Chinese P2Psearcher Thing fake clients pollute ed2k servers and kad
#1
Posted 21 November 2011 - 07:42 AM
for example: Made a eDonkey p2p Resource Finder p2psearcher
I'm worried about it, they could pollute ed2k servers and kad, make ed2k servers or kad full of fake clients.
What do you think about it? How could I block these fake emule or amule?
#2
Posted 21 November 2011 - 09:03 AM
#3
Posted 05 December 2011 - 08:59 AM
(It seems to be a tool by Thunder(a popular leeching client without search function from china, disguise itself as an emule 0.48a mod), or maybe not.)
Don't they harm ed2k servers? They donot share anything but do searching and wasting ed2k severs' resource. I found more search/bot tools like this, but this one is the most popular I think.
And I think there was an anomaly increasing of ed2k users in china during 2010-2011, I doubt how many real clients(emule, amule, mldonkey or any other) are there, maybe ed2k users increased(most from china) but I found my emule's ed2k searching return less results than past or even no result, that's why I'm not convinced there was no influence by these tools/bots.
#4
Posted 05 December 2011 - 11:57 PM
Some Support, on 21 November 2011 - 05:03 PM, said:
'not too many'
In fact such nodes increase rapidly. Although most of such nodes focus on Chinese keywords, they could fill up the nodes table and decrease efficiency of kademlia.
In my opinion, this is a much more problem than leechers...
This post has been edited by Ejack79: 05 December 2011 - 11:58 PM
#5
Posted 06 December 2011 - 01:25 AM
Ejack79, on 06 December 2011 - 12:57 AM, said:
In my opinion, this is a much more problem than leechers...
Question is if they actually are behaving like real contacts and tries to add themselves to other nodes routing tables? In other words are they sending hello requests and hello responses?
This is not necessary for it to work as this searcher-client only needs to know about nodes that are alive in the Kad network and then those could be asked for nodes closer and closer to the searched ID and finally send the search requests to the nodes found to be close enough.
kerjersma, on 05 December 2011 - 09:59 AM, said:
Well, I think most Chinese users in China are using other clients than those based on eMule/aMule. And I suspect that the majority of these clients are behaving unfair in the sense that they are publishing files and sources in a way so that they are unvisible to the ed2k and Kad network. Thus, they are only visible to their own communities. Well, unless they have something to gain from it.
Another reason is that those clients, afaik, are filtered. There are restrictions on what is allowed to be searched for and probably what is allowed to be published and indexed.
And a third reason might be that there are attempts from Chinese directions to filter Kad network as well. See here: http://forum.emule-p...howtopic=151610
This post has been edited by Nissenice: 06 December 2011 - 02:15 AM
#6
Posted 07 December 2011 - 07:04 PM
I haven't seen any dramatic changes in the number of search requests during the last month, but that may depends on what KadID the client has.
What I do have recognized during the last month is an increased number of 'Kad packet too short' messages in the verbose log. I don't think it's because of me, but who knows. The reason for my uncertainty is that I I've made quite a few changes to my own mule, because I'm doing some tracking/research about deviant Kad peer behavior and deviant subnets, and I am, ,especially interested in Chinese peers and subnets. I can't see any reason that any changes I've made would cause this 'Kad packet too short' statement in the verbose log, though.
