This page is also available in:

WinMX Fake File Flooding - How it damages the WPN



About the WPN
The WPN is made up of a simple two tier system, the lower speed nodes/users are called Secondaries and more powerful
connections that are able to carry the network traffic for the Secondaries are called Primaries, you must be at least on Cable to become a Primary.

Here is a picture that demonstrates the basic system visually.



From the basic idea you can expand the network to a much larger size but the rules are much the same whatever the size.




How does the file exchange work for secondaries ?
As you can see the Secondaries do not interact directly with each other and as they join a Primary they will upload a list of shared files they have that the
Primary will store on their behalf to minimize traffic, the actual files are still held by the Secondary only a list is uploaded.

Heres a Sniffer screenshot showing this process  



The Primary will now answer any requests for a file stored either locally or for any of the conected Secondaries by answering a search request with a
UDP packet specifying the details held, this then is the flooders way to enter the WPN and disrupt it.
The technical term they use is "interdiction".

How do the the flooders cause so much damage ?
Let's take a look now at how the flooders join the network and how they are able to poison search results.

A simple visual overview.



Xnetstat program showing real activity on a host file.



What happens after they are connected to a Primary ?
As you can see they join as normal WinMX clients and upload a fake list of files to the Primary, its common for an unprotected Primary to host at least 10 flooders or more.
Heres a picture showing a sample of the thousands of fake listings each one can make
( Secondaries have a file limit of 3000 files and primaries 5000 ).



So far we have seen how the uploading of fake listing is merely an annoyance to those seeking copyrighted files and if this was so it would be of no concern to us,
unfortunately we are dealing with companies who are not just protecting copyright but are taking active steps to destroy the network by various means,
so action is required to halt their progress and protect the network.

What is the problem with companies flooding the WPN to protect copyright?
The main complaint against these companies ( besides stealing bandwidth ) is that if a user types in a search term that is in the uploaded fake files lists,
all of the Primary Nodes that contain the fake listing will reply with the fake data and on a large network such as the WPN this can currently average at between  5000 -15,000 results.
This is a normal host file user searching for "free"



This massive amount of traffic in such a short space of time effectively removes the user initiating the search from the network,
if this was a Primary user it would be near certain all of the Secondaries being supported would disconnect causing some to fall from chatrooms and lose ongoing transfers,
it's also highly likely if this user was also hosting a chatroom all of the users in the chatroom would fall/drop out.  



This then brings us down to the simple fact that the trigger words used are such that anyone typing in a single search term is likely to be affected whether that term involves copyrighted material or not.
Heres an example of searching for the word "free" and the results using a modified patch to show the originating IP.



What can I do to help stop the fakes and subsequent attacks on other users ?
One of the legal uses of P2P is sharing freeware, shareware and  open source items as well as users own offerings that they own the copyright to,
it is indefensible to cause an attack on users searching for such material, please note this activity is illegal in most countries.

The only current solution to stop the attacks is to use the WinMX Community Patch  that has evolved over the last year from a blocker of network flooders
and now also a filter of fakes files that are spread by unprotected users on the network.

I'm running Peer Guardian2, surely I dont need the WinMX Community Patch ?
Whilst we would have agreed with you last year, many new developments have occured that make it more important than ever to deny the flooders access to the network,
since last month the number of possible flooders has tripled as other P2P networks have closed or been taken over, secondly Peer Guardian2 disasterously will only allow one update per day.
This means its easy for the flooders to swap IP numbers to ones not on the latest PG list and flood the network for up to 23 1/2 hours before being blocked the next day,
often the flooders do not even make the list as Blutak who provide the PG list dont always enter the latest IP's
as fast as we deliver the data to them, this is both disappointing and a lost opportunity.  

We at WinMXWorld work hand in hand with others in the WinMX community to actively track the flooders as they enter and leave the network,
and to rapidly distribute any new information to users machines in often under 5 minutes.
This system has proved its worth time and again as new flooders are denied the use of WinMX Community patched machines to launch network attacks from,
thereby securing more of the network for all winmx users, including keeping vital secondary slots open for host file secondaries.
Any secondaries attached to a WinMX Community patched primary are automatically protected and will not receive any fake results

Whats the difference between blocking and filtering ?
Blocking is the process of denying the use of your machine or its resouces from unauthorised access,
in simple terms this is to not allow the flooders to join you as a secondary and flood the WPN.
Filtering is to place a device or software program in between the normal activity stream and use it to only allow or disallow certain activity to pass further on to the original process,
once again in simple terms this is being used here to describe the action of rejecting traffic originating from flooders who have joined the network via unprotected host files.

A stark reality here is that nearly all flooding comes via host file users and those that do use PG2 are still open to receive the flooded results from others who have no protection at all.
The WinMX Community Patch both blocks and filters, in fact its often the case that people say "what flooding ?" as all its operations take place automatically.  

I hope this has helped clarify why we ask you all to block these companies due to their poor systems that are unable to do as they claim in their own patents ie: allow the normal legal use of the network their "interdiction" system is employed on.


An Important word to SafeNet and Macrovision

To those companies that claim to be protecting copyright material using proprietory technical systems that they have patented,
as currently deployed they are not fit for their purpose and should either be improved or removed until they are.
To continue operating in a scattergun fashion as you currently are is inviting a challenge to your patents as well as possible future legal action.

After all if we organised a distributed denial of service attack and attacked your web presence in the same way many of us are attacked I'm sure you would be the first to complain.

©2005-2024 WinMXWorld.com. All rights reserved. Page last updated Tue Sep 23 2008