just a thought...

why would RIAA be stupid enough to use its own IPs to find people who share files on P2P networks? :confused:

which leads to my question: if the answer to the above is no, does peerguardian really work?


sorry... just had to ask...

im not really for sure why they would use their own IPs, but what else is left, one way or another we would find the ips, and block them, and to asnwer your 2nd question, yes PeerGuardian does work.

the RIAA (or any similary organization) can easily download PeerGuardian, take a look at the IP list and choose an alternative IP/provider who is NOT on the list...
or are they required by law to disclose whichever IP they're using, during an investigation for a possible lawsuit?

Theres so many ranges and ips on there, that they would prolly have a hard time finding a new spot for their new ip, and im not for sure if they have to disclose any thing during an investagation, prolly not though.

Originally posted by creamypanda@26 June 2003 - 20:15
does peerguardian really work?

Very well, in fact, teh first 2 days I used it, PeerGuardian forcefully closed over 2000 MediaForce IP's. Now that I have been using it a few days, Its only forcefully closed a few IP's. I guess they are learning their lesson. :D

PG is crap I cant beileve people think it works it has never been proven how do we know where blocking the right IPS anyway?

most of the time the block are innocent people

Originally posted by creamypanda+26 June 2003 - 14:23--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (creamypanda &#064; 26 June 2003 - 14:23)</td></tr><tr><td id='QUOTE'>the RIAA (or any similary organization) can easily download PeerGuardian, take a look at the IP list and choose an alternative IP/provider who is NOT on the list...&nbsp;
or are they required by law to disclose whichever IP they&#39;re using, during an investigation for a possible lawsuit?[/b]I think it&#39;s been well-played out that the RIAA is stuck in the past as far as technology issues are concerned.

For the most part, they&#39;re not using their primary servers and ip ranges, but they seem to be contracting out the work to the &#39;usual suspects&#39;:
BayTSP
Cyveillance
Cogent
Dotster.com
MediaForce
MediaDefender
NetPD
OverPeer
Retspan (Napster spelled backwards)
Vidius

Quite a lot of information can be found out about these companies, as they are ADVERTISING their ability to do copyright violation searches. Some even hint at their methods...

Once these companies are known, finding the ip ranges associated with them can be as easy as seeing what ip address their websites are on, then plugging that ip address into a WHOIS lookup or other specialized DNS functions offer by various ISPs. However, this may only be their &#39;primary&#39; range -- not the range which they do their &#39;dirty work&#39; out of.

So to find other ranges requires a bit more hit-and-miss, like spotting suspicious behavior from an ip address -- then plugging THAT into a WHOIS and seeing what company name pops out. After doing this for awhile, the answers won&#39;t seem so surprising...

They&#39;ve been demanding special protection from accidental damage they do to people&#39;s computers and networks from the US government, but they&#39;ve already been ACTIVELY disruting the file-sharing networks for some time&#33; I don&#39;t mean by scanning people&#39;s computers for &#39;copyrighted materials&#39; -- they&#39;re also using specialized software which knocks out (crashes or at least seriously slows down) file-sharing network hubs either by purpose or by accident (due to requests-per-second overloads).<!--QuoteBegin-adthomp@26 June 2003 - 21:11
PG is crap I cant beileve people think it works it has never been proven how do we know where blocking the right IPS anyway?

most of the time the block are innocent people[/quote]Some of us have put in some serious effort into blocking bad ip ranges -- and this includes doing research into what ip ranges a company has leashed.

This also includes monitoring of actual hostile activity both on the fasttrack network AND on other file-sharing networks.

What&#39;s SCARY is when we find a hostile ip range that has no trouble jumping networks and doing really bad things on all of them -- like I&#39;ve found in the 38.144.x.x ip range. They almost single-handedly shut down the Gnutella network due to their VERY aggressive activities and I&#39;ve blocked ips in that range which were trying to connect to my Kazaa computer. I&#39;ve heard from others (in the BearShare forums) that these hostiles are working off 10 Mbits and faster connections -- not something the average home user is likely to have... although blocking a legitimate user in that range would be a big loss. However, the entire web block is owned by an ISP that is anti-p2p file sharing and any legitimate user probably wouldn&#39;t be running file-sharing software for very long&#33;

I&#39;ve been trying to map out many ISPs as well as &#39;hostiles&#39; so as to not accidentally block legitimate users.

