eD2k servers under assault
p2pnet news view | P2P:- Anti-P2P companies have been attacking the ed2k (or eMule) network for a few years, says long-time p2pnet reader Drake Zamanov.
“They use a combination of DDOS attacks, intimidation techniques and legal threats to force these servers offline or cause enough disruption to influence the server owners to voluntarily take them offline themselves,” he says, continuing »»»
According to gruk.org, there are currently only nine verified eMule/eDonkey servers online. Gruk’s server list only lists servers which have been proven to be legitimate, meaning they don’t belong to anti-p2p companies who either flood the network with fakes or track files for the purpose of sending out cease and desist letters. Up until a few months ago, there were around 20-30 verified servers.
From a legal standpoint, Dutch anti-p2p company called BREIN has been largely responsible for the demise of several ed2k servers based in the Netherlands.
BREIN has successfully convinced the courts the servers themselves are contributing to copyright infringement and are therefore breaking copyright laws.
Other anti-p2p companies, such as MediaDefender and MediaSentry, have used illegal DDOS attacks against these servers in an attempt to either take them offline, or cause enough grief that it’ll make it impossible for the server owners to fight off the prolonged attacks.
Lugdunummaster, developer of the modern ed2k servers which virtually all server operators use, has stated, “90% of online servers are fake servers, payed by antip2p companies to push fakes, and viruses that are able to use contaminated PC to send DDOS attacks to ‘genuine servers’.”
His site is offline and it appears that he will stop working on new versions of his server.
This means Kad will have to pick up the slack and it’s not clear if it can handle the increased number of users without suffering significant performance issues.
It’s also not clear if these anti-p2p companies will be able to target Kad in the same manner.
Some developers feel a distributive attack against Kad would work, while others feel the anti-p2p companies would only successfully be able to attack Kad by spamming the “keywords/sources index”.
It’s interesting that these companies are using both legal and illegal tactics to destroy the eMule/eDonkey network.
In May, 2007, MediaDefender launched a DDOS attack against revision3.com. claiming they didn’t purposely attack their site and that it was an automatic script which launched the attack once revision3 updated their code to cutoff MediaDefender, who were previously using revision3’s BitTorrent tracker.
Although revision3 contacted the FBI, it doesn’t appear MediaDefender was punished for illegally taking down a Website which uses BitTorrent to distribute their own TV Shows.
MediaDefender attacks ed2k servers much like they attack BitTorrent trackers. The company uses the hundreds of servers at their disposal to launch DDOS attacks. If similar attacks were used against iTunes, the group responsible for the attacks could face prison sentences.
Sadly, but not surprisingly, it doesn’t appear these consequences apply to companies such as MediaDefender, who’ve been illegally launching these illegal attacks for years.
It should be noted there’s no such thing as an illegal ed2k server, just as there’s no such thing as a legal ed2k server.
Ed2k servers index the files of users who connect to the server. Because anyone can connect, the servers can’t scan each file from each user and determine whether or not the files are copyrighted —- just like Google can’t determine if a website being indexed has published content that’s breaking the law, and just like ISP’s aren’t able to determine what content their customers are distributing or downloading.
The people who run these anti-p2p companies have proven to be hypocrites and thugs. If they aren’t paying visits to server operators to deliver threats, they’re launching illegal DDOS attacks against their servers while claiming that they are the good guys.
Over the past few years, it’s become clear that the laws are being updated to suit the industries desires so it’s almost impossible to defend against them in a legal manner.
Perhaps the only way to fight back is to fight fire with fire, but what’s good for the goose isn’t good for the gander in this case as any illegal attacks against these companies would be risky.
http://forum.emule-project.net/index.php?showtopic=135636&st=20
http://revision3.com/blog/2008/05/29/inside-the-attack-that-crippled-revision3/
http://gruk.org/list.php?sort=users
Stay tuned.
.
.Stumble It!
Use free p2pnet newsfeeds for your site. It’s really easy!Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.
July 29th, 2008 at 1:43 pm
I am the polar opposite of a technical expert on this subject, but it appears to me that eD2k servers are unnecessary and that the Kad network works perfectly without them. Since every user on the Kad network is doing a tiny bit of the work of a server, then the larger the user base the more widely distributed the server activity can be. What’s to overload?
I have used the eD2k network a few times (only to download public-domain material, of course), but now I purposely avoid connecting to any servers. I have observed no difference in my ability to find and receive what I am looking for when I am using the Kad network only. And with more servers disappearing each day, the performance of the Kad network hasn’t declined at all, as far as I can see.
