From mboxrd@z Thu Jan  1 00:00:00 1970
From: miller69@gmx.net
Date: Tue, 24 Aug 2004 13:30:59 +0000
Subject: Re: [LARTC] info an ARES/WAREZ
Message-Id: <8391.1093354259@www36.gmx.net>
List-Id: <lartc.vger.kernel.org>
References: <4127122C.3070601@comkey.spark.net.gr>
In-Reply-To: <4127122C.3070601@comkey.spark.net.gr>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
To: lartc@vger.kernel.org

>     That is, until now. For my colleagues have found a new p2p client to =

> wreck havoc on our DSL line: ARES/WAREZ  It seems to be a gnuttela=20
> clone, but different enouph for ipp2p not to identify it.
It just looks like a clone but protocol does not seem to match. But I just
had a quick view at the network dump.

>     I played around a bit with tcpflow with no success of finding =20
> something that could be taken as a positivie signature in its headers.
Well, they use at least for the search a HTTP-like request I guess we cannot
differ from a regular HTTP request.

>     Is there any info of this new p2p network ? Any open soure client ?=20
> Something that could be used to reverse engineer (at least partially)=20
> its protocol ?
One suggestion: drop all traffic from and to matches.warezclient.com
(66.45.237.99) - maybe this will help.

Regards

--=20
Superg=FCnstige DSL-Tarife + WLAN-Router f=FCr 0,- EUR*
Jetzt zu GMX wechseln und sparen http://www.gmx.net/de/go/dsl

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/