... 2011-12-06 09:16:12: Client UDP socket: prot=0xe4 opcode=0xa7 sizeaftercrypt=1 realsize=1 Kad packet too short: 123.185.20.xx:23430 2011-12-06 09:16:33: Client UDP socket: prot=0xe4 opcode=0x10 sizeaftercrypt=1 realsize=1 Kad packet too short: 124.230.82.xx:16052 2011-12-06 09:31:18: Client UDP socket: prot=0xe4 opcode=0x21 sizeaftercrypt=1 realsize=1 Kad packet too short: 58.192.53.xx:22347 2011-12-06 09:36:04: Client UDP socket: prot=0xe4 opcode=0xc6 sizeaftercrypt=1 realsize=1 Kad packet too short: 222.33.38.xx:29634 2011-12-06 09:40:06: Client UDP socket: prot=0xe4 opcode=0x73 sizeaftercrypt=1 realsize=1 Kad packet too short: 163.204.110.xx:3688 2011-12-06 09:40:26: Client UDP socket: prot=0xe4 opcode=0xfa sizeaftercrypt=1 realsize=1 Kad packet too short: 222.35.191.xx:17107 2011-12-06 09:42:10: Client UDP socket: prot=0xe4 opcode=0x5e sizeaftercrypt=1 realsize=1 Kad packet too short: 112.194.228.xx:21448 2011-12-06 09:42:49: Client UDP socket: prot=0xe4 opcode=0x83 sizeaftercrypt=1 realsize=1 Kad packet too short: 220.166.62.xx:23458 2011-12-06 09:42:55: Client UDP socket: prot=0xe4 opcode=0x82 sizeaftercrypt=1 realsize=1 Kad packet too short: 218.200.128.xx:8125 2011-12-06 09:50:58: Client UDP socket: prot=0xe4 opcode=0xb5 sizeaftercrypt=1 realsize=1 Kad packet too short: 222.33.38.xx:29634 2011-12-06 09:52:23: Client UDP socket: prot=0xe4 opcode=0xb9 sizeaftercrypt=1 realsize=1 Kad packet too short: 120.192.229.xx:11428 2011-12-06 10:00:56: Client UDP socket: prot=0xe4 opcode=0x0f sizeaftercrypt=1 realsize=1 Kad packet too short: 93.32.63.xx:22959 Italy! 2011-12-06 10:02:52: Client UDP socket: prot=0xe4 opcode=0xb0 sizeaftercrypt=1 realsize=1 Kad packet too short: 112.194.228.xx:21448 ...
One IP from Italy and the rest from China. This doesn't need to be related to this p2p searcher. It can also be related to another client.
This post has been edited by Nissenice: 07 December 2011 - 07:07 PM
#7
Posted 08 December 2011 - 06:59 AM
Nissenice, on 07 December 2011 - 10:04 PM, said:
To compare behaviour you could try to run official eMule for a while with exactly the same configuration or as a second instance (with similar configuration, but different IDs, of course).
#8
Posted 08 December 2011 - 06:35 PM
fox88, on 08 December 2011 - 07:59 AM, said:
Hehe, I know, I was hoping I could avoid just that. Anyway, now it has been done. Tested with regular mule, and to my relief it doesn't seem to have anything to do with my programming skills. It's about the same number of 'Kad packet too short' messages.
I also checked backwards in logs from clients with at least 4 different KadID's and I can see traces of these messages as far back as in July. At the end of october (27th, 28th) there was an escalation and since then, without digging too deep in it, there has been an increasing number of such statements. I assume this mean there was an update of something near the end of october and now an increasing number of people is using it.
One way to try to find out what 'something' is, is to start tracking the IP's sending these packets and log all the requests they are sending. And then by looking at e.g. the search requests there is a possibility to make a judgement if this is related to a searching tool or, erm, a downloading tool. If it is interesting.
This post has been edited by Nissenice: 08 December 2011 - 06:47 PM
#9
Posted 09 December 2011 - 04:20 AM
#10
Posted 09 December 2011 - 09:20 PM
Enig123, on 09 December 2011 - 05:20 AM, said:
Yes, I think so too.
I found that a few of these had been logged when I was logging
This post has been edited by Nissenice: 09 December 2011 - 09:34 PM
#11
Posted 16 December 2011 - 12:17 AM
http://www.p2psearcher.info/
No English pages presently...
