Scamming passive users in ADC

Being in passive mode in ADC sure its disadvantages; less search results and less download sources. However, this also works the other way; you have to respond to less searches and have fewer potential uploads (because other people are in passive mode, too).

Why would anyone consider being passive as advantagious? Well, if you’re intentionally passive when you want to and intentionally active when you want to.

Consider the case of a download in active mode; You log in, broadcast to everyone your IP and port so they can connect to you (and you’ll be able to download) (“CTM = connect to me”).
Consider the case of a download in passive mode; You log in, ask whoever you want to download from what their “connect to me” is, and you connect to them.

Now what if I did a little scam? What if I logged in, not publicly but privately sent a user my IP and port, and did a “connect to me”? And afterwards I’ve sent the CTM, I’d just (privately again) send “I’m passive again, so I’m resetting my IP and port”. But your ongoing client-client connection would still be active.

What this will do is that only the active users in the hub will be able to download from you, and you won’t be relayed download requests by users who aren’t active. (Or if you are relayed, you can just ignore them “as you won’t be able to download from them”.)

This also works in searches. When you want to search, simply broadcast your info so people can relay the proper amount of search results to you. When you’re satisfied, just reset your information.

Note: This all could also be used as a way of saying “hey, I publicly said my port was this, but it’s shaped, so if you want to use one that’s not, use this port.”

(Note: I’m not sure if this all is possible in NMDC, because there’s no notion of “send only to a specific user”.)

Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”

One Response to Scamming passive users in ADC

  1. koninglat says:

    Linking this to the favourite DoS-topic: you indeed automatically give away your IP and (open up a) port if someone sends you a CTM, and you’re in active mode. That of course is a ‘good moment’ for a malevolent person to use that as target location for his (D)DoS…

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: