Re: [freenet-support] SYNs and SMURFs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Roger Hayter wrote: > In message <[EMAIL PROTECTED]>, > [EMAIL PROTECTED] writes > >> For a long time I've received what looks like SYN floods and SMURF >> attacks to my port associated with Freenet. I've assumed that it's a >> fault of my firewall or PC, but what's weird is that the port of the >> "offending" IP increments. I thought that the port that Freenet uses >> was fixed being that it was defined in the .conf file. >> >> Excuse my display of ignorance, but could someone please explain why >> the far ends port would need to change? >> >> Example >> >> Time: 05/31/2004, 04:21:52 >> Message: Smurf >> Source: 133.205.255.225, 1905 >> >> Time: 05/31/2004, 04:25:38 >> Message: Smurf >> Source: 133.205.255.225, 2600 >> > Etc. > > Most likely this is an attempt by a Freenet node on 133.205.255.225 to > connect to your Freenet external port, which is fixed, but is being > prevented by your firewall. It tries again and chooses the next > available source port. It has to use a new source port so it can tell > the difference between the present connection and previous ones, should > a packet return. The return packet will be from your Freenet fixed port, > and to the arbitrary source port on the remote machine, 133.205.255.225. > This is normal. Can you tell your firewall to ignore connections to > your Freenet port? I think it may well be identifying Freenet packets > as smurf attacks - what does anyone else think? If this is from a SOHO broadband router - especially a D-Link router, they should likely be disregarded, as the DoS detection in there doesn't usually work and it KNOWN to be broken in D-Link's firmware. There was a version of Freenet, 5023 IIRC, that accidently DID launch a sort of "syn flood" as it would try to reconnect relentlessly. In general, most SOHO router simply cannot handle the kind of traffic Freenet generates, and it confuses it with a DoS attack. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAu7YxhctESbvQ8ZwRAlhbAJ9Xn5orQIPwNhtdaONP5Ha7vHuNnACfSODp 2eiFYi1hJm8YNcVQSuVA+5o= =okvI -END PGP SIGNATURE- ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] SYNs and SMURFs
In message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] writes For a long time I've received what looks like SYN floods and SMURF attacks to my port associated with Freenet. I've assumed that it's a fault of my firewall or PC, but what's weird is that the port of the "offending" IP increments. I thought that the port that Freenet uses was fixed being that it was defined in the .conf file. Excuse my display of ignorance, but could someone please explain why the far ends port would need to change? Example Time: 05/31/2004, 04:21:52 Message: Smurf Source: 133.205.255.225, 1905 Time: 05/31/2004, 04:25:38 Message: Smurf Source: 133.205.255.225, 2600 Etc. Most likely this is an attempt by a Freenet node on 133.205.255.225 to connect to your Freenet external port, which is fixed, but is being prevented by your firewall. It tries again and chooses the next available source port. It has to use a new source port so it can tell the difference between the present connection and previous ones, should a packet return. The return packet will be from your Freenet fixed port, and to the arbitrary source port on the remote machine, 133.205.255.225. This is normal. Can you tell your firewall to ignore connections to your Freenet port? I think it may well be identifying Freenet packets as smurf attacks - what does anyone else think? -- Roger Hayter ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
[freenet-support] SYNs and SMURFs
For a long time I've received what looks like SYN floods and SMURF attacks to my port associated with Freenet. I've assumed that it's a fault of my firewall or PC, but what's weird is that the port of the "offending" IP increments. I thought that the port that Freenet uses was static being that it was defined in the .conf file. Excuse my display of ignorance, but could someone please explain why the far end port would need to change? Example Time: 05/31/2004, 04:21:52 Message: Smurf Source: 133.205.255.225, 1905 Time: 05/31/2004, 04:25:38 Message: Smurf Source: 133.205.255.225, 2600 Time: 05/31/2004, 04:29:24 Message: Smurf Source: 133.205.255.225, 3259 Time: 05/31/2004, 04:33:18 Message: Smurf Source: 133.205.255.225, 3844 Time: 05/31/2004, 04:37:06 Message: Smurf Source: 133.205.255.225, 4412 Time: 05/31/2004, 04:41:33 Message: Smurf Source: 133.205.255.225, ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
[freenet-support] SYNs and SMURFs
For a long time I've received what looks like SYN floods and SMURF attacks to my port associated with Freenet. I've assumed that it's a fault of my firewall or PC, but what's weird is that the port of the "offending" IP increments. I thought that the port that Freenet uses was fixed being that it was defined in the .conf file. Excuse my display of ignorance, but could someone please explain why the far ends port would need to change? Example Time: 05/31/2004, 04:21:52 Message: Smurf Source: 133.205.255.225, 1905 Time: 05/31/2004, 04:25:38 Message: Smurf Source: 133.205.255.225, 2600 Time: 05/31/2004, 04:29:24 Message: Smurf Source: 133.205.255.225, 3259 Time: 05/31/2004, 04:33:18 Message: Smurf Source: 133.205.255.225, 3844 Time: 05/31/2004, 04:37:06 Message: Smurf Source: 133.205.255.225, 4412 Time: 05/31/2004, 04:41:33 Message: Smurf Source: 133.205.255.225, ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Host access problem