There is a bulletin about condemnation:
'This software could SEARCH ONLY. You can download from resulting links with DianLv or Xunlei. We will not comment on this, but we hope you download with eMule(other than Xunlei), so that resources could gather and downloading speed could boost.'
http://www.p2psearch...dongtai/60.html
#12
Posted 16 December 2011 - 09:42 AM
Ejack79, on 16 December 2011 - 01:17 AM, said:
'This software could SEARCH ONLY. You can download from resulting links with DianLv or Xunlei. We will not comment on this, but we hope you download with eMule(other than Xunlei), so that resources could gather and downloading speed could boost.'
http://www.p2psearch...dongtai/60.html
Well, that's better than nothing, if I got it right. Maybe this suggests a little that people behind the tool is independent of the castrated clients that can't search Kad?
Question is why anyone using eMule should need to use it. What does the tool do which eMule do not?
By the way, I said above that
Nissenice, on 07 December 2011 - 08:04 PM, said:
Well, that wasn't so strange, because when I tried to search for information about these tools I found information on that one was released in ~ mars 2010 and another tool in ~ july 2010. So they are not as new as I thought.
This post has been edited by Nissenice: 16 December 2011 - 09:59 AM
#13
Posted 17 December 2011 - 02:33 AM
Ejack79, on 16 December 2011 - 08:17 AM, said:
http://www.p2psearcher.info/
No English pages presently...
There is a bulletin about condemnation:
'This software could SEARCH ONLY. You can download from resulting links with DianLv or Xunlei. We will not comment on this, but we hope you download with eMule(other than Xunlei), so that resources could gather and downloading speed could boost.'
http://www.p2psearch...dongtai/60.html
But you forgot this recently link that suggest chinese people use Xunlei to leeching: http://www.p2psearch...o/wenti/62.html
Nissenice, on 16 December 2011 - 05:42 PM, said:
This tool fools chinese people who had been already fooled by verycd and Xunlei, they didn't know anything about emule, but just thought what they used is "emule"(verycd made a phishing site emule.org.cn and cheat all chinese they are "official emule") which do not have any search function, if chinese want to find a search way, that's their chance to know real official emule, so the second swindler appears, made this tool provide search function and prevent chinese to know real emule. The most important thing what I found is: this tool has censorship function. Now you know why they did this, they thought eMule as an enemy that can be break the "information-greatwall" what prevent chinese people exchange files and get infomations freedly. You can call this misinformation warfare.
This post has been edited by inmemory: 17 December 2011 - 02:40 AM
#14
Posted 18 December 2011 - 12:55 AM
inmemory, on 17 December 2011 - 03:33 AM, said:
Nissenice, on 16 December 2011 - 05:42 PM, said:
This tool fools chinese people who had been already fooled by verycd and Xunlei, they didn't know anything about emule, but just thought what they used is "emule"(verycd made a phishing site emule.org.cn and cheat all chinese they are "official emule") which do not have any search function, if chinese want to find a search way, that's their chance to know real official emule, so the second swindler appears, made this tool provide search function and prevent chinese to know real emule. The most important thing what I found is: this tool has censorship function. Now you know why they did this, they thought eMule as an enemy that can be break the "information-greatwall" what prevent chinese people exchange files and get infomations freedly. You can call this misinformation warfare.
What I had in mind with my question was why should anyone using eMule use this searching tool? What can it offer to an eMule user that eMule cannot? No doubt it can offer something to a user who uses a client which can't search Kad for instance. So, in my opinion this so called condemnation sounds a bit hollow to me. Even if it's slightly better than if the person(s) behind the tool hadn't mentioned eMule at all.
#15
Posted 18 December 2011 - 04:01 AM
Nissenice, on 18 December 2011 - 08:55 AM, said:
It cannot offer to an eMule users anything that eMule cannot in search (except censorship), but the chinese users do not know or understand this (reason on above), they are easy to believe its publicity blindly just like: "eMule has search filter, but my tool(s) can search everything".
