MediaForce Madness...

[method]

Well.. I've heard a lot of people saying how DC is becoming infested by assholes from anti-P2P companies lately.. I've got an idea but right now I'm so busy with other projects and double full-time work that I won't be able to do much on this for a few months yet.

We need a client (or even modded hub software) that can log searches. Whenever a user receives a C&D mail, the time and date of the alleged offence could be cross-referenced with the search broadcast log to identify which IPs were looking for that file around the same time... this way we'd get some of the IPs we need to be blocking.

Has anyone made a start on anything like this? or anything to try and identify the anti-P2P IPs?? - EMule could do with something similar too.

[overdo]

sounds gd method. i only use private hubs at the mo which is probably safer than using public hubs. btw as most hubs have limits on amounts sharing - ie 5gig+ etc, do the ppl who search the hubs actually share anything? isn't this therefore illegal as well?

[notbob]

ptokax logs everything

i could see the mediaforce bots using mosearch (but not their exact search queries)

only problem is they use an odd kind of scripting, so there wasn't a lot i could do about it

why not set up a honeypot hub with fake files with all current names (music/movies) and make the IPs harvested from there the new pg ban list

[Psilaxs]

Quote:

Originally posted by notbob
ptokax logs everything

i could see the mediaforce bots using mosearch (but not their exact search queries)

only problem is they use an odd kind of scripting, so there wasn't a lot i could do about it

why not set up a honeypot hub with fake files with all current names (music/movies) and make the IPs harvested from there the new pg ban list

Dear lord, I thought this day would never come, I agree with you notbob

[method]

Good idea!

I've currently got website based anti-p2p-organisation-IP-traps on a few web pages but your idea of a honeypot/trap hub is probably more effective for finding the addresses specifically searching the P2P networks.

I've got an IP database setup for anyone and everyone to use, (not just PG users) - I'll get it to export the list in plain format soon for use with proper commercial firewalls too. Seems ZeroData took the IP list thing the furthest so far. Anyway.. Ima quit babbling.. it's at http://methlab.tech.nu - It needs some vote-spam protection but that's no biggy, i'll have that done tonight.

Cya!

[Dark Messenger]

Quote:

Originally posted by method
Good idea!

I've currently got website based anti-p2p-organisation-IP-traps on a few web pages but your idea of a honeypot/trap hub is probably more effective for finding the addresses specifically searching the P2P networks.

I've got an IP database setup for anyone and everyone to use, (not just PG users) - I'll get it to export the list in plain format soon for use with proper commercial firewalls too. Seems ZeroData took the IP list thing the furthest so far. Anyway.. Ima quit babbling.. it's at http://methlab.tech.nu - It needs some vote-spam protection but that's no biggy, i'll have that done tonight.

Cya!

meth, two things concern me...first liability whomever runs the 'honeypot' so to speak will be held liable for hosting such files...and its bound to attract other 'flies' (regular p2p users) might make it tough to figure out who's who....then again i might be missing something here...
Next i like this "http://methlab.tech.nu/" but 'Organisations/Profiles' for each ip range make it so you can add comments like vbulletin style, whatever so that the people who casts their negative votes can give reason why.
Example under the first ip range in Organisations/Profiles there is:
Riaa 208.225.90.0-208.225.90.255 with 45 'good' votes and 35 'bad' votes.
Maybe people aren't understanding that a vote for 'bad' means that they disagree with the authenticity of that particuliar ip range being associated with that particuliar entity (i.e., the riaa) maybe they are in a George Buschian, Saturday Night Live kind of way thinking 'p2p=good' and riaa=bad and casting votes that way.
Other than that I think its nice but like most things open for exploitation and misuse abuse...someone could easily fudge up your system by posting 'false positives' that block helpful websites such zeropaid, utc, etcetera (hotmail even) or for whatever purposes to cause confusion and chaos to the plan in an effort to prevent file sharers from defending themselves in one of the few ways possible.
Who would want to tarnish your list? People working for the agencies we are trying to keep out...jealous developers of similiar blocking software in order to tarnish the reputation of PeerGuardian, bored people with nothing better to do.
I think a login system would be appropriate.
I like the idea of what you are trying to accomplish with this...sorry for the pessimistic view on it.
Yes i know logging in and ip recording could possibly deter others from posting their ip ranges...look what required logins did for the news section here at zeropaid. :-)
Still one last point..how do we know ip's submitted are valid?
whose checking these things out? How are they being checked out and verified for authenticity and accuracy and not just Bill getting mad at Mike so he posts Mikey's ip up there so no one will share with him since he cut him off on winmx

