Official eMule-Board: Strange Kad Contacts Behaviour - Official eMule-Board

Jump to content


Page 1 of 1

Strange Kad Contacts Behaviour At least 78 contacts try update (change) UDP-ports at the same time

#1 User is offline   mulefan 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 2
  • Joined: 25-April 21

Posted 25 April 2021 - 10:39 PM

On April the 24 my emule logged a strange behavior: At least 78 Kad contacts tried to change their UDP ports. This happened at the time between 18:51 and 19:16.
From experience I know, that this is an exceptional event. When it occurs, usually only a single contact is affected.
Possibly someone has an idea explaining what I have seen.

Following a section from my verbose log:
24.04.2021 18:51:28: value update from kad contact IP=2.36.195.84  (UDP:4772 -> UDP:10371)
24.04.2021 18:51:54: value update from kad contact IP=218.92.77.238  (UDP:4772 -> UDP:5829)
24.04.2021 18:51:54: value update from kad contact IP=109.75.93.163  (UDP:4772 -> UDP:34895)
24.04.2021 18:52:02: value update from kad contact IP=122.238.187.24  (UDP:4772 -> UDP:20226)
24.04.2021 18:52:22: value update from kad contact IP=84.123.101.156  (UDP:4772 -> UDP:23881)
24.04.2021 18:54:10: value update from kad contact IP=123.192.81.111  (UDP:4772 -> UDP:20788)
24.04.2021 18:55:31: value update from kad contact IP=109.52.207.157  (UDP:4692 -> UDP:7271)
24.04.2021 18:55:41: value update from kad contact IP=171.113.164.239  (UDP:4692 -> UDP:22991)
24.04.2021 18:55:41: value update from kad contact IP=42.80.217.50  (UDP:4692 -> UDP:23277)
24.04.2021 18:55:57: value update from kad contact IP=223.73.28.33  (UDP:4692 -> UDP:36577)
24.04.2021 18:56:03: value update from kad contact IP=92.149.154.174  (UDP:4692 -> UDP:4671)
24.04.2021 18:56:29: value update from kad contact IP=83.51.28.33  (UDP:4692 -> UDP:55308)
24.04.2021 18:57:12: value update from kad contact IP=87.8.67.36  (UDP:4692 -> UDP:24336)
24.04.2021 18:57:37: value update from kad contact IP=84.108.100.146  (UDP:4692 -> UDP:54979)
24.04.2021 18:58:11: value update from kad contact IP=111.246.92.244  (UDP:4692 -> UDP:5028)
24.04.2021 18:58:47: value update from kad contact IP=83.42.4.146  (UDP:4692 -> UDP:37401)
24.04.2021 19:00:06: value update from kad contact IP=223.240.53.191  (UDP:4692 -> UDP:49608)
24.04.2021 19:00:23: value update from kad contact IP=182.131.214.117  (UDP:4692 -> UDP:20704)
24.04.2021 19:00:25: value update from kad contact IP=110.87.164.238  (UDP:4692 -> UDP:40532)
24.04.2021 19:00:28: value update from kad contact IP=80.230.7.192  (UDP:4692 -> UDP:4672)
24.04.2021 19:00:38: value update from kad contact IP=212.231.62.168  (UDP:4692 -> UDP:4672)
24.04.2021 19:00:42: value update from kad contact IP=70.95.212.2  (UDP:4692 -> UDP:5153)
24.04.2021 19:00:47: value update from kad contact IP=149.74.38.114  (UDP:4692 -> UDP:4672)
24.04.2021 19:00:47: value update from kad contact IP=83.165.28.26  (UDP:4692 -> UDP:64671)
24.04.2021 19:00:54: value update from kad contact IP=88.24.251.103  (UDP:4692 -> UDP:37867)
24.04.2021 19:01:09: value update from kad contact IP=85.53.84.93  (UDP:4692 -> UDP:1985)
24.04.2021 19:01:36: value update from kad contact IP=175.161.71.78  (UDP:4692 -> UDP:6266)
24.04.2021 19:02:25: value update from kad contact IP=92.21.70.5  (UDP:4692 -> UDP:37034)
24.04.2021 19:02:51: value update from kad contact IP=95.123.127.222  (UDP:4692 -> UDP:63017)
24.04.2021 19:02:51: value update from kad contact IP=79.32.132.251  (UDP:4692 -> UDP:30597)
24.04.2021 19:03:13: value update from kad contact IP=81.0.37.38  (UDP:4692 -> UDP:36427)
24.04.2021 19:03:28: value update from kad contact IP=188.76.78.21  (UDP:4692 -> UDP:19502)
24.04.2021 19:03:29: value update from kad contact IP=36.237.105.74  (UDP:4692 -> UDP:4672)
24.04.2021 19:03:40: value update from kad contact IP=87.70.22.103  (UDP:4692 -> UDP:5672)
24.04.2021 19:03:46: value update from kad contact IP=96.255.93.55  (UDP:4692 -> UDP:47116)
