DC++ Ltd.

March 13, 2010 by Leave a comment

Finally, the newest DC++ 0.760 introduced a function what’s become a prerequisite for every p2p application over the years. Yes, it is the bandwith or transfer rate limiting capability and is a very useful thing, a tool in the user’s hands to arrange the bandwith usage between running applications or computers reside in the same local network.

As DC++ 0.760 brings many exciting new features,  I wanted to go to details about other interesting things first. But as we heard that some uniformed hub owners already started to ban the newest DC++ version in their hubs, I thought its better to discuss  the limiter topic asap, to try to show that its really not the evil thing to be afraid of…

Beside the reasons above, bandwith limiting possibility is a vital need for those who has asynchronous connections (eg. xDSL) where  uploads near the speed of the maximum upload bandwith of  the connection can badly affect the speeds of the downloads, no matter how much larger your download connection is. This can render the connection unusable for other applications (even for web browsers) while DC++ is running.

This means that allowing a slight limit of the upload bandwith to the user is desirable and it enhaces the user experience. The question is what can be done against abuse or misuse of this function.

In fact, its not a matter of  absence or existence of the bandwith limiting function on various DC clients. If someone wants to abusively limit his/her uploads, it can be done by various ways like using fake DC clients or running external bandwith management applications either on the host computer or in the gateway device (router, etc…).  Even there is at least one official DC client (BCDC++) which has bandwith limiting possibility for a long time without  showing the usage of  the upload limiter in any way.

So the only thing we can do is to trust the network members with a hope that vast majority of them are’nt abusers.  Its clear that banning certain groups of users when there are numerous possible ways still open to use bandwith limiting is not a particularly smart practice to say the least…

Its important to know that unlike other clients, DC++ 0.760 shows the value of the used upload bandwith limiter in both ADC and NMDC hubs.  Its not in the DC++ tag, but in case of both protocol, the value is shown in the same place, in the connection coloumn (CO field).

In ADC, when the limiter is enabled the CO field is changed to the limiter value and shown the same way as the line speed before.

In NMDC, as the connection value is sent as a string, we carefully chose a format that differs from anything that DC++ ever shown in the connection column, thus we made the bandwith limiter usage clearly detectable for hub owners. The upload limiter value is shown in KiB/s, and includes the unit in latin letters (for example : 32 KiB/s).

We all know that the (current) nature of the DC network doesn’t let us control the up/download ratio of the users. This is bad but there’s a hope that we’ll have a ratio control extension for ADC soon, so then hub owners will be able to regulate their users upon their ratio as they wish. Until then, everybody should be patient…

Filed under Clients, General

DC++ 0.75 and older vulnerable to bzip2 filelist bomb

March 12, 2010 by 2 Comments

DC++ 0.75 and earlier can be remotely crashed via either bzip2 filelists (example filelist) or hublists (themselves compressed with bzip2). Such list downloads can be automatically triggered by automatic searches for alternate sources, so explicit user action is unnecessary [1]. Not every client seems to crash; the precise dependence on operating system or other factors remains unclear. However, crashes have been observed using both Windows XP and Windows 7.

As before, updating network-facing software remains important. Equally importantly, DC++ mod authors should attempt to update in a timely manner such as to avoid exposing their users to this bug.

[1] To catch a large number of clients in a hub in a relatively short period of time with no manual intervention, listen for searches (especially TTH searches) and always respond positively, such that clients try autosearching for alternate sources. Other tricks are possible as well, of course.

Filed under ADC, Clients, Developers, General, NMDC, Security

DC++ 0.760 is out

March 12, 2010 by 3 Comments

1 year of development but now its here and better then ever, 1 year thats how long it took for us to complete it but it was all worth it to see the final release version of DC++.

So whats new apart from the look well lets take a peek in the changelog

  • [L#213213] Implement bandwidth throttling (cologic, bigmuscle)
  • [L#414068] No 35-characters limit to nick and description (ullner)
  • Improve user command support in ADC hubs (poy)
  • Readded WTL exception to the license (for mod developers)
  • Toolbar customization (shift+drag, double-click, right-click) (poy)
  • [ADC] Allow hubs to send IPs of passive users via INF (poy)
  • Register in HKCU instead of HKLM to avoid UAC warnings; ditch magnet.exe (poy)
  • [L#515646] Remove ADC 0.10 compatibility (not ADCS 0.10) (cologic)
  • Change the tray icon on private messages (poy)

These are just some of the updated n fixes thats in the changelog but these imho are the ones that stand out.

So Bandwidth limiter is new in DC++ now i know i hear i sigh from the general public on Direct Connect BUT if you all think about it every p2p/download manager has a limiter so why shouldn’t DC++ have one too.