On Mon, May 31, 2004 at 07:52:20PM +0100, Toad wrote: > Woah. Oh well, what do you expect from the Church of Scientology? I heard they own Earthlink, that all. If they don't, I apologize for spreading malicious rumours. > > On Mon, May 31, 2004 at 12:55:14PM -0400, Nicholas Sturm wrote: > > Having found that I was using Mozilla 1.6 for most browsing, I allowed it to > > become the default browser with EarthLink TotalAccess. Before that I'd had > > Internet Browser as the default and simply exited it before calling Mozilla for > > Freenet use. > > > > Apparently Mozilla 1.6 (at least when installed as the default Browser) is unable > > to send proper orders to get downloads of Freenet files from the 'host.' By > > cancelling all copies of Mozilla browser (it is slow to load and often has an > > extra copy or more in memory) and activating I.E. I was able to get the latest > > Freenet to download using the Win-installer of Freenet. > > > > Hope I can remember this problem (and how to get around it) in a week. > -- > Matthew J Toseland - [EMAIL PROTECTED] > Freenet Project Official Codemonkey - http://freenetproject.org/ > ICTHUS - Nothing is impossible. Our Boss says so. > ___ > Support mailing list > [EMAIL PROTECTED] > http://news.gmane.org/gmane.network.freenet.support > Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support > Or mailto:[EMAIL PROTECTED] -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Host access problem
Woah. Oh well, what do you expect from the Church of Scientology? On Mon, May 31, 2004 at 12:55:14PM -0400, Nicholas Sturm wrote: > Having found that I was using Mozilla 1.6 for most browsing, I allowed it to become > the default browser with EarthLink TotalAccess. Before that I'd had > Internet Browser as the default and simply exited it before calling Mozilla for > Freenet use. > > Apparently Mozilla 1.6 (at least when installed as the default Browser) is unable to > send proper orders to get downloads of Freenet files from the 'host.' By cancelling > all copies of Mozilla browser (it is slow to load and often has an extra copy or > more in memory) and activating I.E. I was able to get the latest Freenet to download > using the Win-installer of Freenet. > > Hope I can remember this problem (and how to get around it) in a week. -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
[freenet-support] Neurons not properly interfaced.
I know, it should be zipped to this address, but I'm too frustrated at the moment to get all the neurons in phase.___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Re: Why?
>Anyone know the answer to that part of the question? Perhaps related by my > >multiple browsers on my system??? Maybe they are arguing with each other. > >Or has the 'host' been down more often than usual?? > > Have you tried running the update programme as an administrator? It may > be a permission problem, as windows does not seem to let ordinary users > do various network related things. Sorry to be imprecise, I've never > looked into what is actually happening, just run things as > administrator. > That did not solve it. It appears, but I can't prove it, that Mozilla with EarthLink TotalAccess front end is unable to foreward request by the Windows installer for Freenet. By manually confirming I had killed all copies of Mozilla 1.6 I was able to download the new Freenet release using the Win-Installer provided by FreeNet. But thanks for the suggestion, it lead me into trying some different attacks. N. ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
[freenet-support] Host access problem
Having found that I was using Mozilla 1.6 for most browsing, I allowed it to become the default browser with EarthLink TotalAccess. Before that I'd had Internet Browser as the default and simply exited it before calling Mozilla for Freenet use. Apparently Mozilla 1.6 (at least when installed as the default Browser) is unable to send proper orders to get downloads of Freenet files from the 'host.' By cancelling all copies of Mozilla browser (it is slow to load and often has an extra copy or more in memory) and activating I.E. I was able to get the latest Freenet to download using the Win-installer of Freenet. Hope I can remember this problem (and how to get around it) in a week.___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
[freenet-support] re: Memory leak in XP
I've been using Freenet for a couple of days now, and I began noticing that after using the program for about an hour, the size of the file in memory began to grow ridiculously large. Had I run the program for a whole day, the memory leak would have encompassed all available memory on the system. Is this unique to XP SP2 or does this affect all XP versions? Sincerely, Michael K. -- ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
[freenet-support] Re: [Tech] Re: [freenet-dev] Retiring from the project
On Thu, May 27, 2004 at 05:23:00PM +0100, Ian Clarke <[EMAIL PROTECTED]> wrote: > >>(consider the amount of time we would spend dealing with memory leaks > >>and array overflows had we implemented in C++). As for focus, our > > > > > >You are living in a dream world, really. > > No, you are living in a dream world if you think I am going to dignify > your off-topic cross-posted rant with a response. You just did. What was the reason for cross-posting your mail, btw.? > If people can't start exercising some common sense with respect to > off-topic posts we will have no choice but to restrict posting to devl > in some manner, and I *really* don't want to do that. Yeah, free speech, accessible for every windows user etc. etc... -- -==- | ==-- _ | ---==---(_)__ __ __ Marc Lehmann +-- --==---/ / _ \/ // /\ \/ / [EMAIL PROTECTED] |e| -=/_/_//_/\_,_/ /_/\_\ XX11-RIPE --+ The choice of a GNU generation | | ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Re: Why?
In message <[EMAIL PROTECTED]>, Nicholas Sturm <[EMAIL PROTECTED]> writes Thanks. Thirteen days ago? I missed it or didn't know how to make use of your answer. Gmane archive? I'll bet that is on the Internet. Okay, so I'll try Google. I do remember an exchange regarding an answer regarding the "jar" to which there was an third party response about confusing the problem. Well, thanks, anyway. Perhaps I will eventually find it. BUT I still wonder why the Installer for the windows version can not find the 'host'?? Anyone know the answer to that part of the question? Perhaps related by my multiple browsers on my system??? Maybe they are arguing with each other. Or has the 'host' been down more often than usual?? Have you tried running the update programme as an administrator? It may be a permission problem, as windows does not seem to let ordinary users do various network related things. Sorry to be imprecise, I've never looked into what is actually happening, just run things as administrator. -- Roger Hayter ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]