Work is slow when all everyone else does is bitch about how nothing&#39;s getting done.

Originally posted by adthomp@27 June 2003 - 02:11
PG is crap I cant beileve people think it works it has never been proven how do we know where blocking the right IPS anyway?

most of the time the block are innocent people


well i&#39;ve successfully used pg to block connections from the mpaa, riaa and overpeer (when trading files) specifically so as far as there being no proof (i didn&#39;t get notification from my isp) i&#39;m not sure what you mean and as far as the right ips that depends upon the sources you use- having said all that you would be better off importing the ips into your firewall (pg just blocks tcp/icp connections) but not everyone has that option and i&#39;m not individually entering in each range- that&#39;s just a waste of time. so there&#39;s no need to bash what you don&#39;t understand- anyone can go around calling things crap...as for innocent ppl being blocked that&#39;s pretty funny...is it your intent to discourage ppl from taking steps to protect themselves from anti p2p groups? coz your words above say that pretty clearly...

well i&#39;ve successfully used pg to block connections from the mpaa, riaa and overpeer (when trading files) specifically so as far as there being no proof (i didn&#39;t get notification from my isp) i&#39;m not sure what you mean and as far as the right ips that depends upon the sources you use- having said all that you would be better off importing the ips into your firewall (pg just blocks tcp/icp connections) but not everyone has that option and i&#39;m not individually entering in each range- that&#39;s just a waste of time. so there&#39;s no need to bash what you don&#39;t understand- anyone can go around calling things crap...as for innocent ppl being blocked that&#39;s pretty funny...is it your intent to discourage ppl from taking steps to protect themselves from anti p2p groups? coz your words above say that pretty clearly...

Im not gonna argue your right I coundt care less any RIAA member can get onto any IP address and we wouldnt know&#33; PG has to many faults and we dont even know if it works

Simply put, better than nothing. I&#39;ve done enough test on my own to prove it works if you have a current list, which I update once a week from PGText, currently blocking 344 ranges. If you need proof load up PG and then search for a new release, and then try to download one with low sources but high bandwidth, you may quickly notice PG blocking AVIFaker, these are the guys sharing those videos with black screens, raw bitmap images, once you attempt to download from them without PG, thus connecting, then they attempt to view and log your shared folder with your IP and whatever information they can get. Also try sharing a small jpeg file with a high profile name and see who tries to download it, interesting. I have also attempted to connect directly to some of these IP&#39;s while searching blocks and find that they immediatly start slamming back into mine and PG every 15 seconds or so.

http://www.ebaumsworld.com/forumfun/whocares1.jpg

Originally posted by adthomp@27 June 2003 - 08:40
Who Gives A Fuck?
Al don&#39;t got broadband, why should he?

I do and don&#39;t feel like getting some fuck ass letter or losing my broadband.

The big shots of the Music Industry threat to sue all file sharing users.

Lets&#39;s BOYCOTT the Music Industry and NOT BUY ANY CD for at least ONE YEAR.

Let&#39;s see what they think about that.

We can do it. Let&#39;s roll...

Originally posted by adthomp@27 June 2003 - 07:33

well i&#39;ve successfully used pg to block connections from the mpaa, riaa and overpeer (when trading files) specifically so as far as there being no proof (i didn&#39;t get notification from my isp) i&#39;m not sure what you mean and as far as the right ips that depends upon the sources you use- having said all that you would be better off importing the ips into your firewall (pg just blocks tcp/icp connections) but not everyone has that option and i&#39;m not individually entering in each range- that&#39;s just a waste of time. so there&#39;s no need to bash what you don&#39;t understand- anyone can go around calling things crap...as for innocent ppl being blocked that&#39;s pretty funny...is it your intent to discourage ppl from taking steps to protect themselves from anti p2p groups? coz your words above say that pretty clearly...