No 35 Limit to nick is a thing that written about already on this blog so ill just refer to it.

Re added WTL exception to the license.

thanks PPK for pointing out this our dear loving friend always have valuable input for us all so thanks again (i know he is lurking around here).

Toolbar can now be resized (yay) with a simple right click you can decide your size of the toolbar 16 22 24 32 if anymore numbers are needed do tell.

Allow hubs to send IPs of passive users via INF

For our dear spamming friends that love to go around Direct Connect spamming for VA sites n hubs well the fun days are coming to an end cause now DC++ show the IP even in passive mode.

Register in HKCU instead of HKLM to avoid UAC warnings is for all us Vista/Windows 7 users that are dead tired of all the annoying warning messages from UAC this little patch fixed that problem.

And finally a change on Tray icon when receiving a private message like all the other clients have.

So for all you 0.674 sorry to say it but that version sucks in comparison to 0.760 so read this and weep!!!

here is a screenshot enjoy this fine release and to get it go to:
https://sourceforge.net/projects/dcplusplus/

Filed under Clients, General Tagged with , ,

DC++ 0.760 is approaching…

February 16, 2010 by Leave a comment

…and there’s a lot of GUI improvements and changes come with the new version. This means that there’s a lot of new strings waiting to translate.  As release is expected in around 10 days we ask all the volunteers to update their translations at Launchpad. Still you can use Lauchpad’s easy-to-use web based translator or POEdit for your translations…

Keep up the good work and help spreading DC++ :)

Filed under Clients, General

Passive Mode C-C Connections and NAT Traversal

February 13, 2010 by Leave a comment

Disclaimer: DC++ 0.76 does not support NAT traversal. DC++ 0.76+1 will support it only for ADC.

Currently, at least one user in a connecting C-C pair must have enabled active mode. NAT traversal ameliorates the problem of neither party having correctly configured active mode. Because about half of DC clients tend to use passive mode, approximately a quarter of possible pairs of DC users, DC++ currently has no means by which to directly transfer files. Commonly, these dual passive modes result from both such users having either a firewall or NAT device blocking inbound connections; in such cases NAT traversal can help.

This post summarizes how DC++ forms client-client connections, including active mode, passive mode, and using NAT traversal. Technical details on NAT traversal will appear in future posts; this post intentionally elides detail.

Several cases exist pertaining to client-client connection establishment. The easiest involves the requesting client sending a $ConnectToMe/CTM across the hub to the other client with its IP address and port. The contacted client then establishes a TCP connection to the specified address. The next easiest situation, also handled by DC++, involves a passive client A sending $RevConnectToMe/RCM to active client B, which then responds with $ConnectToMe/CTM and proceeds as in the first case. DC++ has handled both of these cases since its inception, with the following diagram showing schematically how RCM->CTM->connection works, where S represents the DC hub and client A represents that passive user sending first $RevConnectToMe/RCM:

The remaining case involves two passive users attempting to connect. Currently, a successful response to a $ConnectToMe/CTM represents a necessary and sufficient condition for the existence of a client-client connection, as ordinarily the TCP connections underlying client-client connections result from a pair of connecting and listening sockets. Without either client A or client B being able to perform the latter role, no connection can result.

In particular, NAT (Network Address Translation) involves the NAT device at 155.99.25.11 watching for outgoing packets from client A at 10.0.0.1 and rewriting them such that external hosts see them as having originated from 155.99.25.11 whilst simultaneously checking incoming packets for belonging to an already established (in the case of TCP) connections initiated by a host on that NAT device’s internal network, rewriting the packet destination address as 10.0.0.1, and forwarding it back along to client A. These actions effect a mostly-intact, backwards-compatible illusion that client A is directly connected to the internet while allowing the NAT device at 155.99.25.11 to multiplex packets from and to many private IP addresses through its one public IP.

However, because to an external host, packets originating from client A (10.0.0.1) appear to originate from 155.99.25.11, any responses will be sent to the NAT device (155.99.25.11) rather than A directly (10.0.0.1, which could easily be a wholly separate host for client B regardless). The NAT device must thus keep track of which extant packet streams it should redirect to which internal hosts (client A and other hosts within that network), usually by tracking which ports are held by connections from which internal hosts, watching for packets to those ports, and shunting them along to the waiting internal host.

 

One can use this session-tracking mechanism to punch holes in NATs, so long as one knows the port in question, by sending packets into the hole punched by that existing TCP connection: if the NAT device at 155.99.25.11 sees an incoming packet to port 4321 and already knows that port 4321 is held by client A at 10.0.0.1 for an existing outbound connection (to server S), it can route that packet to client A – even if the packet forms a new connection. This forms the basis of NAT traversal, by which one can form client-client connections through NAT devices.

