Abuse Notice From Isp...

imported_dr_gibberish · 07-18-2003, 01:22 AM

Came home this afternoon to a rather threatening message from my ISP (Comcast) stating that I had violated their acceptable use policy by allegedly trading something copyrighted on K-Lite. According to the message, the Business Software Alliance alleged that I was trading a copyrighted file over the network. Listed a file name, my K-Lite username, my WAN IP, and the alleged port. (1214 though I actually run K-Lite on another port?&#33

My big question is, after using K-Lite for more than 6 months and keeping my machine on basically 24/7 with 8 upload slots, why is this happening to me now? Especially since K-Lite 2.4 now has the Peer Guardian list of blocked IPs (which includes the BSA) and I have checked "User's can't get a list of your shared files" which I thought would give me an added level of protection (though I'm aware PG list is not perfect.)

I should note a couple of other recent changes in my use:
1) I was on ATT which fully switched to comcast at the beginning of this month.
2) I recently started using KaNAT (because I'm behind a router) which propogates my WAN IP rather than my LAN IP. I am concerned about this because I worry it has made me more "identifiable". Also, to use KaNAT you have to "uncheck" "Don't save local IP's in DAT files" in the K-Lite options menu. Could this have made me more vulnerable?

Does anyone who has been through this have suggetsions about how to handle this with the ISP?
Anyone with more knowledge than I about K-Lite (or perhaps KaNAT) have suggestions about how to protect myself in the future?

I want to play nice and share but I can't lose my ISP over this....

imported_dr_gibberish · 07-18-2003, 02:32 AM

Another thought...

Does anyone know what the reason for the "Disable port 1214" option is and whether this might be relevant to my problem (above)? I have K-Lite set to use an alternate port for incoming connections (you have to to use KaNAT) so should I check this?

**MadDog-2000** · 07-18-2003, 03:41 AM

I can't help you out with your router problems but they might have spotted you the old fashioned way, just by searching for sone copyright protected file and you came up as one source.

dr_gibberish Posted on 17 July 2003 - 20:32

According to the message, the Business Software Alliance alleged that I was trading a copyrighted file over the network. Listed a file name, my K-Lite username, my WAN IP, and the alleged port. (1214 though I actually run K-Lite on another port?&#33

You mean they listed only one single file that was copyrighted or like a list of files? It they listed only one that probably means that they found you through a simple search but were not able to bring up the list of all your shared files, which is good and you know the new feature works.

Just because you are behind a router doesn't mean its harder for them to track you down, nor does it make you any safer, at least in this case.

dr_gibberish Posted on 17 July 2003 - 19:22

Also, to use KaNAT you have to "uncheck" "Don't save local IP's in DAT files" in the K-Lite options menu. Could this have made me more vulnerable?

No, DAT files and IP numbers are not transfered to them, that information resides on your machine only but they are able to get your IP number without any problems.

dr_gibberish Posted on 17 July 2003 - 20:32

Does anyone know what the reason for the "Disable port 1214" option is and whether this might be relevant to my problem (above)?

Port 1214 (aka Kazaa's port) is disabled so no-one can scan your computer to see if you're using Kazaa K++.

Just because they scanned you, have your IP number and know that you are sharing a file they think is copyrighted doesn't mean you actually do. The file they found on your HD could be a fake or just some random file, renamed to something that looks copyrighted. The only way they can be 100% sure is if they download that file from you and see if it really is what it appears to be.

Anyway, I suggest you stay low for the next time and unshare your music or other copyrighted files. Just share programs (even warez if you like, since RIAA and MPAA have no jurisdiction over that), eBookz, movie trailers or something like that and get (and share) your music on a minor networks like Blubster or Gnutella. Those networks are not monitored (or not as heavily) by the RIAA and MPAA. Try some alternatives, at least for music and movies. Try BitTorrent, you can download full CD albums and movies but there is no effective way of tracking you because of its structure and protocol.

**damnit182** · 07-18-2003, 03:44 AM

Does Kazaa not work without KaNat? How many machines are connected to your router? I'm guessing your router uses NAT (network address translation)?

I think it wouldnt make much difference to the RIAA/similar whether they can see your WAN IP or your LAN IP, becuase they can trace it either way.

It seems to me that even though one specifies a different port for Kazaa to use, it only uses these in addition to 1214. I specified 6699 and 80 for incoming connections yet in Zonealarm it says K-Lite is listening to 1214,6699,80. BTW this is only in Kazaa Lite 2.0.2 so it may be different for later versions.

