All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] info an ARES/WAREZ
@ 2004-08-21  9:13 Dimitris Kotsonis
  2004-08-24 13:30 ` miller69
  0 siblings, 1 reply; 2+ messages in thread
From: Dimitris Kotsonis @ 2004-08-21  9:13 UTC (permalink / raw)
  To: lartc


  Hello,

    I'm blocking/limiting succesfully all P2P activity on our corporate 
network using linux/ipp2p/connmark.

    That is, until now. For my colleagues have found a new p2p client to 
wreck havoc on our DSL line: ARES/WAREZ  It seems to be a gnuttela 
clone, but different enouph for ipp2p not to identify it.

    I played around a bit with tcpflow with no success of finding  
something that could be taken as a positivie signature in its headers.

    Is there any info of this new p2p network ? Any open soure client ? 
Something that could be used to reverse engineer (at least partially) 
its protocol ?

    I will really hate to block all FORWARD traffic and I am willing (at 
least try) to write a new filter for ipp2p.

    Thanks for your time.

    Dimitris.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [LARTC] info an ARES/WAREZ
  2004-08-21  9:13 [LARTC] info an ARES/WAREZ Dimitris Kotsonis
@ 2004-08-24 13:30 ` miller69
  0 siblings, 0 replies; 2+ messages in thread
From: miller69 @ 2004-08-24 13:30 UTC (permalink / raw)
  To: lartc

>     That is, until now. For my colleagues have found a new p2p client to 
> wreck havoc on our DSL line: ARES/WAREZ  It seems to be a gnuttela 
> clone, but different enouph for ipp2p not to identify it.
It just looks like a clone but protocol does not seem to match. But I just
had a quick view at the network dump.

>     I played around a bit with tcpflow with no success of finding  
> something that could be taken as a positivie signature in its headers.
Well, they use at least for the search a HTTP-like request I guess we cannot
differ from a regular HTTP request.

>     Is there any info of this new p2p network ? Any open soure client ? 
> Something that could be used to reverse engineer (at least partially) 
> its protocol ?
One suggestion: drop all traffic from and to matches.warezclient.com
(66.45.237.99) - maybe this will help.

Regards

-- 
Supergünstige DSL-Tarife + WLAN-Router für 0,- EUR*
Jetzt zu GMX wechseln und sparen http://www.gmx.net/de/go/dsl

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-08-24 13:30 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-08-21  9:13 [LARTC] info an ARES/WAREZ Dimitris Kotsonis
2004-08-24 13:30 ` miller69

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.