DC++ will often thus be able to use the NAT mappings created by existing A-S and B-S connections to bootstrap a new direct A-B client-client connection, even if both A and B are in passive mode, allowing many formerly mutually inaccessible pairs of passive-mode users to directly transfer files.

Peer-to-Peer Communication Across Network Address Translators

Filed under ADC, General

DC++ 0.75+1 Drops ADC/0.10 Compatibility

February 2, 2010 by Leave a comment

DC++ pre-0.704 and DC++ 0.75+1 cannot communicate via client-client ADC connections to transfer files. This change affects neither ADCS/0.10 nor NMDC client-client protocol-based interoperability.

Anyone using using a DC++ client recent enough to have even moderate ADC support but old enough to be directly affected by this should have already updated to at least DC++ 0.707 to avoid remotely triggerable crashes, regardless.

Filed under ADC, Clients, General

DC++ 0.75+1 Removes 35 Character Nick Limit

January 24, 2010 by Leave a comment

This commit by ullner, coming in the next DC++ release, causes some popular hubs perhaps unexpected problems.

Hub administrators should probably look into updating their hub software.

Enjoy, all.

Filed under Clients, Developers, NMDC, Security

DC++ Remote Crash/Exploit Disclosure

January 9, 2010 by Leave a comment

In the spirit of public disclosure to encourage users to move to recent versions and to encourage mod developers to fix their code, this post announces a well-known but not publicly announced somewhat recent remote DC++ exploit.

The DC++ NULL Pointer Remote Denial of Service Vulnerability involves sending an $ADCGET command such as “$ADCGET (%S) //+ 0 %-1 ZL1” to the other client along a client-client connection, which will promptly and reliably crash the latter client. This affects all recent versions until 0.707, so unless you’re running one of 0.707, 0.7091, 0.750, or a more recent development-snapshot, you’re probably vulnerable to this remote crash.

Furthermore, one doesn’t have to manually connect to another client for this crash to occur; a connection triggered by autosearch/add-queue is sufficient. Alternatively, one doesn’t even have to rely on that but can instead just send $(Rev)ConnectToMe commands to other clients to create client-client connections in the manner of some client-detection mods and systematically crash an entire hub of DC++-pre-0.707 users by connecting to them and sending them the example poison command.

This exploit is one example of why as with all network-facing software, one should keep DC++ updated.

Filed under Clients, Developers, General, NMDC, Security

Securing the unsecure ?!

December 25, 2009 by Leave a comment

Seasons greetings everyone from us at DCDev

Wanted to rant about private only scripts and the idiocy usage of em since a script really cant determine if its public or private.

Private only scripts are mainly used in Ptokax / Verlihub or any soft using lua scripting interface.

So what does the tag stand for in DC++

1/1/1

first digit is unregistered usually determined as public hub but all it really is is unregistered.

second digit is registered here is where most people thing it means private and hidden away in the deep corners of the direct connect network (it kinda amuses me) since it could be a public vip or just an account on hub that you registered yourself at.

Third and last is of course the operator digit this really doesn’t show if its private or public either.

and using hublist to check if same user is online at other hubs on NMDC is pretty dumb too since, It might be an shared connection.

What if the person has a brother or sister that uses DC++ and likes to be  on a public hub to talk about nothing and everything.

plus it really cracks me up that we are talking about securing private hubs that are communicating via cleartext protocol :D using NO ENCRYPTION thats really funny how secure is the hub in that regard let me tell you’ll.

Its really just a waste so in the holiday seasons i leave you with the words of wisdom your only as secure as your own box (hub).

P.S for all those people making these scripts for god sake do it right and put in a 60-90 second delay before kicking the poor sap since there can be a slight delay in updating myinfo on NMDC and for that matter ADC since i know the idiocy is gonna continue.


I help those who help themselves! – Zoidberg (Futurama)

Filed under General, NMDC

ADCH++ User Guide

October 14, 2009 by 2 Comments

Well in an attempt to get user to understand how to use ADCH++ ive made a simple user guide that will show the basics of using ADCH++

http://builds.adcportal.com/index.php?folder=YWRjaHBwL3VzZXJfZ3VpZGU=

Hopefully this guide will end up in the repository for ADCH++ and suggestions on missing features or details needing more explanation are always welcome just post about it in the blog post or at DCDev Public

Filed under General, Hubs

Older posts

Newer posts

Design a site like this with WordPress.com
Get started