Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon. Entire thread

Strange Bittorrent flood.

Name: Anonymous 2008-01-10 13:52

I've been experiencing some kind of BT bombardment from 86.67.117.226:6881, it sent lots of UDP packets (of length 102) like


0000  00 10 dc 66 66 66 00 0f  3d e9 fc 2b 08 00 45 20   ...fff.. =..+..E
0010  00 7a b2 62 00 00 70 11  c1 c9 56 43 75 e2 0a 00   .z.b..p. ..VCu...
0020  00 02 1a e1 1a e1 00 66  c4 81 64 31 3a 61 64 32   .......f ..d1:ad2
0030  3a 69 64 32 30 3a 39 f1  55 4b 61 3a 9e 14 fe b2   :id20:9. UKa:....
0040  a6 7c 8f 0f 23 dc a0 af  c5 03 39 3a 69 6e 66 6f   .|..#... ..9:info
0050  5f 68 61 73 68 32 30 3a  04 5c 46 ea 17 5f c8 4d   _hash20: .\F.._.M


0000  00 10 dc 66 66 66 00 0f  3d e9 fc 2b 08 00 45 20   ...fff.. =..+..E
0010  00 7a b2 65 00 00 70 11  c1 c6 56 43 75 e2 0a 00   .z.e..p. ..VCu...
0020  00 02 1a e1 1a e1 00 66  c3 81 64 31 3a 61 64 32   .......f ..d1:ad2
0030  3a 69 64 32 30 3a 39 f1  55 4b 61 3a 9e 14 fe b2   :id20:9. UKa:....
0040  a6 7c 8f 0f 23 dc a0 af  c5 03 39 3a 69 6e 66 6f   .|..#... ..9:info
0050  5f 68 61 73 68 32 30 3a  04 5c 46 ea 17 5f c8 4d   _hash20: .\F.._.M
As you can see, they differ only in some bytes, which are sequentially incremented/decremented.  How can I analyze BT traffic futher without writing the implementation?
My KTorrent replied thoughtfully to each packet (by replies of length 303) and thus got trolled enough to cease doing any useful traffic.
Could it be that French MPAA analog started Omg Cyberspace Warfare on Godawful Pirates?
Any ideas /prog/?

Name: Anonymous 2008-01-10 14:04

libpcap, but i think ur being paranoid and that you have too much time on ur hands, who the hell cares?

Name: Anonymous 2008-01-10 14:04

Using Google I was able to find some people reporting similar problems (UDP flood resulting in disconnect), but without any detail though.  Also sorry for my bad English.

Name: Anonymous 2008-01-10 15:36

I suggest just blocking the rogue host at your firewall.

Name: Anonymous 2008-01-10 15:41

Flood them back and see what happens.

Name: Anonymous 2008-01-10 16:55

>>5
I suggest a portscan first.

Name: Anonymous 2008-01-10 17:35

>>3
Your english is pretty good.

Name: Anonymous 2008-01-10 18:01

>>1
Wireshark has a filter for Bittorrent traffic, perhaps that will help you analyse what exactly is being sent in that packet.

http://www.google.com/codesearch?hl=en&q=show:jD0YZm5owOA:I2BziwBAB0s:hoVz0L36lhM&sa=N&ct=rd&cs_p=http://anonsvn.wireshark.org/wireshark/trunk&cs_f=epan/dissectors/packet-bittorrent.c&start=1

Name: Anonymous 2008-01-10 21:33

>>5
HAHAHAHAHAHAHAHAHAHA

Name: Anonymous 2008-01-11 0:18

Peerguardian2/Moblock/iptables/pf(Packet filter for Fags)/etc.

Name: Anonymous 2008-01-11 5:23

>>10
PF > shitpeetables

Name: Anonymous 2009-03-18 3:28

The word pirahna, is all I can think of that rhymes with marijuana

Marijuana MUST be legalized.

Name: Anonymous 2012-03-13 7:12

flood countermeasures activated

Name: Anonymous 2012-03-13 17:50

>>11
nice doubles, bro

Name: Anonymous 2012-03-14 13:31

>>12
iguana
nirvana
sauna
wanna
madonna
Newer Posts
Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode -