JSEMTS搜尋引擎
 

What the RIAA/MPAA Dont Want You To Know

(Lots of reading but well worth it...explains most of your Winmx problems)


This is the most damaging document to come to light in a long while. This information was a posted story on May 16th, and has since been hidden in the archives less then a day later.

Its long winded so its been broken down into plain english so you can see why your P2P apps have been receiving fake files, timing out and even crashing.

What the document describes is a system for disrupting P2P systems by using Agents (non human) masquerading as ordinary users in a Decentralized Network, utilizing a Query Matcher that receives search results from the agents, and reports matches of search results back to the agents for network disruption.

This comprises of a system where multiple copies of the p2p software
reside on one or more computers while communicating to the decentralized network through individually assigned ports, also the assigned ports have corresponding IP addresses that change in a manner so that detection of the agents as fakes in the decentralized network is made difficult.The number and geographical locations of the computers is determined by the number and geographical distribution of users in the decentralized network. (they target the areas where the most sharing occurs)


The system is centrally coordinated so as to disrupt the decentralized network in the following manners:

Modification or deletion of search results passing across the agents system often redirecting the searcher to an incorrect (or doctored) file or IP address, so that the file would never be found and the option to flood the network with the modified result which can be one of the following.

+ An audio file containing white noise.
+ A video file containing white noise.
+ An application containing a NOP executable that terminates the application when executed (crash).
+ An image file containing snow.
+ A document with blank contents.
+ Decoy contains an anti-piracy message.
+ An alternative file that is a rights managed version (it can dial home using windows media player).
+ An instruction to transmit the alternative file such that the transmission rate slows down during the transmission. (often seen as a active download that has no visible transfer rate )
+ Sending an instruction to transmit the alternative file such that the transmission terminates automatically after most, but not all of the alternative file has been downloaded.
+ An instruction to modify at least one reference corresponding to a match in the search results so as to point to a non-existent file along with a reported hash value that does not correspond to any file in the decentralized network instead of the at least one valid file. (the timing out effect)
+ An instruction to modify a reference corresponding to a match in the search results so as to point to a spoof file instead of the valid file and report a hash value matching that of the valid file, even though the contents of the spoof files do not exactly match that of the
valid file.


Network Routing Attacks

Then there is a selection of network routing tricks being used
to incorrectly identify an agents status, here are some of them

+ The agents inform their respective supernodes (or primaries) that they have copies of specified files and
claim user attributes (good connections more open slots etc) so that the agents will be selected as top matches by their respective supernodes for search strings indicating the specified files.
+ The agents inform the decentralized network that they are supernodes, causing network instability.
+ The agents report to the decentralized network that they possess attributes that qualify them as supernodes under the protocol of the decentralized network.
+ The agents primary aim is to achieve a man in the middle type situation by manipulating network connections to suit there plans.
+ Connecting multiple agents resembling users to the client computer until the client computer disconnects from that neighboring user.
+ Causing the client computer to transfer a connection from that neighboring user, to another neighboring user, so as to no longer be directly connected to that neighboring user.
+ Bombarding a socket connection connecting the client user to a neighboring user with communications so as to cause the socket connection to be terminated.
+ Causing software running on a neighboring user, and responsible for maintaining a connection with the client user to experience a known defect causing that neighboring user to be disconnected from the client user. (secondary connection in the case of WinMX)


Their Justification

Unauthorized copying in decentralized networks using peer-to-peer (P2P)
file sharing has become a major concern to owners of copyrighted material.
Unlike a centralized network, decentralization makes it commercially impractical to pursue all copyright violators in court. This is because decentralization requires filing lawsuits against virtually millions of client computer operators instead of only one party operating a central computer.
(what a shame, also its easier to go for the fattened calf)

Accordingly, copyright owners seek other methods for protecting their
copyrighted material, such as blocking, diverting or otherwise impairing the unauthorized distribution of their copyrighted works on a publicly accessible decentralized or P2P file trading network. In order to preserve the legitimate expectations and rights of users of such a network, however, it is desirable that copyright owners do not alter, delete, or otherwise impair the integrity of any computer file or data lawfully residing on the computer of a file trader.
(Desirable ? How about expected ?)


Claims made by the Systems Users and Designers

That they have ensured that the system operates in such a way, that the
legitimate rights and expectations of users of the decentralized network are preserved and users are not prevented from operating their legitimate file sharing activities, and that copies of files on the decentralized network are not destroyed through erasure or corruption of data.
(These claims are patently not true as many of us have found out to our cost, chat rooms crashing with no file sharing activity taking place.The WinMX application itself being hit with buffer overflows often causing
a complete system crash to many users, as well as requiring a full reinstall.)


Decentralized P2P Basics

In a decentralized network, there is no central authority or managing
entity. Each user of the network makes decisions autonomously to connect,
disconnect, and share information with other users in the network according to a predetermined protocol established by the creators of the network. Files and documents are stored by the users of the networks and propagated throughout the network via inter-user exchange. Users search the network using search queries at their respective network addresses for specific files or documents and then select a host from search results to download or stream the content from.

To prevent users swapping specifically named files, various methods for search result manipulation and interruption are listed here
These methods vary according to the type of file sharing network that they are operating in. To illustrate the different aspects, two networks,
respectively referred to as Type A and Type B networks, are used as examples.

The type "A" Network
This consists of non-hierarchical decentralized network structure,
all users are treated as equals.

The type "B" Network
This consist of a hierarchical decentralized network.
In this second network, there are regular users and so-called SuperNodes (primaries)Regular nodes represent computers hooked to the network that
host or are capable of hosting files for sharing.
SuperNodes (or primaries) are computers hooked to the network,
that not only host or are capable of hosting files for
sharing, but also have higher resources than regular nodes and generally perform functions in addition to those of regular nodes.
(network administration and search requests for example)

The precise behavior of the search string handling, forwarding and
query match returning process depends on the defined rules and/or policies of the decentralized network.
Information of the query matches includes information on how to locate the file such as an URL. Hash values for each of the files may also be sent to the requesting user the query matches are generally sent back along the path that they came. Also, the client node may establish a direct connection with the user(s) having a copy of
the selection available for download, and sends an HTTP request to them)
requesting the selection. The user(s) may then reply with a standard HTTP
response. (this is to determine that the file host is valid)

Prioritization of agent status is achieved by returning results declaring high connection speed and the quality of the file.
The prioritized list of matches is transmitted back to the user from which the search string originated.
By refining and forwarding the search string to target the unwitting user the desired effect is achieved.


The Disruption System

Agents are infiltrated into the decentralized network masquerading as users by following all the quirks of the network user, performing handshakes or login procedures with other users as specified by the protocol and monitoring and conducting network searches so that they are virtually indistinguishable as infiltrators.
The "Agents" are actually computers running software on one or more computers that communicate with systems using the network through individually assigned ports of the one or more computers.
The IP addresses for the ports may vary with time or in some other manner so that detection of the agents in the network and their expulsion from it
are prevented or at least made considerably more difficult.

In order to perform the above infiltration, it is useful to first
identify users and join as a regular client by logging in through the client application software
provided by or otherwise associated with the decentralized network of interest.
(against the terms of use of many of them, may I add)
In this way users addresses are gathered and stored in an address cache for later use.
These addresses may be used to make connections as well as any
additional user addresses resulting from the initial connection to the network.

Each of the agents receives search queries from users requesting files in the network and forwards those search queries to other users in the network so as to behave just like a regular node in this respect.
When the agents receive search results back from those forwarded search queries, however, rather than passing those search results back along the same path that the agents received the corresponding search queries, they
first send the search results to a Query Matcher implemented as software
residing on a computer connected to the Agents through a private network.
The Query Matcher compares each of the references in the search
results to entries in its own database containing metadata including content identification codes of specified files. Matches are then sent back to each of the agents, directing the type of action to be taken when the agents receive matches.


Fake Files Structure

Fake files are those having the same properties such as filename and metadata as the files that they are impersonating, but have different content.
Hash values provided by the fakes, however, generally match their actual content, not the content of the files that they are impersonating.
This is how fakes can be systematically constructed to impersonate various file types.

