Coordinated Peer Flooding - Anyone seen this tactic? - Help and Support

Help and Support
Ask a question, report a problem, request a feature...
<< Back To Forum

Coordinated Peer Flooding - Anyone seen this tactic?

by Guest on 2021/07/21 11:57:53 AM

I've compiled a list of "fake peers" hitting me continuously.
Whoever does these enforcement bots is always a complete halfwit and absolutely NO CLUE what they are doing.

ALL are INCOMING connections from Hosting Companies.
Anyone know whether this is anything legit or not?

Seems this is what they're after and they "disappear"

[02:28:44]  created from incoming connection
[02:28:44]  starting
[02:28:44]  receiving incoming connection
[02:28:44]  logged in
[02:28:44]  sent bitfield                                 <------- THIS is exactly what they want (Evidence you have 100.0% of files)
[02:28:44]  error: Connection reset (10053) (10:10053)    <------- As soon as they get the bitfield it's an INSTANT BYEBYE from them...

IP's doing this: (small list...of a much bigger one)

193.160.32.21:57663    Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-358667280382 Shock Hosting Servers California
50.7.17.113:35748      Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-650248725200 FDCServers Servers Hong Kong
198.23.235.183:53798   Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-413278781488 ColoCrossing Servers Chicago USA
194.50.170.226:57679   Location: Russia         Client: MC 0.0.0.8  Peer ID: -MC0008-668054666736 Baxet Servers Moscow
23.95.166.110:38387    Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-521335334014 RackNerd Servers California
192.3.248.181:46171    Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-780156045030 RackNerd Servers New York
192.3.86.142:42350     Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-185235232087 Highlight Marketing Servers New York
43.245.220.21:49682    Location: Malaysia       Client: MC 0.0.0.8  Peer ID: -MC0008-756785076655 TechAvenue International Servers
51.195.90.72:55675     Location: France         Client: MC 0.0.0.8  Peer ID: -MC0008-855227066620 OVH Servers Roubaix France
5.196.30.185:39365     Location: France         Client: MC 0.0.0.8  Peer ID: -MC0008-021121127104 OVH Servers Roubaix France
192.227.155.113:33760  Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-515555717478 ColoCrossing Servers Chicago
104.168.22.28:34511    Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-748340162257 vortexserver Illinois USA
51.75.121.33:52064     Location: France         Client: MC 0.0.0.8  Peer ID: -MC0008-551742111534 OVH Servers Roubaix France
172.245.226.175:43515  Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-025733101582 RackNerd Servers California
51.79.158.104:49741    Location: Canada         Client: MC 0.0.0.8  Peer ID: -MC0008-354404862652 OVH Servers Singapore
104.194.250.238:40263  Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-632370065333 Multacom Corporation Servers California
168.119.241.28:35473   Location: Germany        Client: MC 0.0.0.8  Peer ID: -MC0008-307412004554 Hetzner Online AG Germany
192.99.169.31:39036    Location: Canada         Client: MC 0.0.0.8  Peer ID: -MC0008-101340833558 OVH Servers Quebec
192.3.248.211:38163    Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-366275120565 RackNerd Servers New York
49.12.65.153:44729     Location: Germany        Client: MC 0.0.0.8  Peer ID: -MC0008-184138317608 Hetzner Online AG Germany bayern
135.181.86.172:53433   Location: Germany        Client: MC 0.0.0.8  Peer ID: -MC0008-485142432231 Hetzner Online GmbH Finland Helsinki
172.105.41.156:55654   Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-857173111232 Linode LLC India Mumbai
23.94.134.143:45517    Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-712517044166 ColoCrossing Servers New York USA
45.147.200.144:46802   Location: Russia         Client: MC 0.0.0.8  Peer ID: -MC0008-833631218571 Arkada LLC Russia Moscow
198.23.228.144:45007   Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-226465768286 RackNerd Servers California
192.3.62.123:35225     Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-448027466020 RackNerd Servers New York
51.79.147.47:43557     Location: Canada         Client: MC 0.0.0.8  Peer ID: -MC0008-735801122658 OVH Servers Singapore
51.83.131.60:37216     Location: France         Client: MC 0.0.0.8  Peer ID: -MC0008-110803813573 OVH Servers Paris France
107.173.166.135:55669  Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-458264147888 ColoCrossing Servers Virginia
168.119.167.68:35589   Location: Germany        Client: MC 0.0.0.8  Peer ID: -MC0008-860430210754 Hetzner Online AG Germany bayern
23.94.134.100:42207    Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-625182728142 ColoCrossing Servers New York USA

There are literally dozens more.

SUGGESTION on TIXATI for users worried about this abuse: Ban PEERID like this (for now...)

-MC0008-*

by Shellsunder on 2021/07/23 01:05:07 AM

I wonder how widespread this is. I've never seen such a thing, though I have never looked for it.

