as i recall emule and emule+ added some protection againts those mldonkey clients that were sending corrupted blocks all the time.
Not really the expert on this (only host the files), Meuh6879 at the emule forums knows alot more on this then i do.

/edit: edited
Author:  d0c [ Sun Sep 12, 2004 10:22 pm ]
Post subject: 
wargand wrote:
Netsplite wrote:
we are blocking alot of bad people(anti-piracy, leecher/hackers etc..), if you want to report ips there you can and they will be verified by the team there

Oh really? How do you do this? You find a leecher on a dynamic BT address and put the whole BT block in it? Hey, better block thousands wrongly than let go one leecher free.


hell yeah get them damn leecher!!! they are troublemakers!!
Author:  spudthedestroyer [ Sun Sep 12, 2004 11:11 pm ]
Post subject: 
Quote:
Dunno how they do the verifying, but they do check alot of ranges every time.


/me shows netsy a little secret

Code:
219.106.224.000-219.106.255.255,000, PGUP(18/12/03) SONY corp


lets say, 219.106.224.123 perhaps:
Image
Image

As you can see, master of disguise :lol: Problem is the blocklists from peerguardian block too much, even legitimate addresses.

But for residential blocks, I think its just educated guesses, since they will have idea of dynamic or what resides there.
Author:  Netsplite [ Mon Sep 13, 2004 1:42 pm ]
Post subject: 
Looks easy enough :wacky: , but still ipfilters are only for the ppl who need more security and don't care that a couple of sources are blocked in the emule queue.
It's not like it's foolproof but at least it's not open to everyone anymore ;) , most company's can still do traces(etc..) from other dynamic/static ips that aren't listed.
Author:  TaKYoN [ Mon Sep 13, 2004 2:13 pm ]
Post subject: 
What app is that Spud?
Author:  Netsplite [ Mon Sep 13, 2004 10:05 pm ]
Post subject: 
TaKYoNtheKoRRuPTeD wrote:
What app is that Spud?


Not spud but it think it's called neotrace, there homepage redirects to mcafee though ( :lol: ).
Did use this program some time ago but lost it after a reformat.
Author:  spudthedestroyer [ Tue Sep 14, 2004 2:20 am ]
Post subject: 
nope, its visual route. A java app.

Unverified:
ed2k: Visual.Route.8.0b_+patch.rar  [4.63 Mb] [Stats]
Page 1 of 1 All times are UTC [ DST ]
What's blood for, if not for shedding?