Help and Support
Ask a question, report a problem, request a feature...
<<  Back To Forum

Coordinated Peer Flooding - Anyone seen this tactic?

by Guest on 2021/07/21 11:57:53 AM    
I've compiled a list of "fake peers" hitting me continuously.
Whoever does these enforcement bots is always a complete halfwit and absolutely NO CLUE what they are doing.

ALL are INCOMING connections from Hosting Companies.
Anyone know whether this is anything legit or not?


Seems this is what they're after and they "disappear"

[02:28:44]  created from incoming connection
[02:28:44]  starting
[02:28:44]  receiving incoming connection
[02:28:44]  logged in
[02:28:44]  sent bitfield                                 <------- THIS is exactly what they want (Evidence you have 100.0% of files)
[02:28:44]  error: Connection reset (10053) (10:10053)    <------- As soon as they get the bitfield it's an INSTANT BYEBYE from them...


IP's doing this: (small list...of a much bigger one)

193.160.32.21:57663    Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-358667280382 Shock Hosting Servers California
50.7.17.113:35748      Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-650248725200 FDCServers Servers Hong Kong
198.23.235.183:53798   Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-413278781488 ColoCrossing Servers Chicago USA
194.50.170.226:57679   Location: Russia         Client: MC 0.0.0.8  Peer ID: -MC0008-668054666736 Baxet Servers Moscow
23.95.166.110:38387    Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-521335334014 RackNerd Servers California
192.3.248.181:46171    Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-780156045030 RackNerd Servers New York
192.3.86.142:42350     Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-185235232087 Highlight Marketing Servers New York
43.245.220.21:49682    Location: Malaysia       Client: MC 0.0.0.8  Peer ID: -MC0008-756785076655 TechAvenue International Servers
51.195.90.72:55675     Location: France         Client: MC 0.0.0.8  Peer ID: -MC0008-855227066620 OVH Servers Roubaix France
5.196.30.185:39365     Location: France         Client: MC 0.0.0.8  Peer ID: -MC0008-021121127104 OVH Servers Roubaix France
192.227.155.113:33760  Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-515555717478 ColoCrossing Servers Chicago
104.168.22.28:34511    Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-748340162257 vortexserver Illinois USA
51.75.121.33:52064     Location: France         Client: MC 0.0.0.8  Peer ID: -MC0008-551742111534 OVH Servers Roubaix France
172.245.226.175:43515  Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-025733101582 RackNerd Servers California
51.79.158.104:49741    Location: Canada         Client: MC 0.0.0.8  Peer ID: -MC0008-354404862652 OVH Servers Singapore
104.194.250.238:40263  Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-632370065333 Multacom Corporation Servers California
168.119.241.28:35473   Location: Germany        Client: MC 0.0.0.8  Peer ID: -MC0008-307412004554 Hetzner Online AG Germany
192.99.169.31:39036    Location: Canada         Client: MC 0.0.0.8  Peer ID: -MC0008-101340833558 OVH Servers Quebec
192.3.248.211:38163    Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-366275120565 RackNerd Servers New York
49.12.65.153:44729     Location: Germany        Client: MC 0.0.0.8  Peer ID: -MC0008-184138317608 Hetzner Online AG Germany bayern
135.181.86.172:53433   Location: Germany        Client: MC 0.0.0.8  Peer ID: -MC0008-485142432231 Hetzner Online GmbH Finland Helsinki
172.105.41.156:55654   Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-857173111232 Linode LLC India Mumbai
23.94.134.143:45517    Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-712517044166 ColoCrossing Servers New York USA
45.147.200.144:46802   Location: Russia         Client: MC 0.0.0.8  Peer ID: -MC0008-833631218571 Arkada LLC Russia Moscow
198.23.228.144:45007   Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-226465768286 RackNerd Servers California
192.3.62.123:35225     Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-448027466020 RackNerd Servers New York
51.79.147.47:43557     Location: Canada         Client: MC 0.0.0.8  Peer ID: -MC0008-735801122658 OVH Servers Singapore
51.83.131.60:37216     Location: France         Client: MC 0.0.0.8  Peer ID: -MC0008-110803813573 OVH Servers Paris France
107.173.166.135:55669  Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-458264147888 ColoCrossing Servers Virginia
168.119.167.68:35589   Location: Germany        Client: MC 0.0.0.8  Peer ID: -MC0008-860430210754 Hetzner Online AG Germany bayern
23.94.134.100:42207    Location: United States  Client: MC 0.0.0.8  Peer ID: -MC0008-625182728142 ColoCrossing Servers New York USA

There are literally dozens more.

SUGGESTION on TIXATI for users worried about this abuse:   Ban PEERID like this (for now...)

-MC0008-*
by Shellsunder on 2021/07/23 01:05:07 AM    
I wonder how widespread this is.  I've never seen such a thing, though I have never looked for it.  

Perhaps a bit of analysis might illuminate something.  I notice there are a few IPs from the same company and location, and a few due to particular companies but from differing locations.  Furthermore, I notice a few companies that are represented with only one location, though I know them to have many locations.

I suppose the most significant question is, are you doing something that might warrant such special attention?




This web site is powered by Super Simple Server