On Aug 29, 2009, at 12:35 PM, Matthew Toseland wrote: > Any thoughts? The original poster thinks this is an attack, and NAT > problems seem unlikely given that the packets on the different port > are all at the same time. Also for the same reason it is unlikely > that it is a harvesting attempt - they would be spread out over a > long period. > > From: Toni Bergman <toni.bergman at gmail.com> > Date: July 30, 2009 7:12:05 AM CDT > To: support at freenetproject.org > Subject: [freenet-support] Part 2: Probably a bug: please report: 1 > peers forcibly disconnected due to not acknowledging packets. > Reply-To: support at freenetproject.org > > > Hi, I got this error again, but this time I got more info about it > Probably a bug: please report: 1 peers forcibly disconnected due to > not acknowledging packets. > 1 of your peers are having severe problems (not acknowledging > packets even after 10 minutes). This is probably due to a bug in the > code. Please report it to us at the bug tracker at > https://bugs.freenetproject.org/ > or to the support mailing list support at freenetproject.org. Please > include this message and what version of the node you are running. > The affected peers (you may not want to include this in your bug > report if they are darknet peers) are: > * 165.154.46.119:34072 > > Versio info > * Freenet 0.7.5 Build #1223 build01223-real > * Freenet-ext Build #26 r23771 > > My machine: modern gaming specs win xp pro, direct connection. > > Here's the extra info, it seems that peer is trying to attack my > node and probably many others. Switching it's port and trying to > connect again. Since opennet by default won't allow more than 1 > connection per IP, I don't see the point.. Maybe it's giving me some > false info in order to confuse my node. Here's what I found at my > CONNECTIVITY - stats page. I removed all but the 1 attacking ip > address so it's clearer to view. > > > Packets for UDP Opennet port 7464 by port - Maybe port forwarded > (minimum tunnel lifetime 5h31m) > Address Sent/received packets Local/remote Startup to first > send Online to first receive > 62.202.36.197:25164 1/ 1 REMOTE 3h12m 3h12m > 3h12m @ 2h23m ago > 62.202.36.197:25163 4/ 2 REMOTE 3h12m 3h12m > 3h12m @ 2h23m ago > 62.202.36.197:25165 5/ 2 REMOTE 3h12m 3h12m > 3h12m @ 2h23m ago > 62.202.36.197:25168 1/ 1 REMOTE 3h12m 3h12m > 3h12m @ 2h23m ago > 62.202.36.197:25167 3/ 2 REMOTE 3h12m 3h12m > 3h12m @ 2h23m ago > 62.202.36.197:25170 2/ 1 REMOTE 3h12m 3h12m > 3h12m @ 2h23m ago > 62.202.36.197:25169 3/ 2 REMOTE 3h12m 3h12m > 3h12m @ 2h23m ago
As I understand it these port numbers are on the remote side; the peer's open port, not the local node... so I'm not sure I would label this as any spamming/flooding, etc. If anything, it seems consistent with a faulty peer (maybe a devel doing networking experiments), or a networking bug which makes the node in question not able to keep a consistent UDP port. Quite likely it is also inserting arp changes into freenet along with the port changes. The 'not acknowledging packets' also jives with this, as if the peer keeps moving ports, we'll be sending a lot of packets to such a port that nobody is listening. Surely benign to the reporting node, 62.202.36.197 on the other hand... probably isn't working at all. -- Robert Hailey -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090904/9c31f9c0/attachment.html>