24.04.2021 19:03:53: value update from kad contact IP=123.13.221.170  (UDP:4692 -> UDP:5811)
24.04.2021 19:04:13: value update from kad contact IP=176.128.81.9  (UDP:4692 -> UDP:32439)
24.04.2021 19:04:14: value update from kad contact IP=90.12.228.216  (UDP:4692 -> UDP:5192)
24.04.2021 19:04:19: value update from kad contact IP=80.101.109.68  (UDP:4692 -> UDP:6789)
24.04.2021 19:04:28: value update from kad contact IP=85.53.15.69  (UDP:4692 -> UDP:52131)
24.04.2021 19:04:32: value update from kad contact IP=37.163.28.151  (UDP:4692 -> UDP:30504)
24.04.2021 19:04:37: value update from kad contact IP=109.115.236.127  (UDP:4692 -> UDP:4672)
24.04.2021 19:05:02: value update from kad contact IP=213.177.200.98  (UDP:4692 -> UDP:14303)
24.04.2021 19:05:35: value update from kad contact IP=94.73.43.138  (UDP:4692 -> UDP:13803)
24.04.2021 19:05:36: value update from kad contact IP=123.139.176.158  (UDP:4692 -> UDP:2924)
24.04.2021 19:05:46: value update from kad contact IP=79.156.195.138  (UDP:4692 -> UDP:31799)
24.04.2021 19:05:53: value update from kad contact IP=79.47.128.88  (UDP:4692 -> UDP:5410)
24.04.2021 19:06:18: value update from kad contact IP=93.36.181.127  (UDP:4692 -> UDP:14201)
24.04.2021 19:06:30: value update from kad contact IP=1.29.25.190  (UDP:4692 -> UDP:16628)
24.04.2021 19:06:52: value update from kad contact IP=86.121.119.84  (UDP:4692 -> UDP:6112)
24.04.2021 19:06:54: value update from kad contact IP=220.165.108.47  (UDP:4692 -> UDP:5120)
24.04.2021 19:08:39: value update from kad contact IP=131.93.143.187  (UDP:4672 -> UDP:11082)
24.04.2021 19:09:10: value update from kad contact IP=1.200.15.220  (UDP:4672 -> UDP:11675)
24.04.2021 19:10:08: value update from kad contact IP=101.93.81.64  (UDP:4672 -> UDP:46251)
24.04.2021 19:10:40: value update from kad contact IP=221.223.97.179  (UDP:4672 -> UDP:3230)
24.04.2021 19:10:50: value update from kad contact IP=108.214.192.46  (UDP:4672 -> UDP:6093)
24.04.2021 19:10:53: value update from kad contact IP=79.147.195.128  (UDP:4672 -> UDP:44265)
24.04.2021 19:10:57: value update from kad contact IP=124.13.76.213  (UDP:4672 -> UDP:22342)
24.04.2021 19:11:01: value update from kad contact IP=125.78.1.225  (UDP:4672 -> UDP:34029)
24.04.2021 19:11:10: value update from kad contact IP=176.85.16.176  (UDP:4672 -> UDP:6883)
24.04.2021 19:11:10: value update from kad contact IP=90.92.125.242  (UDP:4672 -> UDP:40672)
24.04.2021 19:11:15: value update from kad contact IP=80.30.237.152  (UDP:4672 -> UDP:7020)
24.04.2021 19:11:29: value update from kad contact IP=79.36.95.178  (UDP:4672 -> UDP:1024)
24.04.2021 19:11:53: value update from kad contact IP=178.237.234.154  (UDP:4672 -> UDP:1696)
24.04.2021 19:12:25: value update from kad contact IP=95.120.207.249  (UDP:4672 -> UDP:1985)
24.04.2021 19:12:38: value update from kad contact IP=37.14.51.24  (Version:4 -> Version:3)
24.04.2021 19:12:57: value update from kad contact IP=79.36.95.178  (UDP:4672 -> UDP:5643)
24.04.2021 19:13:24: value update from kad contact IP=139.227.242.113  (UDP:4672 -> UDP:6658)
24.04.2021 19:13:48: value update from kad contact IP=78.227.247.119  (UDP:4672 -> UDP:62313)
24.04.2021 19:14:09: value update from kad contact IP=84.193.50.177  (UDP:4672 -> UDP:30444)
24.04.2021 19:14:23: value update from kad contact IP=223.71.54.240  (UDP:4672 -> UDP:41176)
24.04.2021 19:14:27: value update from kad contact IP=83.215.178.129  (UDP:4672 -> UDP:51529)
24.04.2021 19:14:47: value update from kad contact IP=221.196.154.34  (UDP:4672 -> UDP:4178)
24.04.2021 19:14:59: value update from kad contact IP=185.77.217.104  (UDP:4672 -> UDP:1001)
24.04.2021 19:15:43: value update from kad contact IP=151.63.78.101  (UDP:4672 -> UDP:57137)
24.04.2021 19:15:56: value update from kad contact IP=95.174.66.252  (UDP:4672 -> UDP:7890)
24.04.2021 19:15:57: value update from kad contact IP=95.120.37.124  (TCP:4662 -> TCP:4665)
24.04.2021 19:16:05: value update from kad contact IP=177.54.157.216  (UDP:4672 -> UDP:27977)