lol...okay enough.

-DM :black

[notbob]

liability shmiability

they would be fakes, like harry potter.txt, only enough to attract a bots attention--last time i checked you can legally post text files anywhere you want, as long as they don't infringe copyright (a blank txt infringes nothing)

anyone stupid enough to see that on mosearch and go there would have to be the rankest rookie of all time

bots on the other hand will just keep hitting and hitting, making nice lists of IPs for study

[endersgame21]

Quote:

Originally posted by notbob
liability shmiability

they would be fakes, like harry potter.txt, only enough to attract a bots attention--last time i checked you can legally post text files anywhere you want, as long as they don't infringe copyright (a blank txt infringes nothing)

anyone stupid enough to see that on mosearch and go there would have to be the rankest rookie of all time

bots on the other hand will just keep hitting and hitting, making nice lists of IPs for study

Notbob is 100% correct. It is pretty much only going to get hits from bots and it is going to get a lot of hits from bots. I can't see any reason why it would get more than a few if any hits from any person.

Quote:

Originally posted by Psilaxs
Dear lord, I thought this day would never come, I agree with you notbob

My sentiments exactly.:shy

[Dark Messenger]

ehrm....one last time to try and educate the publik until the next 'last time' and oh yes i intentionally spelled 'publik' wrong.

okay. notbod, evileweller, u don't need proof of anything under the dmca to cause someone to lose access...all someone has to do is contact the isp with a complaint...and yea all ya records and shit can get handed over for inspection...just from the 'thought' that you MiGhT be sharing something copyrighted.
but whatever
go for it notbod...what's the ip addy of ur dc hub?

shall wwe test the theoriy?

[notbob]

maybe i'll call it "botheaven.no-ip.org" or "fakesforbots.no-ip.com"

obvious to users, but all a bot sees is an IP

[Krell]

I would be willing to help with the study part.

I can compare those IPs to any that I have logged as a sharer, and \ or test the app.

Quote:

why not set up a honeypot hub with fake files with all current names (music/movies) and make the IPs harvested

I could run a P2P app with nothing but the fakes for testing.

[Dark Messenger]

sorry notbob...i was in a bad mood when i posted earlier...your idea holds much merits and i now understand it a little more clearly.

@krell you ever tried the xs program by meth? you can host a hub with that. i invite u and notbob to run one or try out the client sometime.

edited to add

hehe at this:

Quote:

maybe i'll call it "botheaven.no-ip.org" or "fakesforbots.no-ip.com"

obvious to users, but all a bot sees is an IP

[Krell]

Honestly, I had though about it, till notbob stated why he was taking his down. I ALREADY move so much stuff on my connection, I just dont want additional attention from my ISP.

[method]

Dark Messenger... Sorry dewd but an XS hub wouldn't attract attention of MF, Ranger, RIAA, etc. they've probably never even heard of it.

If I get an extra connection in the next 2-3 months (I'm planning on getting DSL alongside my cable), I'll use that to run a DC hub trap.. but one that's obvious to users and not to bots.

[Isakill]

I tried this even had a few op buddies with ACTUAL LOTR and at least 50 gigs of files and movies. I didn't get not 1 real hit so I gave up. (this was during the DCspam incident)
The Idea is still sound and I would like to hear the progress of your exploits.
also My home network (UDG/asgard) would most likely love to hear about this, so I'll pass it on.