Perhaps a bit of analysis might illuminate something. I notice there are a few IPs from the same company and location, and a few due to particular companies but from differing locations. Furthermore, I notice a few companies that are represented with only one location, though I know them to have many locations.

I suppose the most significant question is, are you doing something that might warrant such special attention?

by ZarkBit on 2021/09/07 09:44:07 AM

Been noticing this for maybe a bit over 6 months or so, every once in a while I get an incoming connection from that client, but it's in 5~10 torrents among a list of 700.

Today I noticed a huge amount of connections on a specific torrent, this was the GTA Reverse Engineering project files, where Take-Two has been actively playing whac-a-mole in taking this project to the ground.

51.83.131.60:45597      Location: France         Client: MC 0.0.0.8  Peer ID: -MC0008-543077138626
23.94.134.100:34837     Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-610625022627
154.16.108.71:38015     Location: South Africa   Client: MC 0.0.0.8  Peer ID: -MC0008-285320737436
51.195.90.72:48968      Location: France         Client: MC 0.0.0.8  Peer ID: -MC0008-400036505508
172.105.41.156:42972    Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-255043104513
43.245.220.21:50639     Location: Malaysia       Client: MC 0.0.0.8  Peer ID: -MC0008-034755681213
5.196.30.185:56536      Location: France         Client: MC 0.0.0.8  Peer ID: -MC0008-857781317331
51.79.158.104:42738     Location: Canada         Client: MC 0.0.0.8  Peer ID: -MC0008-485143266813

Food for thought...

by Guest on 2021/09/15 09:49:24 AM

The MC 0.0.0.8 client one has not been bothering me much this month.

I have been seeing other 'enforcement' bot clients which, yet again, are totally dumb in design.

Whoever writes these has ABSOLUTELY NO CLUE what they are doing. Just 'stupidly' mod some source code and spybot deployed.
Well, NO. It's not that's simple. People who understand the protocols can sniff these out like a fart in an elevator.

The latest ones I've been logging come up "unknown" in Tixati.

1) They are always an INCOMING connection (NOT seen on a tracker, NOT seen on DHT, not seen on PEX) which is a TOTAL giveaway in the logs.
2) The clientID is not following the Global standards in the specifications. DOH.

An example of these clients:

173.82.226.176:42908   Location: United States  Client: unknown   Peer ID: ,B_8__M_O_B+DQ___TY   = Multacom Corporation (DOH, TOTAL GIVEAWAY!)
139.162.248.127:56862  Location: Netherlands  Client: unknown     Peer ID: _r}__b__'_V#__Ϸ___A   = Linode 
49.12.86.202:55102     Location: Germany  Client: unknown         Peer ID: __U_2__Q_mFM____(___  = Hetzner Online AG (SCUMBAG ISP for Anti P2P)
65.21.91.110:20149     Location: Germany  Client: unknown         Peer ID: ____(_ǜ___[_t__A<__   = Hetzner Online AG (SCUMBAG ISP for Anti P2P)
185.196.3.84:42470     Location: Germany  Client: unknown         Peer ID: YAZk___Ö____{_____/   = stumpnernet
92.118.228.18:40340    Location: Latvia  Client: unknown          Peer ID: _=__:_m_____Ӈ_Ы__D    = ACloud SIA
173.249.2.194:61457    Location: Germany  Client: unknown         Peer ID: ___K__9_3_____0___9_  = Contabo GmbH
47.89.251.173:54670    Location: United States  Client: unknown   Peer ID: __6I_B_(_@__'|Ѯ____   = AliCloud

NOW, What ARE the chances 100.0% of ALL these suspicious hosts belong to Supremely Crappy Dirtbag Hosting Companies who can't attract genuine subscribers!

This is no co-incidence here.
There are NO premium ISP Hosting names here because they will never involve themselves with this type of garbage vile customer running Anti-P2P bots.

What's more, probe, scan, and investigate each of these hosts. Let's visit the order page of these sewer-based hosting companies. Wow 10Gb instance with 1 core for $5

That's why we never see any network traffic (pieces) from these hosts all they want is your Bitfield Percentage like in the top post.

We know your game Mr Anti-P2P, what a terrible awful lazy setup. BUSTED!!!

Keep wasting your money on hosting and I'll keep compiling the ban lists for these

by Guest on 2021/10/02 10:07:17 PM

This is why you need to ask for evidence before admitting anything. When they take you to court for "illegally seeding something", you can just say you were on their side, and you were there faking percentages to make the torrent look like they ain't working.

by Guest on 2021/10/03 05:42:20 PM

Stop wasting time, as long as there are storage companies offering large drives to the public for a considerable amount of money, torrents wont die anytime soon. On the other hand if you're going to seed, you can cheat the "watchers" sending missing pieces only as tixati client does, so I have tested in the past for recreational purposes.

Add Reply

<< Back To Forum