0

#2 User is offline   peisears 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 1
  • Joined: 28-October 21

Posted 28 October 2021 - 04:48 AM

View Postmulefan, on 25 April 2021 - 10:39 PM, said:

On April the 24 my emule logged a strange behavior: At least 78 Kad contacts tried to change their UDP ports. This happened at the time between 18:51 and 19:16.
From experience I know, that this is an exceptional event. When it occurs, usually only a single contact is affected.
Possibly someone has an idea explaining what I have seen.

Following a section from my verbose log:
24.04.2021 18:51:28: value update from kad contact IP=2.36.195.84  (UDP:4772 -> UDP:10371)
24.04.2021 18:51:54: value update from kad contact IP=218.92.77.238  (UDP:4772 -> UDP:5829)
24.04.2021 18:51:54: value update from kad contact IP=109.75.93.163  (UDP:4772 -> UDP:34895)
24.04.2021 18:52:02: value update from kad contact IP=122.238.187.24  (UDP:4772 -> UDP:20226)
24.04.2021 18:52:22: value update from kad contact IP=84.123.101.156  (UDP:4772 -> UDP:23881)
24.04.2021 18:54:10: value update from kad contact IP=123.192.81.111  (UDP:4772 -> UDP:20788)
24.04.2021 18:55:31: value update from kad contact IP=109.52.207.157  (UDP:4692 -> UDP:7271)
24.04.2021 18:55:41: value update from kad contact IP=171.113.164.239  (UDP:4692 -> UDP:22991)
24.04.2021 18:55:41: value update from kad contact IP=42.80.217.50  (UDP:4692 -> UDP:23277)
24.04.2021 18:55:57: value update from kad contact IP=223.73.28.33  (UDP:4692 -> UDP:36577)
24.04.2021 18:56:03: value update from kad contact IP=92.149.154.174  (UDP:4692 -> UDP:4671)
24.04.2021 18:56:29: value update from kad contact IP=83.51.28.33  (UDP:4692 -> UDP:55308)
24.04.2021 18:57:12: value update from kad contact IP=87.8.67.36  (UDP:4692 -> UDP:24336)
24.04.2021 18:57:37: value update from kad contact IP=84.108.100.146  (UDP:4692 -> UDP:54979)
24.04.2021 18:58:11: value update from kad contact IP=111.246.92.244  (UDP:4692 -> UDP:5028)
24.04.2021 18:58:47: value update from kad contact IP=83.42.4.146  (UDP:4692 -> UDP:37401)
24.04.2021 19:00:06: value update from kad contact IP=223.240.53.191  (UDP:4692 -> UDP:49608)
24.04.2021 19:00:23: value update from kad contact IP=182.131.214.117  (UDP:4692 -> UDP:20704)
24.04.2021 19:00:25: value update from kad contact IP=110.87.164.238  (UDP:4692 -> UDP:40532)
24.04.2021 19:00:28: value update from kad contact IP=80.230.7.192  (UDP:4692 -> UDP:4672)
24.04.2021 19:00:38: value update from kad contact IP=212.231.62.168  (UDP:4692 -> UDP:4672)
24.04.2021 19:00:42: value update from kad contact IP=70.95.212.2  (UDP:4692 -> UDP:5153)
24.04.2021 19:00:47: value update from kad contact IP=149.74.38.114  (UDP:4692 -> UDP:4672)
24.04.2021 19:00:47: value update from kad contact IP=83.165.28.26  (UDP:4692 -> UDP:64671)
24.04.2021 19:00:54: value update from kad contact IP=88.24.251.103  (UDP:4692 -> UDP:37867)
24.04.2021 19:01:09: value update from kad contact IP=85.53.84.93  (UDP:4692 -> UDP:1985)
