strange msn packets

[ff]

Hi, in the past days I've discovered that the msn gateway was doing an
insane amount of traffic, so I started sniffing out what was
happening. I discovered that all is coming from some contacts (quite a
few indeed) continuously sending packets like this:

.....4..........v..............0...............INVITE
MSNMSGR:gsc...@me.com MSNSLP/1.0
To: <msnmsgr:gsc...@me.com>
From: <msnmsgr:sonia....@terra.com.br>
Via: MSNSLP/1.0/TLP ;branch={D1245860-8EDC-490C-902F-ADF51436A712}
CSeq: 0
Call-ID: {553C514F-9F1A-533A-68C0-574C3B665BEF}
Max-Forwards: 0
Content-Type: application/x-msnmsgr-transrespbody
Content-Length: 30029

Listening: true
NeedConnectingEndpointInfo: true
Conn-Type: Port-Restrict-NAT
TCP-Conn-Type: Symmetric-NAT
IPv6-global:
UPnPNat: false
Capabilities-Flags: 1
IPv4External-Addrs: 201.41.41.98
IPv4External-Port: 63649
IPv4Internal-Addrs: 192.168.0.100 192.168.0.100 192.168.0.100
192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
192.168.0.100 192.16....
091.121.143.160.60615-207.046.026.096.01863: MSG 235 D 549
MIME-Version: 1.0
Content-Type: application/x-msnmsgrp2p
P2P-Dest: sonia....@terra.com.br


It seems some sort of invite for a file transfer, which is ignored by
the gateway. This is presumably a virus (since the users don't know
they are sending anything), and it's very difficult to block. Is
anybody else noticing the problem, and any idea of how blocking it?
(it's the 90% of the traffic of our server at the moment!)

[tom]

Hi,

Have a look at http://groups.google.com/group/py-transports/browse_thread/thread/ce7199f6ad3f81d0/5e20ef1b4cc57b3d?lnk=raot

It seems to be the same problem.

On 15 mar, 18:39, ff <fabio.fo...@gmail.com> wrote:
> Hi, in the past days I've discovered that the msn gateway was doing an
> insane amount of traffic, so I started sniffing out what was
> happening. I discovered that all is coming from some contacts (quite a
> few indeed) continuously sending packets like this:
>
> .....4..........v..............0...............INVITE

> MSNMSGR:gsco...@me.com MSNSLP/1.0
> To: <msnmsgr:gsco...@me.com>
> From: <msnmsgr:sonia.sco...@terra.com.br>

> P2P-Dest: sonia.sco...@terra.com.br

[Fabio Forno]

On Sun, Mar 15, 2009 at 10:18 PM, tom <thgu...@gmail.com> wrote:

> Have a look at http://groups.google.com/group/py-transports/browse_thread/thread/ce7199f6ad3f81d0/5e20ef1b4cc57b3d?lnk=raot
>
> It seems to be the same problem.
>

Thanks, the patch works perfectly

--
Fabio Forno, Ph.D.
Bluendo srl http://www.bluendo.com
jabber id: f...@jabber.bluendo.com

[Adam Tistler]

That looks oddly similar to a SIP Invite message. Is that how MSN
does file transfer??
Max-Forwards: 0 and the number of IPv4Internal-Addr's certainly look
suspicious.

Adam Tistler
1(732)718-2631
atis...@gmail.com