Im not gonna argue your right I coundt care less any RIAA member can get onto any IP address and we wouldnt know&#33; PG has to many faults and we dont even know if it works
lol

HOLY SH&#33;T &#33;&#33; I&#39;ve bin using peer gaurdian for about 2 minutes and its forcefully closed 4 ip&#39;s 3 from the riaa and 1 from mediaforce, although i&#39;m probably asking for trouble using a usernam like "menacetotheriaa" B)

I think that the point that was being made was this:

You leave PG running overnight

PG says "1 000 000 000 connections forcefully closed from Satan"

how do you know that these connections were Satan? were they not just me trying to get that file off you? I am using speedup tool set to find more sources every second...therefore my program tries to connect to you every second, so every second there is another connection forcefully closed.

BUT: and this is the awkward bit, you see a lot of connections, and decide that this is a fantastic piece of software, so you make sure you keep updating the list. The more you increase the list, the more you block....A vicious circle?

Originally posted by vivitron 15@28 June 2003 - 09:37
I think that the point that was being made was this:

You leave PG running overnight

PG says "1 000 000 000 connections forcefully closed from Satan"

how do you know that these connections were Satan? were they not just me trying to get that file off you? I am using speedup tool set to find more sources every second...therefore my program tries to connect to you every second, so every second there is another connection forcefully closed.

BUT: and this is the awkward bit, you see a lot of connections, and decide that this is a fantastic piece of software, so you make sure you keep updating the list.&nbsp; The more you increase the list, the more you block....A vicious circle?The bogus &#39;satan block&#39; for instance is a case where you might want to learn a little more about your software before you use it -- especially any software that can deny/allow access to the internet. You can do simple research on ip ranges and company &#39;ownership&#39; (actually leashes) of those ranges. If you find out that/those ips are owned by Hell Inc, you might want to leave them. :D

Peer Guardian bad ranges are often removed -- sometimes within hours of posting. So it&#39;s just a matter of reading a little about what ranges they deem &#39;bad&#39; and keeping up-to-date.
Blocking virus-infected sources is another issue -- they may EVENTUALLY get antivirus software and remove the viruses they have, but do you want to take a chance with a remote auto-infector virus? (Btw, even misnamed multimedia files can in fact be vbs viruses -- as I unfortunately found out when I downloaded a MP3 file.)

Your statement is more or less the same as saying that running lots of different antivirus software (like 10 different brands at once) tends to bog a system down. (No doubt they might also see each other&#39;s virus scan libraries as VIRUSES themselves and go nuts too...) Likewise, you also can&#39;t install an old antivirus program and expect it to offer good protection against the latest-and-greatest.

Peer Guardian&#39;s block lists are no different.
Even Kazaa Lite++ sort of operates on the same principle -- retrying often-dead ip addresses for files that may have been unshared over half a year ago. I&#39;ve started cleaning out my unfinished DATs if they make no progress after a couple days/weeks. Better to be searching again for the LIVE connections than, or at least retrying the connections I got SOME data from, than those dead ones&#33; That behavior would trigger Peer Guardian&#39;s block routines over and over again if it falls in a blocked range -- disabling Peer Guardian for a short bit and retrying that download could quickly tell you if it&#39;s &#39;live&#39; or not.

OT: If your speedup is hammering a single connection at the rate of once a second, (or worse yet, every second for every file you&#39;re trying to download from it) your ip should be permanently banned by that connection anyway. (Not saying you&#39;re doing this, but this behavior shouldn&#39;t be tolerated as it is hard on the network in a major way.) Finding more sources every second may be sending lots of traffic through the supernodes you&#39;re connected to but it should not be flooding the current list of sources you already have for a file -- it should only be retrying them about once a minute. The difference is, the supernodes have a persistant ip connection with you to transfer information -- like a very slow file transfer in the background. But download attempts make a NEW ip connection every time -- almost like a port scanning attack (new connection attempts will even orginate from a different ip port each time) or packet flood... just the magnitude is typically smaller. If you&#39;re the only one doing it, YOU get &#39;rewarded&#39; with faster downloads at the network&#39;s expense -- but if lots of people are doing it the bandwidth used up becomes SO significant that it may be slowing lots of connections down. This is why the autosearchmore settings were changed from a &#39;permanently on&#39; search till you stopped it to a &#39;search for x minutes&#39; -- because it was hard on the network and wasn&#39;t even particularly beneficial to the user searching longer than 10 minutes in most cases anyhow.