PDA

View Full Version : How To Detect Some Monitored Files On eDk Network



Renk
04.09.11, 16:45
The principle is very simple: As Pirate's admin says:


"Among the eDonkey network clients, some send so many requests that it seems impossible that they are controlled by normal users.


They more look like bots, configured to find specific files on the donkeys network ...

Here is the daily top list of the most active of them."

So when you own some ed2k servers, and are getting in touch with admins of some others widely used servers, you are able to do some interesting although entirely legal stats.

Practically go here (http://edk.peerates.net/spyp2p.php?lang=0&p=us&o=1315051560), and click on the flag (eg US) of the country you want to you want to analyze.

You will see something like that:

http://image.bayimg.com/jajgaaado.jpg


You see title or keywords of suspicious files some ed2k server's admin have detected.

You can see silver buttons at the right. Click on them. You get for example:

http://image.bayimg.com/kajgcaado.jpg


So you have the AS number and the IP(s) (except the last digits for legal reason), here 67.219.90.*** of the peer/bot monitoring the files. The array show you the date in the 30 past days where one of the IPs of the range 67.219.90.0-67.219.90.255 was actively scanning the network.


Having studied this stats during weeks, I can say that there are a large number of scannig IPs (and even a large number of range of scanning IPs). They are active during some days of a given period, then go to rest, then will be active again... It is very difficult in my opinion to built any IPfilter abble to
correctly filter such IPs.

But it seems almost all these IP are non residential IP. So, I thing there is no reason ton filter their range every time it appears. The problem is that it is a hassle to to so manually.


The Pirate's database is updated on a daily basis..