Re: [gtk-gnutella-devel] r14859-GTK1-Darwin (file_info_check):assertion failed:

Lloyd Bryant Thu, 13 Sep 2007 20:20:27 -0700

Christian Biere wrote:
>
>Matthew Lye wrote:
> > Also appearing in recent times (as the most frequent) are disturbing
> > messages such as:
> > > 07-09-10 18:25:48 (MESSAGE): Removing 66.160.158.194:15066
> > > <LimeWire/4.12.8> due to security violation
> > > 07-09-10 18:27:28 (MESSAGE): Removing 65.19.143.3:63833 <LimeWire/
> > > 4.12.8> due to security violation
> > (The final byte of the IP and the port number change every time;  the
> > domains seem otherwise fairly fixed, though),
>
>The security violations alone could be false-positive due to bugs on their 
>site
>but taking all information into account I'm pretty sure those are 
>delinquents.
>It might be useful to dump the packets to see what exactly they are doing.
>


Take a look at this:
* * * * * * * * * * * * *

07-09-13 19:48:00 (WARNING): [weird #1] node 65.19.143.2:40120 
(LimeWire/4.12.8) advertised 65.19.143.2 but now says Query Hits from 
65.60.250.123:48871
----------------- Query Hit Data (weird):
Offset  0  1  2  3  4  5  6  7   8  9  a  b  c  d  e  f  0123456789abcdef
    0  03 e7 be 41 3c fa 7b 04  10 00 00 47 00 00 00 b0  ...A<.{....G....
   16  cb 1d 00 74 68 65 20 73  74 72 75 67 67 6c 65 2e  ...the.struggle.
   32  6d 34 61 00 75 72 6e 3a  73 68 61 31 3a 56 47 4e  m4a.urn:sha1:VGN
   48  54 37 43 47 43 50 57 57  32 48 4e 47 52 49 4d 48  T7CGCPWW2HNGRIMH
   64  4d 41 53 32 32 56 57 55  52 4f 4d 49 43 1c c3 82  MAS22VWUROMIC...
   80  43 54 44 80 6d 18 45 00  63 00 00 00 b0 8b 23 00  CTD.m.E.c.....#.
   96  33 30 20 73 65 63 6f 6e  64 73 20 74 6f 20 6d 61  30.seconds.to.ma
  112  72 73 20 2d 20 33 30 20  73 65 63 6f 6e 64 73 20  rs.-.30.seconds.
  128  74 6f 20 6d 61 72 73 20  2d 20 74 68 65 20 73 74  to.mars.-.the.st
  144  72 75 67 67 6c 65 2e 6d  70 33 00 75 72 6e 3a 73  ruggle.mp3.urn:s
  160  68 61 31 3a 33 45 4a 50  57 47 32 32 4f 49 58 53  ha1:3EJPWG22OIXS
  176  58 45 53 43 58 58 47 46  37 32 32 35 51 51 55 54  XESCXXGF7225QQUT
  192  4f 4d 49 43 1c c3 82 43  54 44 80 6d 18 45 00 23  OMIC...CTD.m.E.#
  208  00 00 00 40 1a 14 00 33  30 20 53 65 63 6f 6e 64  [EMAIL PROTECTED]
  224  73 20 54 6f 20 4d 61 72  73 20 2d 20 33 30 20 53  s.To.Mars.-.30.S
  240  65 63 6f 6e 64 73 20 54  6f 20 4d 61 72 73 20 2d  econds.To.Mars.-

Offset  0  1  2  3  4  5  6  7   8  9  a  b  c  d  e  f  0123456789abcdef
  256  20 54 68 65 20 53 74 72  75 67 67 6c 65 28 72 65  .The.Struggle(re
  272  6d 69 78 29 2e 77 6d 61  00 75 72 6e 3a 73 68 61  mix).wma.urn:sha
  288  31 3a 58 37 34 57 56 52  44 57 32 49 35 36 4a 46  1:X74WVRDW2I56JF
  304  4d 46 49 47 49 45 41 32  4a 44 50 55 57 51 4f 4d  MFIGIEA2JDPUWQOM
  320  49 43 1c c3 82 43 54 44  80 6d 18 45 00 4c 49 4d  IC...CTD.m.E.LIM
  336  45 04 3c 39 3e 01 01 c3  82 42 48 40 7b 7d 3c 3f  E.<9>[EMAIL 
PROTECTED]<?
  352  78 6d 6c 20 76 65 72 73  69 6f 6e 3d 22 31 2e 30  xml.version="1.0
  368  22 3f 3e 3c 61 75 64 69  6f 73 20 78 73 69 3a 6e  "?><audios.xsi:n
  384  6f 4e 61 6d 65 53 70 61  63 65 53 63 68 65 6d 61  oNameSpaceSchema
  400  4c 6f 63 61 74 69 6f 6e  3d 22 68 74 74 70 3a 2f  Location="http:/
  416  2f 77 77 77 2e 6c 69 6d  65 77 69 72 65 2e 63 6f  /www.limewire.co
  432  6d 2f 73 63 68 65 6d 61  73 2f 61 75 64 69 6f 2e  m/schemas/audio.
  448  78 73 64 22 3e 3c 61 75  64 69 6f 20 74 69 74 6c  xsd"><audio.titl
  464  65 3d 22 54 68 65 20 53  74 72 75 67 67 6c 65 22  e="The.Struggle"
  480  20 73 65 63 6f 6e 64 73  3d 22 36 30 22 20 62 69  .seconds="60".bi
  496  74 72 61 74 65 3d 22 32  35 36 22 20 69 6e 64 65  trate="256".inde