The only disadvantage to the Kad network is that it can be a bit tricky to achieve “high id,” i.e. getting your incoming and outgoing ports out from behind the firewalls on your computer and router. Two “high id” users can make direct connections to each other for file sharing, but “low id” users must use a server as an intermediary.
I can’t imagine how the goons could attack the Kad network. It’s nothing but a cloud of users, passing information along through the cloud in order to allow file-sharers to find one another. The only possible method of attack is to go after millions of individual users, one at a time. And I don’t even know of a way for the goons to see a user’s entire shared directory – the network only allows you to search for files across the network.
July 29th, 2008 at 3:45 pm
“MediaDefender attacks ed2k servers much like they attack BitTorrent trackers. The company uses the hundreds of servers at their disposal to launch DDOS attacks. If similar attacks were used against iTunes, the group responsible for the attacks could face prison sentences.
Sadly, but not surprisingly, it doesnât appear these consequences apply to companies such as MediaDefender, whoâve been illegally launching these illegal attacks for years.”
And THIS perversion of the law is the reason why Randy and Co. and all the politicos that make it possible that these criminals in the content industry get away with their anlawful actions shut be shot on sight!
the slogan “if everything else fails, vote from the rooftops” does seem to be valid indeed when it comes to the corrupt ties between MAFIAA and politicos!
July 29th, 2008 at 7:49 pm
In the days before sites like YouTube and MySpace were around, a lot of unsigned artists would distribute samples of their music through P2P networks. (By including the names of several popular same-genre artists in the MP3’s filename, their songs would get picked up by searches for those big-name artists on P2P networks)
Then companies like Macrovision killed those aspiring artists’ ability to legally distributing their own work on P2P networks by sabotaging the search process. Macrovision servers connected to P2P networks like WinMX and Gnutella would pump out thousands of fake results for any and every search term. (Even searches for non-words and random characters would get the same flood of fake results.) This sabotage made it virtually impossible for users to find any legitimate, legal content on P2P networks. WinMX was especially hard hit because official development had ceased so there was no way to counter those breeches.
Since the people being stepped on were mostly starving artists without the money needed to sue billion-dollar corporations, these victims had little recourse to fight back. The anti-P2P companies got away with sabotaging a multi-million-user network using the kinds of methods that would have likely landed any ordinary person in jail had the same thing been done to them.
If ED2K loses its servers and relies completely on its decentralized KAD network, the community will be much more vulnerable to the same kind of attack that blighted the search function of other decentralized P2P networks.
July 29th, 2008 at 11:05 pm
hi,
>>>>
>>>> the servers canât scan each file from each user and determine whether or not the files are copyrighted
>>>>
it’s not really true, the peerates.net edonkey server does that,
you can connect it and check that, on its ip 88.191.81.111:1111
but it seems to us that the p2pnet webmaster, jon, don’t like the peerates, because we seems totally invisible for him.
)
(and like the most newbie edonkey users, he trust the gruk list !
you should note that the gruk list is not really trustable since its include some french faked server ip while more of one month.
and the gruk list is now only a copy of the peerates.net servers list, but don’t provide the peerates edonkey server ip …
only the peerates team make checks on online donkey servers, by testing their indexation and their sourcing functions.
gruk don’t test anything … he just look the counters and make a division with a little php code.
(if server files count is > server users count, the server is “good” and if not, the server is “bad”. very (too) simple.)
gruk can talk about antip2p’s donkey servers ip …
but the gruk list include a lot these ip while a lot of days …
and lug can talk about dserver, but why keeping the dserver code closed and private ?
as lug said, if not, we going to see a lot af faked servers published. (ha ? it’s not the case since a lot of months, now ?)
there is no more legit reason to keep the dserver code not available, now.
but perhaps, there is some others hidden interests, in this story …
people who want info about online edonkey servers, can get it on our website:
http://edk.peerates.net/peerates/servers.php
the website that p2pnet don’t like …
j.r. peerates
July 30th, 2008 at 3:38 am
I’m far from an expert too, but I’ve been using eMule for a while now and I’d like to offer some advice for the current situation;
I used to always use the Global Server search method. This was fast and returned a good selection of results. For a week or two now, the Global search is pretty much useless. It hardly ever finds anything. Instead I’ve been replying almost exclusively on Kad searches. These are slower and it usually doesn’t return information about complete sources, but at least it’s usually able to actually find the files.
Users can also go to;
http://rollyo.com/xdanger/emule/
And search. It doesn’t seem to work all that well, and often includes non-file results, but quite often it will find something you’re looking for.
Also, use Google and search for whatever you’re looking for and “ed2k”, which will often find eDonkey links to the files. Once eMule has the link/hash, it will go out and try to find sources for that file.
July 30th, 2008 at 4:20 am
@ j.r. peerates
I don’t have any bad feelings about peerates
And I’ve never used eDonkey.
Cheers!
July 30th, 2008 at 9:52 am
With the entairtainement industry there is no moral standard no ethic and no law.
Fine with me because I like no law. This let the strongest, not the richest win.
No justice no peace. It is easier to destroy business than to build one. A lot easier! They can not win at this game.
For each p2p server they can put down 10 new one show up. And by the way I don’t want to discourage them but after all these efforts and illegal activities the majors are engaged in, Emule is still doing verry well!
This is because of the exponential nature of P2P traffic. It doesnt take much to feed the entire thing.
Meanwhile if these parasites think that we are going to buy shit from them again they are delusional!
And we are still expanding the Boycott day by day!
July 30th, 2008 at 2:17 pm
“itâs not really true, the peerates.net edonkey server does that,
you can connect it and check that, on its ip 88.191.81.111:1111″
How are you identifying copyrighted files? Even Audible magic doesn’t detect copyrighted files properly so I’d like to know how you can do it. If I create an .mp3 file and name it “Metallica – One” will it be flagged as copyright. I don’t think your can detect copyrighted files.
“but it seems to us that the p2pnet webmaster, jon, donât like the peerates, because we seems totally invisible for him.
)”
(and like the most newbie edonkey users, he trust the gruk list !
Jon didn’t write this article, I did. Gruk’s list has been around longer than yours and it’s widely recognized as a reputable source for verified ed2k servers.
“you should note that the gruk list is not really trustable since its include some french faked server ip while more of one month.
and the gruk list is now only a copy of the peerates.net servers list, but donât provide the peerates edonkey server ip ⦔
Although they have listed shady servers in the past, they quickly correct their mistakes.
July 30th, 2008 at 10:29 pm
We shouldn’t forget that in late 2001 the edonkey2000 network had become severely bottlenecked. The edonkey2000 developer originally planned to drop all ed2k server support back in early 2002 when Flock came out. Flock, the eDonkey2000 replacement that connected to a decentralized network instead of the ed2k servers, was later renamed Overnet, which was later renamed eDonkey.
It was only after Lugdunum optimized the server software, allowing each ed2k server to support 100 times as many connected peers as before (on the same computer hardware). It was this 100-fold increase in efficiency that gave the old ed2k servers a second life. Plus the emergence of a new, opensource client called eMule, which lacked any decentralized network capability and was completely reliant on the ed2k servers.
So even if the network eventually gives up its last server, that will only put it on course with the original 2002 plan.
July 30th, 2008 at 10:46 pm
The PEERATES server is a FAKE server!
It claims 40 thousand connected peers but all searches come up empty!
I don’t see any difference between the fake Peerates server and the fake servers owned by the MPAA.
July 31st, 2008 at 3:49 am
hello,
i don’t want to pollute this comments space, but i don’t want let some false informations unless answering it.
@ jon>>And Iâve never used eDonkey.
perhaps you should try … with some legit contents
peerates can help you to do that
@drake
>>>> How are you identifying copyrighted files … how you can do it.
>>>> I donât think your can detect copyrighted files.
I never would said we can identifying copyrighted files, i only said “our server indexes only some free contents.”
The server can identify some free contents while avoiding the other shared files without identifying them.
sure, the server’s possibilities are really limited and a lot of licit shared files are not indexed, but it’s the only manner to keep our server online.
>>>> Grukâs list has been around longer than yours
more old, more trustable ?
we base our judgment on experimentation and observation, not only on a reputation.
>>>> itâs widely recognized as a reputable source for verified ed2k servers.
do you know how the servers are verified ? did you got and uses this list regularly since two years ?
did you compare it with some other lists ? did you make some test on the servers in this list ?
we did it.
>>>> they quickly correct their mistakes.
at least while more of one month, this list included 10 or 15 fake servers. it was cleaned there is some days only.
If you had uses this list since 2 or 3 months, you should have saw these addresses…
@Reader’s Write Says: (July 30th, 2008 at 10:46 pm)
>>>>PEERATES server is a FAKE server!
Only an anonymous reader can write that kind of comment.