24.04.2021 19:01:36: value update from kad contact IP=175.161.71.78  (UDP:4692 -> UDP:6266)
24.04.2021 19:02:25: value update from kad contact IP=92.21.70.5  (UDP:4692 -> UDP:37034)
24.04.2021 19:02:51: value update from kad contact IP=95.123.127.222  (UDP:4692 -> UDP:63017)
24.04.2021 19:02:51: value update from kad contact IP=79.32.132.251  (UDP:4692 -> UDP:30597)
24.04.2021 19:03:13: value update from kad contact IP=81.0.37.38  (UDP:4692 -> UDP:36427)
24.04.2021 19:03:28: value update from kad contact IP=188.76.78.21  (UDP:4692 -> UDP:19502)
24.04.2021 19:03:29: value update from kad contact IP=36.237.105.74  (UDP:4692 -> UDP:4672)
24.04.2021 19:03:40: value update from kad contact IP=87.70.22.103  (UDP:4692 -> UDP:5672)
24.04.2021 19:03:46: value update from kad contact IP=96.255.93.55  (UDP:4692 -> UDP:47116)
24.04.2021 19:03:53: value update from kad contact IP=123.13.221.170  (UDP:4692 -> UDP:5811)
24.04.2021 19:04:13: value update from kad contact IP=176.128.81.9  (UDP:4692 -> UDP:32439)
24.04.2021 19:04:14: value update from kad contact IP=90.12.228.216  (UDP:4692 -> UDP:5192)
24.04.2021 19:04:19: value update from kad contact IP=80.101.109.68  (UDP:4692 -> UDP:6789)
24.04.2021 19:04:28: value update from kad contact IP=85.53.15.69  (UDP:4692 -> UDP:52131)
24.04.2021 19:04:32: value update from kad contact IP=37.163.28.151  (UDP:4692 -> UDP:30504)
24.04.2021 19:04:37: value update from kad contact IP=109.115.236.127  (UDP:4692 -> UDP:4672)
24.04.2021 19:05:02: value update from kad contact IP=213.177.200.98  (UDP:4692 -> UDP:14303)
24.04.2021 19:05:35: value update from kad contact IP=94.73.43.138  (UDP:4692 -> UDP:13803)
24.04.2021 19:05:36: value update from kad contact IP=123.139.176.158  (UDP:4692 -> UDP:2924)
24.04.2021 19:05:46: value update from kad contact IP=79.156.195.138  (UDP:4692 -> UDP:31799)
24.04.2021 19:05:53: value update from kad contact IP=79.47.128.88  (UDP:4692 -> UDP:5410)
24.04.2021 19:06:18: value update from kad contact IP=93.36.181.127  (UDP:4692 -> UDP:14201)
24.04.2021 19:06:30: value update from kad contact IP=1.29.25.190  (UDP:4692 -> UDP:16628)
24.04.2021 19:06:52: value update from kad contact IP=86.121.119.84  (UDP:4692 -> UDP:6112)
24.04.2021 19:06:54: value update from kad contact IP=220.165.108.47  (UDP:4692 -> UDP:5120)
24.04.2021 19:08:39: value update from kad contact IP=131.93.143.187  (UDP:4672 -> UDP:11082)
24.04.2021 19:09:10: value update from kad contact IP=1.200.15.220  (UDP:4672 -> UDP:11675)
24.04.2021 19:10:08: value update from kad contact IP=101.93.81.64  (UDP:4672 -> UDP:46251)
24.04.2021 19:10:40: value update from kad contact IP=221.223.97.179  (UDP:4672 -> UDP:3230)
24.04.2021 19:10:50: value update from kad contact IP=108.214.192.46  (UDP:4672 -> UDP:6093)
24.04.2021 19:10:53: value update from kad contact IP=79.147.195.128  (UDP:4672 -> UDP:44265)
24.04.2021 19:10:57: value update from kad contact IP=124.13.76.213  (UDP:4672 -> UDP:22342)