#16
Posted 10 January 2012 - 06:19 PM
Google translation:
Quote
January 9, 2012 Monday, 19:19 | Posted by: editor
p2psearcher is a modified use of foreign open source software aMule, the interface "castrate" the most original aMule features, retaining only the aMule's search function (or a small part) and a small increase in advertising "tool."
Evidence
Not a professional developer for the ordinary user, it is very easy to find this:
The following test under Windows XP, use p2psearcher 1.5.0 (in fact, aMule 2.3.0.1 ).
Evidence 1:
First, the authors have forgotten to cover up in the program properties of "aMule" information, such as the version number 2.3.0.1, the internal name of the aMule, etc.:
picture 1
Evidence 2:
First run p2psearcher, it will automatically download a list of servers, this prompt is displayed when you are willing to let aMule download server list:
picture 2
Evidence 3:
Open p2psearcher later, will generate all the aMule configuration file in your user directory, Go back to find it, such as "c: \ Documents and Settings \ xxxx \ Application Data \ aMule \" (Windows XP in).
For example configuration file amule.conf, etc., and open the file logfile, we can clearly see aMule log:
Quote
2012-01-09 16:46:32: Checking if there is an instance already running...
2012-01-09 16:46:32: No other instances are running.
2012-01-09 16:46:32: Creditfile loaded, 0 clients are known
2012-01-09 16:46:32: External connections disabled in config file
2012-01-09 16:46:32: Created Server UDP-Socket at port 4665
2012-01-09 16:46:32: ListenSocket: Ok.
2012-01-09 16:46:32: Created Client UDP-Socket at port 4672
2012-01-09 16:46:33: - This is aMule 2.3.0 compiled with wxMSW VC v2.8.12 based on eMule.
2012-01-09 16:46:33: Running on Windows XP (build 2600, Service Pack 3)
2012-01-09 16:46:33: - Visit http://www.amule.org to Check if a new Version is available.
Other documents are also the standard aMule configuration file. In addition, if this time you try to open aMule, aMule will mistakenly believe that their "own" has been running in the system, and can not be opened. Similarly vice versa.
For professionals, they decompile tool to analyze and compare the code, you can tear off all disguise, the official eMule or want to contact the help of mod developers, but unfortunately there has been no trouble they run for the.
.
.
.
Read more here: http://translate.goo...cher%2F&act=url
Original post in Chinese: http://emulefans.com...ts-p2psearcher/
#17
Posted 12 January 2012 - 08:23 PM
I'm a eMule user from china
About a month ago,I heard about this software"P2P Searcher"
My computer knowledge is not very good and English is not so good
But I probably can understand this software have potential hazards
I hope all of you show sympathy for that Chinese users
Because Chinese network have a shield system
It can shield all government do not want user searched things
So most Chinese user can not searched them wants in anyone Search Site
This shield also be applied to Chinese "eMule"
This is the people who use "P2P Searcher" reason
If only it harm ed2k servers but also I'll never use it(I Mean:I'll never use it)- p.s: There may be grammar mistakes
About "Xunlei"- p.s : a download software in China
Xunlei is not only is demand also have return
Look this picture
red mark translate :eMule task will be to upload(automatic) , such as don't need to upload(automatic) , please delete this task ~
This post has been edited by ron0577: 12 January 2012 - 08:46 PM
#18
Posted 13 January 2012 - 12:30 AM
ron0577, on 13 January 2012 - 04:23 AM, said:
I'm a eMule user from china
About a month ago,I heard about this software"P2P Searcher"
My computer knowledge is not very good and English is not so good
But I probably can understand this software have potential hazards
I hope all of you show sympathy for that Chinese users
Because Chinese network have a shield system
It can shield all government do not want user searched things
So most Chinese user can not searched them wants in anyone Search Site
This shield also be applied to Chinese "eMule"
This is the people who use "P2P Searcher" reason
If only it harm ed2k servers but also I'll never use it(I Mean:I'll never use it)- p.s: There may be grammar mistakes
About "Xunlei"- p.s : a download software in China
Xunlei is not only is demand also have return
Look this picture
red mark translate :eMule task will be to upload(automatic) , such as don't need to upload(automatic) , please delete this task ~
I'm a Chinese, too. It seems that you were badly cheated. In fact, Keywords 'filtered by GFW' COULD BE SEARCHED BY EMULE OR ANY OTHER NORMAL MOD. Only some mods made in China (easyMule or VC mod, etc.) added wordfilter to satisfy the Gov.