+ For all file types, the title of the fake file will be a random combinatorial reordering of words and phrases from the title of the protected file. The mouse over property of the file will be the same as the title.
+ For audio files, the content can be white noise or an anti-piracy
message. The MIME type will be randomly selected from one of the commonly used types for audio (such as wave, or aiff).The length of the file is chosen at random from a range that corresponds to the size range of the known instances of the file on the network.
+ For video files, the content will be snow or white noise.The MIME type
will be randomly selected from one of the commonly used types for video (such as mpeg, avi, or quicktime).
The length of the file is also chosen at random from a range that corresponds to the size range of the known instances of the file on the Network.
+ For applications, the content will be a "no operation" or NOP executable
that simply terminates when executed. The type will be randomly selected from one of the commonly used types (such as ZIP).
+ For image files, the content will be snow or an anti-piracy statement.The MIME type will be randomly selected from one of the commonly used types for images (such as jpg, tif, or gif.
The color depth and resolution are also randomly chosen (e.g., 1600.times.800 resolution, 16 bit depth).
+ For documents, the content is blank and the MIME type is randomly selected from one of the commonly used types for documents (such as zip, pdf, doc, ppt, rtf, or html).


User Quarantining

One such trick is user quarantining, wherein a user to be quarantined
is surrounded with agents controlled by the central control.
A user that is identified as having protected files available for file sharing can be effectively eliminated from
the decentralized network by making them "invisible" to other users on the
network or its file sharing activity restricted, but not completely eliminated is their (false) claim.

After identifying a user C to be quarantined, a list of its
immediate neighbor users, N1 and N2, is obtained .
An agent A1 can be connected to a neighbor user N1 and the user C ,
or the neighboring user N1 is then disconnected from the user C using a method described below.

Depending on the network, the neighbor user N1 may be disconnected using any combination of the following:

+ Issuing a "Disconnect from user C" message to user N1, or vice versa;
+ Issuing a "Disconnect from the Network" message to user N1;
+ Issuing a message to user C, purporting to be from the neighboring user
N1, indicating that user N1 is now disconnecting, or vice versa;
+ Issuing a message to user N1 that violates the agreed upon connection
protocol between user N1 and user C, thus inducing user N1 to abandon the
connection, or vice versa;
+ Attaching a very large number of agents to user C so that its
capacity or quota of immediate neighbors is exceeded, thus inducing user C to disconnect from one or more of its immediate neighbor users until user N1 is disconnected;
+ Attaching a very large number of agents to users C so that its
capacity or quota of immediate neighbors is exceeded, thus inducing user C to transfer connections for one or more of its immediate neighbor users to a single neighbor user ,until user N1 is disconnected from user C;
+ Overwhelming the capacity of user C's port, socket or connection to
user N1 by bombarding it with messages or requests that it must parse, act upon, or otherwise process to clear the overload.
+ Eliminating or disconnecting N1 from the decentralized network
altogether by exploiting a known defect in the client software application for the decentralized network or underlying client operating system running on the user N1,s machine (e.g., overrun the stack, and crash the user).

They then claim that all the overflow/implementation bugs are found in the public domain, a highly unlikely scenario, more likely a lot of research was done to obtain this rather specialized information.


File Transfer Attenuation

Another annoying trick is file transfer attenuation. The method slows the file transfer so that it starts off fast, then as the download progresses, the transfer rate slows down.
By the time the transmission rate slows down a lot, the user requesting the file has got most of the file so they will be reluctant to cancel the download at that point.
Eventually, however, the transmission rate will slow down to such a trickle that the user will probably become annoyed with the download progress and consequently, cancel it at that point.
The download will not time out so the user must explicitly cancel it in order to terminate the transmission. This consumes the users connection resources, to prevent relocation of other sources.


The "Sickener" Technique

Yet another dirty trick is this one , the transfer may be automatically terminated after a certain percentage such as 95% of the file has been transmitted.


Hash Spoofing A to Z

Another technique for disrupting file sharing is hash spoofing.
In most decentralized peer-to-peer file sharing networks, each unique file is given an identification code to uniquely identify its content. Commonly, this code is a hash value generated through a cryptographic hash algorithm (such as MD-4, MD-5, SHA-1, SHA-64, etc.) of all or a subset of the file's content.
This hash mechanism is used by some decentralized networks to facilitate resuming downloads which have been interrupted for some reason before completion,
or for multi-source downloading which can be used to greatly improve the reliability and speed of file downloads.

A quick description is this, an ordinary user sends out a search string on the network, and gets search results back along with their hashes.
The file that the user wishes to download, may be on more than one users machine in the network as shown by identical hashes on the search results.
If the downloading machine has its download interrupted for some reason, it may resume its download at a later time by finding other users having the file, as identified by an matching hash value, and downloading the rest of the file at that time from that user.
In addition, if the user wants to download a file with many sources on the
decentralized network and it knows that all of these sources have exactly the same content (as evidenced by their same hash values), the user can split the file content into segments and request a few segments from each of the sources.

