How to protect my eMule from ISP's TCP Reset Attack?

For months,my eMule has been attcking by ISP through TCP Reset packets!It loses conections with many servers nearly every ten minutes,I have reinstalled eMule,reinstalled my system,changed router,bought a new net card but nope!!And finally by some sniffers I get the packets exchanged between eMule and servers and know that our ISP uses some poisonsous RST packets to interrupt the connections between eMule and servers for limiting the bandwidth.I tried every possible means to complain to ISP but there are no way,so I need HERE someone help me to create some RAW rules to block all these attack!!​

Servers that I can NOT connect for long time:
ed2k://|server|193.138.205.25|5000|/
ed2k://|server|85.17.52.92|5000|/
ed2k://|server|85.17.52.124|5000|/
ed2k://|server|193.138.221.214|4242|/
ed2k://|server|193.138.221.213|4242|/
ed2k://|server|77.247.178.244|4242|/

Thanks in advance!!!!!

Regards!!

Kael

 

Hi,

I'm afraid there is nothing to do against that.

First, you have no control at all against Reset that are sent to remote servers.
Secondly, for received Reset, it is probably very difficult to identify the ones to be filtered. And you can't filtered all Reset TCP packets, because they ar required anyway to have the TCP working properly.

If you think Reset are only sent to your PC and not to remote servers, and if you have a way to differenciate between Reset sent by your ISP, and normal Reset coming from remote servers, then maybe it is possible to create a rule.

Regards,

Frederic

 

Hi,Frederic,

Thank you for your reply!!!

I discovered that the some TCP packets with Flag AR and TTL is 114 but the normal one's TTL must be 45,so how can I create RAW RULES to block these RST packets?​

Regards,
Kale

 

Hi,

Here is a raw rule to block received TCP packets with the Reset flag enabled and with a TTL value of 114:
http://looknstop.soft4ever.com/Rules/En/TCP Reset Rcv & TTL.rie
You can edit it (with the plugin) and change the value of the field #3 if 114 is finally not correct.

As I said before, this will just handle a reset your PC receives. If a reset is sent to the remote side too, the connection will be stopped anyway.

Regards,

Frederic

 

Frederic,
Thank you indeed!!I will try it as soon as possible.But tell me,if the RST packets are sent to both,how can I get the proof of our ISP's attack in the packets I received?I will try to take some legal action and I need the proof that the attack is from our ISP.Is there any way to find out where the packets are sent from (ISP's special IPs,ect)?​

Thanks!!
Regards!
Kael

 

Sorry, I don't know at all. I can just help you filtering packets, when possible, and if you specify them (like you did, by saying TTL is 114).

Regards,

Frederic

 

Frederic,
The above rule has NO effects,and someone at Linux forum tells me that this
command :

Code:

iptables -I FORWARD -p tcp -d 192.168.0.0/24 --tcp-flags RST RST -j DROP

It can help ML Donkey and aMule to avoid receiving those poisonous RST packets,can you tell me what the command means in detal? I am a novice to Unix.And can you please create a rule that has the same function of the command?Or finally we have to drop every RST packets---I know it's part of the TCP and we need it to handle the communication correctly,but if drop all these RST packets can make eMule walk smoothly I am glad to have all RST dropped even I can not use other internet apps when using eMule!

Thanx!!
Regards!!

Kael'thas

 

Hi,

The rule I created blocks incoming packets with the reset flag and with a TTL of 114. This is what you asked.
I'm not surprised this is not sufficient. As I told you in the first post I don't think there is really a solution for that, especially if a Reset is sent to the remote server.
Unfortunately, I don't know this linux command, if it blocks all Reset packets, it won't be a solution anyway, as I told you, they are required.

Regards,

Frederic

 

Frederic,
Thanx anyway!You mean that there is nothing we can do about it if we connect to the remote server via ISP....it's sad to know this!

Regards,
Kael'thas

 

Hello,

New emule versions include a "protocol obfuscation" feature.

http://wiki.emule-web.de/index.php/Protocol_obfuscation

This will help disguise the packets from your ISP and you'll be able to enjoy it all again. Or you can switch ISP.

Mrk

 

Unfortunately, large parts of the world are stuck with only one ISP. So, you have to choose between bad and nothing

 

@Mrkvonic,
Thank you for your reply,I have alrealdy been using the "protocol obfuscation",
and no use, ISP locks the IP of those servers and sent RST to both sides,in this
way the "protocol obfuscation" has no function.

@Lucas1985,
Yes, I can't agree more!!

 

Kaelthas,

Give this a try
http://www.torrentfreedom.org/

It's very reasonable at $17 a month and it works.