Information For Developers Concerning Recent Network Attacks

Whats Going On ?

Recently the network has been suffering attacks from both former developers and disgruntled ex users these ppl are currently abusing and exploiting some of the known holes in the Primary networking system and driving a large number of users from the network.

I know many of you are fellow long term hard core users and will not fold to this kind of mindless activity and so we need to focus on what we can as a community do to mitigate these attacks and what steps can be put in place for the future to prevent further such attacks at a technical level

What Are The Mechanisms Used In The Attacks ?

When WinMX was created the information necessary for others to undertake activity on the network was not availble but over the years key parts of the system have been worked out and now most of the special instructions it uses are known to developers/coders, WinMX has a few "flaws and as most of you know theres no developer of the original client left to continue any updates and so we can only look at either a complete client replacement, something that will take a long time or a new patch release, a new patch release is the only realistic way ahead at this time.

The "flaws" or problems that are the most cause of concern are the lack of any primary TCP validation mechanism as this allows for a skilled attacker to create false traffic that is then passed along the networking chain to all the other primaries, this single problem then has the potential to cause disruption to both the chatroom listing and the search listings amongst other things and its this powerful aspect thats currently being abused and causing the most concern amongst the users. There are also exploits in the unvalidated UDP traffic areas but those can be resolved and are thus in hand, whats not in hand is the much harder part of the overall fix and many minds working towards a solution are always favoured over putting all the strain on a single developer, I'm sure you all agree.

Heres the core problem and why the attacker is able to abuse users with seeming impunity and the proposed solution.

As you can see the proposed mechanism will be able to stop the "spoofed" (fake) traffic from continuing to disrupt the network at source by demanding the originating primary confirm its request by some as yet undecided mechanism but anything that isnt static can be used as static responses can be duplicated and pre-sent by the attacker.

What Can I Do To Help ?

As stated above the way ahead is to create a new patch following the only theoretically sound model proposed so far and we already have one of the best community developers on this project but with the scale of the attacks increasingly affecting more users we are asking others to offer help and support of the network and you too can take part in this new patch effort as time is of the essence and WMW and its partners strongly feel if no action is undetaken soon there is the strong possibility will see the whole network disintergrate in a short space of time as users leave en masse, with this in mind we are asking for your help and assistance on behalf of the entire WinMX using community, this affects all WinMX users equally.

If you want to help and have a time to do so we need help in socket level programming techniques and the associated thread handling mechanisms as decrypting the traffic on many sockets, validating it and then re-encrypting the legitimate traffic is a far from trivial thing to acheive and thus we need all our community mind power focused on this problem, if you are up to helping with this or know another person who is please contact Ghostship in the first instance or better still post your info in the "core Development section" of the wmw forum where it can be put to good use and others can gain from your experience.  

Thank you all for your time, please post any further info requests also in the core section and further information will be supplied, please bear in mind that any primary protocol information you seek must not be shared with anyone else at least till we have a fix to these attacks as otherwise we may be in a worse place than we are now.

©2005-2020 All rights reserved. Page last updated Sun May 22 2011