Hash spoofing can be used for disrupting where such interruption/resumption and multi-source downloading is being used in a decentralized network. To maximize disruption the agent may modify the search results so as to replace a link to (or address of) a file to be protected with either a link to a non-existent file along with a reported hash value that doesn't correspond to any file in the decentralized network, or a link to a spoof file along with a reported hash value matching that of the file whose link is being replaced.In the first case, the user will try to find the non-existent file, but will be unsuccessful,
because the file doesn't exist. The user may also try to find other files with the same hash value as the non-existent file for download,
but will never be able to since there are no files in the decentralized network that correspond to the hash value.


Multi Part File Corruption

Its often common that when the agent receives a request for a specified file, or a portion of the file in the case of a multi-source download, the spoof file or a portion is transmitted instead of the requested file or segment of the file.
After the user has completed downloading the file, or all the pieces from its sources in the case of multi-source downloading, the hash will be calculated and a mismatch will be detected (file corrupt), because the hash value of the spoof file or segment is different than that reported.


This document has taken the technical information from the actual Patent Application for this software made by Macrovision.
Trying to slip this by under the noses of millions of P2P users and creators. Although, they have been using these tactics to disrupt the decentralized networks for some time, this is the first time all of their different systems have been announced publicly. Until now there has only been denial of such attacks. In their own "claims" this software does not harm the network, however a read through this information proves otherwise.

Written by WinMX World Staff
June 08, 2005






搜尋引擎讓我們程式搜尋結果更加完美
  • 如果您覺得該文件有幫助到您,煩請按下我
  • 如果您覺得該文件是一個一無是處的文件,也煩請按下我

  • 搜尋引擎該文件您看起來是亂碼嗎?您可以切換編碼方式試試看!ISO-8859-1 | latin1 | euc-kr | euc-jp | CP936 | CP950 | UTF-8 | GB2312 | BIG5 |
    搜尋引擎本文件可能涉及色情、暴力,按我申請移除該文件

