Official eMule-Board: Prevent Hashset Probe - Official eMule-Board

Jump to content


Page 1 of 1

Prevent Hashset Probe lots of exeption warning found in log recently

#1 User is offline   Enig123 

  • Golden eMule
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 493
  • Joined: 22-November 04

Posted 28 March 2013 - 04:23 AM

Basically the OP_HASHSETREQUEST can sent by any clients without any preconditions, the following code is trying to prevent it.

Codes modified in UploadClient.cpp
void CUpDownClient::SendHashsetPacket(const uchar* pData, uint32 nSize, bool bFileIdentifiers)
{
......
		packet = new Packet(&fileResponse, OP_EMULEPROT, OP_HASHSETANSWER2);
	}
	else
	{
		if (nSize != 16)
		{
			ASSERT( false );
			return;
		}
		//Enig123::Prevent clients from probing Hashset without ask a file
		if (isnulmd4(requpfileid)) {
			DebugLogWarning(_T("Client %s tried to probe Hashset without asking for a file."), DbgGetClientInfo());
			Ban(_T("Hashset Prober"));
			return;
		}
		else if (md4cmp(requpfileid, pData)) {
			DebugLogWarning(_T("Client %s tried to request Hashset of file different from asked file."), DbgGetClientInfo());
		}


Any normal client would have requpfileid filled with the hash of the requested file to this extend.
0

#2 User is offline   GeaR 

  • Member
  • PipPip
  • Group: Members
  • Posts: 31
  • Joined: 05-May 07

Posted 30 March 2013 - 06:51 AM

I have tested this code snippet and i'm surpised.

My observations:

1: always IPs from China
2: always aMule clients
3: any client have another ip
4: packages are sent within seconds/minutes of each from all clients at once

sorry for my bad english

This post has been edited by GeaR: 30 March 2013 - 05:10 PM

0

#3 User is offline   fox88 

  • Golden eMule
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 4473
  • Joined: 13-May 07

Posted 30 March 2013 - 08:35 AM

As I see in eMule's source code, requesting hashset for a file that you do not share. would throw an exception and thus no reply would be sent. No network overhead here in the old code.
If the file is shared and it is not the one being downloaded, your code would proceed as usual, only a line into the debug log would be added.

Did I miss something, or that piece of code adds more diagnostics, but does not reduce network traffic?

This post has been edited by fox88: 30 March 2013 - 08:39 AM

0

#4 User is offline   Enig123 

  • Golden eMule
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 493
  • Joined: 22-November 04

Posted 30 March 2013 - 06:52 PM

The point here is, what if you the hashset the remote probed is the file you do share? That's not the case of an exception.

You are right about the other part which is just for log. IMHO, it also should get a ban if it's not a normal client would stuck into.

This post has been edited by Enig123: 30 March 2013 - 06:53 PM

0

#5 User is offline   fox88 

  • Golden eMule
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 4473
  • Joined: 13-May 07

Posted 30 March 2013 - 09:38 PM

View PostEnig123, on 30 March 2013 - 09:52 PM, said:

The point here is, what if you the hashset the remote probed is the file you do share? That's not the case of an exception.

I see.
Both exception throw and your return mean that eMule receives incoming request and does not reply and cause no network overhead.
On the other hand, what could prevent from requesting a file first and then repeatedly ask for hashset(s)?

View PostEnig123, on 30 March 2013 - 09:52 PM, said:

You are right about the other part which is just for log. IMHO, it also should get a ban if it's not a normal client would stuck into.

I'm not sure it is illegal to request a hashset in that case.
0

  • Member Options

Page 1 of 1

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users