Offset  0  1  2  3  4  5  6  7   8  9  a  b  c  d  e  f  0123456789abcdef
  512  78 3d 22 30 22 2f 3e 3c  61 75 64 69 6f 20 61 6c  x="0"/><audio.al
  528  62 75 6d 3d 22 33 30 20  53 65 63 6f 6e 64 73 20  bum="30.Seconds.
  544  54 6f 20 4d 61 72 73 22  20 73 65 63 6f 6e 64 73  To.Mars".seconds
  560  3d 22 36 30 22 20 62 69  74 72 61 74 65 3d 22 33  ="60".bitrate="3
  576  32 30 22 20 69 6e 64 65  78 3d 22 31 22 2f 3e 3c  20".index="1"/><
  592  61 75 64 69 6f 20 74 69  74 6c 65 3d 22 54 68 65  audio.title="The
  608  20 53 74 72 75 67 67 6c  65 22 20 73 65 63 6f 6e  .Struggle".secon
  624  64 73 3d 22 36 30 22 20  62 69 74 72 61 74 65 3d  ds="60".bitrate=
  640  22 31 39 32 22 20 69 6e  64 65 78 3d 22 32 22 2f  "192".index="2"/
  656  3e 3c 2f 61 75 64 69 6f  73 3e 00 91 d7 e3 4a 81  ></audios>....J.
  672  91 4f 8b ff 7d 02 e7 65  00 48 00                 .O..}..e.H.
----------------- (683 bytes).
07-09-13 19:48:00 (WARNING): [weird #2] Node 65.19.143.2:40120 
(LimeWire/4.12.8) has GUID 91d7e34a81914f8bff7d02e765004800 but used 
d40be3b9cc5c4f78ff72028aa2004700 in Q-Hit (638 bytes) [hops=1, TTL=4]

* * * * * * * * * *

And again, for that other address range:

* * * * * * * * * *

07-09-13 19:55:50 (WARNING): [weird #1] node 66.160.158.164:9903 
(LimeWire/4.12.8) advertised 66.160.158.164 but now says Query Hits from 
24.159.59.140:14800
----------------- Query Hit Data (weird):
Offset  0  1  2  3  4  5  6  7   8  9  a  b  c  d  e  f  0123456789abcdef
    0  03 d0 39 18 9f 3b 8c 2c  01 00 00 17 00 00 00 40  ..9..;.,.......@
   16  3a 34 00 4b 65 69 74 68  20 57 68 69 74 6c 65 79  :4.Keith.Whitley
   32  20 28 30 31 29 20 57 68  65 6e 20 59 6f 75 20 53  .(01).When.You.S
   48  61 79 20 4e 6f 74 68 69  6e 67 20 41 74 20 41 6c  ay.Nothing.At.Al
   64  6c 2e 77 6d 61 00 75 72  6e 3a 73 68 61 31 3a 36  l.wma.urn:sha1:6
   80  37 55 58 34 32 4c 52 4c  42 32 4f 50 32 32 42 34  7UX42LRLB2OP22B4
   96  49 44 32 58 51 54 32 53  55 50 53 4e 44 41 4e 1c  ID2XQT2SUPSNDAN.
  112  c3 82 43 54 44 80 6d 18  45 00 1e 00 00 00 40 9a  [EMAIL PROTECTED]
  128  84 00 57 68 65 6e 20 59  6f 75 20 53 61 79 20 4e  ..When.You.Say.N
  144  6f 74 68 69 6e 67 20 41  74 20 41 6c 6c 2d 4b 65  othing.At.All-Ke
  160  69 74 68 20 57 68 69 74  6c 65 79 2e 77 6d 61 00  ith.Whitley.wma.
  176  75 72 6e 3a 73 68 61 31  3a 32 4d 56 4b 36 4a 4d  urn:sha1:2MVK6JM
  192  36 42 50 47 4f 43 43 53  4d 57 48 43 57 33 53 42  6BPGOCCSMWHCW3SB
  208  44 55 57 57 56 4e 44 41  4e 1c c3 82 43 54 44 80  DUWWVNDAN...CTD.
  224  6d 18 45 00 5f 00 00 00  70 11 71 00 4b 65 69 74  m.E._...p.q.Keit
  240  68 20 57 68 69 74 6c 65  79 20 2d 20 55 6e 6b 6e  h.Whitley.-.Unkn

