[Mldonkey-bugs] [Bug #1702] Connections to itself

mldonkey-bugs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Mldonkey-bugs] [Bug #1702] Connections to itself

From:	nobody
Subject:	[Mldonkey-bugs] [Bug #1702] Connections to itself
Date:	Tue, 17 Dec 2002 08:42:39 -0500

=================== BUG #1702: LATEST MODIFICATIONS ==================
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=1702&group_id=1409

Changes by: Horschti <address@hidden>
Date: 2002-Dec-17 13:42 (GMT)

------------------ Additional Follow-up Comments ----------------------------
I saw the same behavior with the mld 2.01. I assume some malicious peer(s) 
injecting private IP addresses as servers and mld falls for it and connects to 
itself.

If you don't need the mld server just switch it off. You can do this by: 
stopping mld, disabling mldonkey server in download.ini ("enable_server = 
false") and re-starting mld again. When you have done this, the private IP 
addresses
still appear in the server list but mld can't connect to them.

Additionally you could black list the private IP addresses, so these private IP 
addresses also do not appear in the server list anymore.



=================== BUG #1702: FULL BUG SNAPSHOT ===================


Submitted by: sowosammer                Project: mldonkey, a free e-Donkey 
client
Submitted on: 2002-Nov-13 12:26
Category:  Core                         Severity:  5 - Major                    
Bug Group:  None                        Resolution:  None                       
Assigned to:  None                      Status:  Open                           
Release:  2.00                          Release:                                
Platform Version:  Linux i386-i686      Binaries Origin:  Compiled From CVS     

Summary:  Connections to itself

Original Submission:  When the core is looking for Server donkey-connections, 
it uses sometimes also itself as target and connects succesfully (?) to 
127.0.0.1, even 127.0.0.2 or the 192.168.0 ip of my eth0.

As my system is running snort it catched yesterday
 % attacks method
===============================================
51.05 1478 BAD TRAFFIC same SRC/DST
       1478 192.168.0.102 -> 192.168.0.102

one in more Detail:

21:36:37.056961 192.168.0.102.42239 > 192.168.0.102.4662: S 1152749383:115274938
3(0) win 5840 <mss 1460,sackOK,timestamp 360802 0,nop,wscale 0> (DF) [tos 0x8] 

Looks like a bug in some of the Network Code.

Any hint?
mldonkey cvs from 2002-11-09 on i386 debian unstable, nearly not all unstable 
;-)

Follow-up Comments
*******************

-------------------------------------------------------
Date: 2002-Dec-17 13:42             By: horschti
I saw the same behavior with the mld 2.01. I assume some malicious peer(s) 
injecting private IP addresses as servers and mld falls for it and connects to 
itself.

If you don't need the mld server just switch it off. You can do this by: 
stopping mld, disabling mldonkey server in download.ini ("enable_server = 
false") and re-starting mld again. When you have done this, the private IP 
addresses
still appear in the server list but mld can't connect to them.

Additionally you could black list the private IP addresses, so these private IP 
addresses also do not appear in the server list anymore.


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=1702&group_id=1409

[Prev in Thread]

Current Thread

[Next in Thread]

[Mldonkey-bugs] [Bug #1702] Connections to itself, nobody <=

Prev by Date: [Mldonkey-bugs] [Bug #2000] The Bus Error and when it occurs
Next by Date: [Mldonkey-bugs] [ 101247 ] Clear Setup Directions on a Mac
Previous by thread: [Mldonkey-bugs] [Bug #2000] The Bus Error and when it occurs
Next by thread: [Mldonkey-bugs] [ 101247 ] Clear Setup Directions on a Mac
Index(es):
- Date
- Thread