我也是中国人。看样子你一直被骗得不轻。eMule及其任何一款mod都能搜索被功夫网墙掉的关键字,只有国产的某些“驴”才会挥刀自宫取悦主子。
So it's definitely just a excuse for P2P Searcher to 'search keywords filtered by GFW'. IMHO it is made for other downloader (Xunlei, etc.) which cannot search in eMule but covets eMule resources.
因此以搜索被屏蔽的关键字为理由为P2P Searcher辩护是根本站不住脚的。这货就是为一些不具备eMule搜索功能又觊觎eMule资源的玩意儿打造的。
P.S.
Yes, Xunlei does upload. But how much of its upload will transfer to eMule users fairly? According to tests by net guys, most of upload by Xunlei streams to other Xunlei users. This may be nature of any bizsoft, seeking for best profit.
另外……迅雷的确是有上传,但是有多少会公平地上传给eMule用户呢?网友的实验已经证明,迅雷上传的大部分都是流向迅雷用户。这是商业软件的天性——追逐最大利益。
#19
Posted 13 January 2012 - 06:53 AM
ron0577, on 13 January 2012 - 04:23 AM, said:
This is the people who use "P2P Searcher" reason
No, you are fooled by your "Chinese "eMule"" (maybe you mean verycd mod/easymule who call themself "the official Chinese eMule" to cheat chinese people), but the real official eMule has Chinese language - both traditional and simplified Chinese support.
Otherwise, look at this "p2psearcher" actually is an aMule absolutely(link:http://emulefans.com...ts-p2psearcher/), the only improvement of it is: with an advertisement of venereal disease. Are you kidding? Why don't you use truly aMule instead of an adware or scareware?
So your excuse not a reason, the only thing you should understand or you should do is: use official eMule or aMule, then you can search files freely no matter where you live in China.
ron0577, on 13 January 2012 - 04:23 AM, said:
Where is your meaning return way? Show me a shared files window just like eMule has where you can add your "return" or an explicit uploading to clients list window which could show your "return" whether fairly, that maybe more persuasive arguments for me.
If your purpose is searching files with no limit, no censorship , use eMule or aMule you can get it.
This post has been edited by inmemory: 13 January 2012 - 07:31 AM
#20
Posted 13 January 2012 - 06:15 PM
inmemory, on 13 January 2012 - 02:53 PM, said:
ron0577, on 13 January 2012 - 04:23 AM, said:
This is the people who use "P2P Searcher" reason
No, you are fooled by your "Chinese "eMule"" (maybe you mean verycd mod/easymule who call themself "the official Chinese eMule" to cheat chinese people), but the real official eMule has Chinese language - both traditional and simplified Chinese support.
Otherwise, look at this "p2psearcher" actually is an aMule absolutely(link:http://emulefans.com...ts-p2psearcher/), the only improvement of it is: with an advertisement of venereal disease. Are you kidding? Why don't you use truly aMule instead of an adware or scareware?
So your excuse not a reason, the only thing you should understand or you should do is: use official eMule or aMule, then you can search files freely no matter where you live in China.
ron0577, on 13 January 2012 - 04:23 AM, said:
Where is your meaning return way? Show me a shared files window just like eMule has where you can add your "return" or an explicit uploading to clients list window which could show your "return" whether fairly, that maybe more persuasive arguments for me.
If your purpose is searching files with no limit, no censorship , use eMule or aMule you can get it.
I'll never use it !reiterate