Offset  0  1  2  3  4  5  6  7   8  9  a  b  c  d  e  f  0123456789abcdef
  256  6f 77 6e 20 2d 20 57 68  65 6e 20 59 6f 75 20 53  own.-.When.You.S
  272  61 79 20 4e 6f 74 68 69  6e 67 20 41 74 20 41 6c  ay.Nothing.At.Al
  288  6c 2e 6d 34 61 00 75 72  6e 3a 73 68 61 31 3a 47  l.m4a.urn:sha1:G
  304  36 4f 45 57 32 4b 32 34  57 45 50 47 4f 50 46 4c  6OEW2K24WEPGOPFL
  320  42 4e 45 33 4f 4c 36 52  51 51 54 4e 44 41 4e 1c  BNE3OL6RQQTNDAN.
  336  c3 82 43 54 44 80 6d 18  45 00 4c 49 4d 45 04 3c  ..CTD.m.E.LIME.<
  352  39 23 01 01 c3 82 42 48  40 7b 7d 3c 3f 78 6d 6c  [EMAIL PROTECTED]<?xml
  368  20 76 65 72 73 69 6f 6e  3d 22 31 2e 30 22 3f 3e  .version="1.0"?>
  384  3c 61 75 64 69 6f 73 20  78 73 69 3a 6e 6f 4e 61  <audios.xsi:noNa
  400  6d 65 53 70 61 63 65 53  63 68 65 6d 61 4c 6f 63  meSpaceSchemaLoc
  416  61 74 69 6f 6e 3d 22 68  74 74 70 3a 2f 2f 77 77  ation="http://ww
  432  77 2e 6c 69 6d 65 77 69  72 65 2e 63 6f 6d 2f 73  w.limewire.com/s
  448  63 68 65 6d 61 73 2f 61  75 64 69 6f 2e 78 73 64  chemas/audio.xsd
  464  22 3e 3c 61 75 64 69 6f  20 73 65 63 6f 6e 64 73  "><audio.seconds
  480  3d 22 32 32 39 22 20 62  69 74 72 61 74 65 3d 22  ="229".bitrate="
  496  31 32 38 22 20 69 6e 64  65 78 3d 22 30 22 2f 3e  128".index="0"/>

Offset  0  1  2  3  4  5  6  7   8  9  a  b  c  d  e  f  0123456789abcdef
  512  3c 61 75 64 69 6f 20 73  65 63 6f 6e 64 73 3d 22  <audio.seconds="
  528  32 32 39 22 20 62 69 74  72 61 74 65 3d 22 33 32  229".bitrate="32
  544  30 22 20 69 6e 64 65 78  3d 22 31 22 2f 3e 3c 61  0".index="1"/><a
  560  75 64 69 6f 20 61 72 74  69 73 74 3d 22 4b 65 69  udio.artist="Kei
  576  74 68 20 57 68 69 74 6c  65 79 22 20 61 6c 62 75  th.Whitley".albu
  592  6d 3d 22 55 6e 6b 6e 6f  77 6e 22 20 73 65 63 6f  m="Unknown".seco
  608  6e 64 73 3d 22 32 32 39  22 20 62 69 74 72 61 74  nds="229".bitrat
  624  65 3d 22 32 35 36 22 20  69 6e 64 65 78 3d 22 32  e="256".index="2
  640  22 2f 3e 3c 2f 61 75 64  69 6f 73 3e 00 57 6a e3  "/></audios>.Wj.
  656  ed 09 db 4f eb ff 39 00  b1 3f 02 39 00           ...O..9..?.9.
----------------- (669 bytes).
07-09-13 19:55:50 (WARNING): [weird #2] Node 66.160.158.164:9903 
(LimeWire/4.12.8) has GUID 576ae3ed09db4febff3900b13f023900 but used 
0a15e3ede79f4f2bff36008e3502d200 in Q-Hit (685 bytes) [hops=1, TTL=4]

* * * * * * * * * *

This same pattern of errors keeps occurring until it reaches MAX_WEIRD_MSG 
and is disconnected.  Then, 3-5 minutes later I get another node connecting, 
from the same address range, which does exactly the same thing.

So far, I've got about 18 connections from these two ranges (65.19.143.x and 
66.160.158.x), with the last digit of the IP and the port number varying.  
So far every one of those weird messages relates to an audio file.

Are these "hostiles.txt" candidates, or am I misunderstanding the errors?

Lloyd B.



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
gtk-gnutella-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/gtk-gnutella-devel

Re: [gtk-gnutella-devel] r14859-GTK1-Darwin (file_info_check):assertion failed:

Reply via email to