You write everywhere about ways to detect CTM flooding and ban such hubs from hublists, but there's a hub that does CTM flooding right on the first page. Here's the hub:
http://www.qsdchublist.com/?s=hubdetails&id=405How do I know it's doing CTM flooding? Well, I'm writing my own hublist pinger and maybe I'll even make a hublist some day, so here's some of its output:
felix@the-machine:~/Work/py/pybot$ ./pybot.py -b "PyBot" dchub.hacker.lv -p4012
[8] Ping finished.
Lingering around for 20 seconds for CTM detect...
--------------------------------------------------------------------------------
Hub name : dchub.hacker.lv:4012 www.tikli.lv ���� � ����� ������������ � �����
Hub topic : VerliHub
Operators : Torrent.Hacker.Lv, forester, Mavr, OpChat, Kruzo
Users : 8823
Connect : 18.947388 seconds
CTM Flood : Detected (type 7)
CTM Requests :
--* 91.121.84.128:411
--* 194.9.94.86:80
--* 91.121.82.24:411
--* 194.9.94.86:411
Extra info :
--* dchub.hacker.lv:4012 www.tikli.lv ���� � ����� ������������ � �����
--* dchub.hacker.lv:4012
--* VerliHub
--* 15000
--* 0
--* 0
--* 100
--* VerliHub
--* hacker
My bot is not yet complete so it doesn't show the amount of CTM requests it got for each IP, but CTM Flood type 7 means that it was requested to connect to at least one IP:PORT combination more than once in 5 seconds. I would guess it was requested to connect to all IP:PORT combinations multiple times.
This is not the first time this happens on this hub. It happened a couple days ago, too. Even if I connect with a DC++ client I can see myself starting 5-6 "uploads".
EDIT: I made my bot count requests, too. Behold:
CTM Requests :
--* 91.121.84.128:411 x 4
--* 194.9.94.86:80 x 2
--* 91.121.82.24:411 x 2
--* 194.9.94.86:411 x 2
So it got a total of 10 requests in 20 seconds. They're not only flooding other hubs but they are even flooding a web server.
Dev Zone