24.04.2021 19:11:01: value update from kad contact IP=125.78.1.225  (UDP:4672 -> UDP:34029)
24.04.2021 19:11:10: value update from kad contact IP=176.85.16.176  (UDP:4672 -> UDP:6883)
24.04.2021 19:11:10: value update from kad contact IP=90.92.125.242  (UDP:4672 -> UDP:40672)
24.04.2021 19:11:15: value update from kad contact IP=80.30.237.152  (UDP:4672 -> UDP:7020)
24.04.2021 19:11:29: value update from kad contact IP=79.36.95.178  (UDP:4672 -> UDP:1024)
24.04.2021 19:11:53: value update from kad contact IP=178.237.234.154  (UDP:4672 -> UDP:1696)
24.04.2021 19:12:25: value update from kad contact IP=95.120.207.249  (UDP:4672 -> UDP:1985)
24.04.2021 19:12:38: value update from kad contact IP=37.14.51.24  (Version:4 -> Version:3)
24.04.2021 19:12:57: value update from kad contact IP=79.36.95.178  (UDP:4672 -> UDP:5643)
24.04.2021 19:13:24: value update from kad contact IP=139.227.242.113  (UDP:4672 -> UDP:6658)
24.04.2021 19:13:48: value update from kad contact IP=78.227.247.119  (UDP:4672 -> UDP:62313)
24.04.2021 19:14:09: value update from kad contact IP=84.193.50.177  (UDP:4672 -> UDP:30444)
24.04.2021 19:14:23: value update from kad contact IP=223.71.54.240  (UDP:4672 -> UDP:41176)
24.04.2021 19:14:27: value update from kad contact IP=83.215.178.129  (UDP:4672 -> UDP:51529)
24.04.2021 19:14:47: value update from kad contact IP=221.196.154.34  (UDP:4672 -> UDP:4178)
24.04.2021 19:14:59: value update from kad contact IP=185.77.217.104  (UDP:4672 -> UDP:1001)
24.04.2021 19:15:43: value update from kad contact IP=151.63.78.101  (UDP:4672 -> UDP:57137)
24.04.2021 19:15:56: value update from kad contact IP=95.174.66.252  (UDP:4672 -> UDP:7890)
24.04.2021 19:15:57: value update from kad contact IP=95.120.37.124  (TCP:4662 -> TCP:4665)
24.04.2021 19:16:05: value update from kad contact IP=177.54.157.216  (UDP:4672 -> UDP:27977)

Happens to me as well.

This post has been edited by peisears: 18 June 2022 - 02:35 AM

0

#3 User is offline   mulefan 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 2
  • Joined: 25-April 21

Posted 28 October 2021 - 09:57 AM

Quote

Happens to me as well.



Well, meanwhile I modified my mule to get more information about this topic:
All those special contacts have a very old version 4 Kad, which is completely out of date.
If you're a coder/developer as well, I suggest to block any contacts with version 4. I did, and my mule mod still works fine.
I believe those contacts belong to a worldwide distributed network, doing nothing else than monitoring other clients.

My behavioral analysis of the P2P net even exhibits other monitoring methods, e.g. constantly asking for certain files.
Official eMule tries to block this, but those clients constantly change their identity.
I can detect them though: I'm using an IP-based mod, no longer relying on software identities which can be faked easily.

This post has been edited by mulefan: 28 October 2021 - 06:04 PM

0

  • Member Options

Page 1 of 1

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users