    搜尋引擎網址長?按我產生分享用短址

    ©2024 JSEMTS

    https://tw.search.yahoo.com/search;_ylt=A8tUwZJ2QE1YaVcAUmFr1gt.;_ylc=X1MDMjExNDcwNTAwMwRfcgMyBGZyA3lmcC10LTkwMC1zLXR3BGdwcmlkAwRuX3JzbHQDMARuX3N1Z2cDMARvcmlnaW4DdHcuc2VhcmNoLnlhaG9vLmNvbQRwb3MDMARwcXN0cgMEcHFzdHJsAwRxc3RybAM4NARxdWVyeQMlRTglQjYlODUlRTUlOEYlQUYlRTYlODQlOUIlRTclOUElODQlRTUlQUYlQjYlRTUlQUYlQjYlMjAlRTglODMlQTElRTUlQUUlODklRTUlQTglOUMEdF9zdG1wAzE0ODE0NTc3OTM-?p=%E8%B6%85%E5%8F%AF%E6%84%9B%E7%9A%84%E5%AF%B6%E5%AF%B6+%E8%83%A1%E5%AE%89%E5%A8%9C&fr2=sb-top-tw.search&fr=yfp-t-900-s-tw&rrjfid=6927897 https://tw.search.yahoo.com/search;_ylt=A8tUwYgkQU1YcXoAUE9r1gt.;_ylc=X1MDMjExNDcwNTAwMwRfcgMyBGZyA3lmcC10LTkwMC10dwRncHJpZAMxWU5tY2FYMVFGQ2ZvUXZGN1N0bzVBBG5fcnNsdAMwBG5fc3VnZwMwBG9yaWdpbgN0dy5zZWFyY2gueWFob28uY29tBHBvcwMwBHBxc3RyAwRwcXN0cmwDBHFzdHJsAzQ4BHF1ZXJ5AyVFNiVBRCVBMSVFNiVBRCU4QyUyMCVFNSVCMCU4OCVFNiU4MyU4NSVFNSU5QyU5OAR0X3N0bXADMTQ4MTQ1Nzk3Ng--?p=%E6%AD%A1%E6%AD%8C+%E5%B0%88%E6%83%85%E5%9C%98&fr2=sb-top-tw.search&fr=yfp-t-900-tw&rrjfid=9460449 https://tw.search.yahoo.com/search;_ylt=A8tUwYgkQU1YcXoAUE9r1gt.;_ylc=X1MDMjExNDcwNTAwMwRfcgMyBGZyA3lmcC10LTkwMC10dwRncHJpZAMxWU5tY2FYMVFGQ2ZvUXZGN1N0bzVBBG5fcnNsdAMwBG5fc3VnZwMwBG9yaWdpbgN0dy5zZWFyY2gueWFob28uY29tBHBvcwMwBHBxc3RyAwRwcXN0cmwDBHFzdHJsAzQ4BHF1ZXJ5AyVFNiVBRCVBMSVFNiVBRCU4QyUyMCVFNSVCMCU4OCVFNiU4MyU4NSVFNSU5QyU5OAR0X3N0bXADMTQ4MTQ1Nzk3Ng--?p=%E6%AD%A1%E6%AD%8C+%E5%B0%88%E6%83%85%E5%9C%98&fr2=sb-top-tw.search&fr=yfp-t-900-tw&rrjfid=4701334 https://tw.search.yahoo.com/search;_ylt=A8tUwZJ2QE1YaVcAUmFr1gt.;_ylc=X1MDMjExNDcwNTAwMwRfcgMyBGZyA3lmcC10LTkwMC1zLXR3BGdwcmlkAwRuX3JzbHQDMARuX3N1Z2cDMARvcmlnaW4DdHcuc2VhcmNoLnlhaG9vLmNvbQRwb3MDMARwcXN0cgMEcHFzdHJsAwRxc3RybAM4NARxdWVyeQMlRTglQjYlODUlRTUlOEYlQUYlRTYlODQlOUIlRTclOUElODQlRTUlQUYlQjYlRTUlQUYlQjYlMjAlRTglODMlQTElRTUlQUUlODklRTUlQTglOUMEdF9zdG1wAzE0ODE0NTc3OTM-?p=%E8%B6%85%E5%8F%AF%E6%84%9B%E7%9A%84%E5%AF%B6%E5%AF%B6+%E8%83%A1%E5%AE%89%E5%A8%9C&fr2=sb-top-tw.search&fr=yfp-t-900-s-tw&rrjfid=8206108 https://tw.search.yahoo.com/search;_ylt=A8tUwYgkQU1YcXoAUE9r1gt.;_ylc=X1MDMjExNDcwNTAwMwRfcgMyBGZyA3lmcC10LTkwMC10dwRncHJpZAMxWU5tY2FYMVFGQ2ZvUXZGN1N0bzVBBG5fcnNsdAMwBG5fc3VnZwMwBG9yaWdpbgN0dy5zZWFyY2gueWFob28uY29tBHBvcwMwBHBxc3RyAwRwcXN0cmwDBHFzdHJsAzQ4BHF1ZXJ5AyVFNiVBRCVBMSVFNiVBRCU4QyUyMCVFNSVCMCU4OCVFNiU4MyU4NSVFNSU5QyU5OAR0X3N0bXADMTQ4MTQ1Nzk3Ng--?p=%E6%AD%A1%E6%AD%8C+%E5%B0%88%E6%83%85%E5%9C%98&fr2=sb-top-tw.search&fr=yfp-t-900-tw&rrjfid=8863661 https://tw.search.yahoo.com/search;_ylt=A8tUwYgkQU1YcXoAUE9r1gt.;_ylc=X1MDMjExNDcwNTAwMwRfcgMyBGZyA3lmcC10LTkwMC10dwRncHJpZAMxWU5tY2FYMVFGQ2ZvUXZGN1N0bzVBBG5fcnNsdAMwBG5fc3VnZwMwBG9yaWdpbgN0dy5zZWFyY2gueWFob28uY29tBHBvcwMwBHBxc3RyAwRwcXN0cmwDBHFzdHJsAzQ4BHF1ZXJ5AyVFNiVBRCVBMSVFNiVBRCU4QyUyMCVFNSVCMCU4OCVFNiU4MyU4NSVFNSU5QyU5OAR0X3N0bXADMTQ4MTQ1Nzk3Ng--?p=%E6%AD%A1%E6%AD%8C+%E5%B0%88%E6%83%85%E5%9C%98&fr2=sb-top-tw.search&fr=yfp-t-900-tw&rrjfid=4451768