**-Genesis-** · 07-21-2003, 02:55 PM

There is no way they can tell you the name of the file that you transfered unless they actually watched you doing it. they could have detected you using kazaa but thats it. Sounds like a joke to me, one of ure m8s maybee.

Ganthan · 07-21-2003, 03:08 PM

Originally posted by Genesis-@21 July 2003 - 14:55
There is no way they can tell you the name of the file that you transfered unless they actually watched you doing it. they could have detected you using kazaa but thats it. Sounds like a joke to me, one of ure m8s maybee.

You are terribly misinformed and naive.

imported_dr_gibberish · 07-22-2003, 06:59 PM

Thanks for all the responses, sorry for not getting back sooner but I wasn't aware the board was back up...

@Mad Dog-2000 - Appreciate all the advice. Yes it was one file. When you say warez is less of problem - this was the Business Software Alliance targetting me. The alleged file was software not music or movies. Regardless, your advice is really apprecaited and I have actually been exploring BitTorrent over the last few days (Though the problem seems to be it only works well for common, high demand files.) Another thing, how much of a problem do you think it is for me to download using K-Lite? (As opposed to sharing.) However, you feel pretty sure that using KaNAT did not increase my vulnerability?

@damnit182 - K-Lite works without behind a router without KaNAT but it works much better with it. Without it you cannot access anyone else who is also behind a router that use Network Address Translation (NAT) Since this includes a lot of broadband users, you are shut out from some of the fastest sources. For me, the program makes a big difference.

@Genesis - Defintely no joke. You only need to have seen the email. Went to every single one of my addresses, had every detail about me, my account, etc. (Things no one could have gotten simply by monitoring my traffic.)

No folks, this was serious and unfortunately is going to have the desired effect on my ability to share files with K-Lite. I really have no choice. It seems as if it's that or lose my broadband access...

**Switeck** · 07-23-2003, 06:43 AM

UNLESS you check the do not use port 1214, Kazaa CAN still be detected by a port-scan of port 1214. This explains why the Cease and Desist notice reports Kazaa as running on port 1214.

Good thing it was only a warning, although it's useful info for others.

It seems if you have a real ip OR using KaNAT AND don't have port 1214 disabled that THEY can detect you. Whether they can detect you IF you disable port 1214 but still use KaNAT (with port-forwarding ONLY to the port KL++ is now using... not 1214 of course) then I do not know. If I had to guess, a "Kazaa detector" would scan ranges of ips looking for responses to its port 1214 messages. This should be TOTALLY BLOCKED if random nut's blocking of 1214 isn't just smoke-and-mirrors. And even if that wasn't 100% effective, your ROUTER could be set up to block incoming port 1214 traffic.

Unfortunately, RIAA/MPAA/BSA have tools just as powerful as WE do for use on Kazaa. They definitely have something much like Kazaa Search -- which allows them to do searches and link ips with shared files. Even K-Dat can link ips to shared files AND Kazaa names. I do not know if they can get someone's real WAN ip from it if they're behind a router but not using KaNAT -- they probably can, but it's more effort I bet.

And they may even have an automated way to LIST someone's shared files (if that person ALLOWS their shared files to be listed) -- which KL++ blocks easily. They may even be able to make a direct connection with a Kazaa machine and do a blanket "MP3" search just to it -- like they're that machine's supernode connection to the REST of Kazaa, which would return many matches even if browse host capabilites were disabled. (This 2nd type of file listing IMO crosses the vague line of 'just searching the network' to 'hacking computers' because while they're doing that they are intentially depriving that computer of normal access to the search portion of the network. It's a man-in-the-middle hack attack.)

I imagine they're putting a significant load on the entire network with their specialized searches. They probably have ways to do more than 1 search simultaneously from a single ip, and definitely have 'server farms' with broad ip ranges devoted to them.

One thing is for certain, they are running way more than regular Kazaa and probably aren't running regular Kazaa at all. Being that they (most probably) HAVEN'T paid network liscencing fees for their software to be allowed to connect to the network, they are hacking the network in that manner too! (Morpheus got booted off the network a long while back for not paying the fees.) But RIAA/MPAA/BSA probably feel copyright laws only apply to 'little people'.

I'm behind a router and use KaNAT only part of the time. Reason being -- if I use it constantly, too many people get my ip in their many download requests and I start getting hammered by their requests (which add up faster than I am uploading) for days/weeks/months. So I turn off KaNAT but leave on ip port-forwarding to 'drain off' the excessive requests. While not running KaNAT, previous connections to my computer that are firewalled can still connect because I have port-forwarding on -- but when I try to list their files the search fails even before it begins.