No, peerates server is not a fake, the users number is not falsified and the files number is not falsified, the server works perfectly fine, but only with specific contents. the server is answering to the users requests without spam and without any not sollicited content.
if you want to verify what are the server’s responses, makes a local search with ‘*’ with emule.(you can adjust your request by filetype)
more of 1000 free mp3 are indexed and a lot of other files. (near 8000 at this moment) and if you want to check the sourcing, start a download of a file. All these files downloads are free and licit
>>>>I donât see any difference between the fake Peerates server and the fake servers owned by the MPAA.
retry and look with more attention before writing false affirmations. thank’s
eDonkey is not dead, but all users should base their emule usage mainly on the kademlia protocol, while avoiding servers, except if they knows exactly what they do.
peerates.
++
July 31st, 2008 at 12:41 pm
Thanks for all the info Jr peerates. That must have been a lot of work to hand-pick all the files for indexing. Do the server messages clearly explain to users that the Peerates server is a “special” server, instead of the kind that most peers might be expecting?
I think the main reason for using a ed2k server is to get quick search results. If I connect to a big server, I can do a dozen quick searches in the time it takes to get one Kad search. Since Lugdunum made possible the million-user server , there has always emerged one dominant server that everyone tries to pile on, with all other servers getting the crumbs. A single high-end quad-processor server could take virtually the entire ed2k network, though that would probably only make it a major target for takedown, and no one wants to invest in a $10,000+ machine only to see it locked up in the evidence storage room at the police station
July 31st, 2008 at 8:24 pm
“I never would said we can identifying copyrighted files, i only said âour server indexes only some free contents.â
The server can identify some free contents while avoiding the other shared files without identifying them.
sure, the serverâs possibilities are really limited and a lot of licit shared files are not indexed, but itâs the only manner to keep our server online.”
You confirmed that you can’t identify copyrighted files and it appears that you have created some form of white list that identifies verified free content. Stating that the server’s possibilities are really limited is an understatement. If all you have is a white list that means that people can’t share their own files unless they are added to the list. This creates an environment where a gatekeeper controls what can be shared. Obviously, this isn’t what P2P is all about.
August 1st, 2008 at 2:42 am
As an aside from the main topic here and as the network was mentioned we are able at this time to 100% filter all falsely indexed files from the WPN (winmx network) using a specific blocklist that relies on detecting clients who break a golden rule of the network, genuine clients cannot do this and are thus safe from joining the list.
Both connections from and results received from listed IP addresses are ignored, meaning in effect they are non-existent to ordinary users.
When you join WPN your shared list is indexed by a “primary” (upper tier client server/supernode) and that list is the one referenced when queries are sent across the network, its childsplay to upload millions of fake shared file listings across the entire network and of course when there is a match with one of their “protected” keywords the effect seen by the client originating the query and the connected primary is akin to an avalance of UDP (primary) or TCP (secondary) traffic this is the method used by the anti p2p companies to dos attack query generating users, we have totally defeated them on our network from using this trick and due to client techniques such as double handshaking and encryption they have thus far been unable to restore the balance in their favour, I hope this inspires some of those who support EDonkey to look further for ways to deal with these parasites.
btw is there some central location where I can gather information on the network topography and protocols to see if there is a method of protecting your network from these scum ?
August 1st, 2008 at 9:15 am
@Reader’s Write Says:July 31st, 2008 at 12:41 pm
>>>do the server messages clearly explain to users that the Peerates server is a âspecialâ server
the server banner display something like “indexation processus limited to some free contents.”
but connect it, to check.
@Drake Says:July 31st, 2008 at 8:24 pm
>>>this isnât what P2P is all about.
you are right, but, the other choice is to power off the server. (the french law don’t allow to keep a not limited server online.)
we did the choice to keep a server online, wich works with licit contents only, because we trust in this p2p technology and we like use it.
And if we use it without law violation, i don’t see why that can be a problem. for who, or why ? Even if in france , our present government is not really a true “human rigth” model, peoples keep a great attachment to their freedom and their personal rights. so yes, our idea is that a limited server is better than no server at all. when you said ‘it is not p2p’, you forgot that the p2p can be used too as a provider tool.
Provided contents must be free and licit, but it can be a real challenger for the commercial offer, or at least, it can complete the commercial offer by allowing some non commercial artists to publish their works too. in this case, it is true that p2p mean more provider2people … but by following, it’s really the users wich exchanges the injected contents. In france, a lot of artists are okay to broadcast their works freely, but they don’t have any support to do that, at least on edonkey. the real work is not on the p2p, but in the ‘real life’ , in the research of some new (free) content/artist to inject onto. it’s another side of our project.
June 24th, 2009 at 1:59 am
Australian P2P Research Server is on Gruk’s List??? WTF?