Is it at all possible to obtain the IP of a machine using a p2p application, such as Kazaa? How about a machine using Freenet?

I haven't analyzed the traffic that KaZaa makes, but generally I've found that the file-sharing utilities use a mesh structure whereby all traffic goes through secondaries, and from there it's forwarded to the destination (perhaps through another secondary). So tracking down the IP in a case like that is almost impossible.

HOWEVER, if you can initiate a chat session with the person, that traffic generally goes directly between the two of you, and so then you can get the IP address of the person.

I don't know exactly what procedure the RIAA is using to track down file sharers. It may be that KaZaa does open your IP address, or it may be that they're using sneakier measures. But they do have some way of getting the IP address from a KaZaa user. I'd have to analyze KaZaa traffic to see exactly how, though.

I am at work so I don't have it in front of me, but with Kazaa and any fasttrack client the IP's are not obscured in any way, there is a freeware program (Analog X perhaps) that shows the IP's uploading to or downloading from you.

The Kazaa "Supernodes" function like libraries/matchmakers of who has what file. Once a contact is made it is strictly Peer to Peer.

When I get home I will post it.

Edit- Just remembered, on windows, just go to the DOS prompt when you are running Kazaa and type "netstat", that will show all the connections.

I concur with Thrombus. Using the free edition of the Agnitum Outpost firewall, I was able to see the name and IP of every personal system sharing files with me on Kazaa. Any other decent firewall program should be able to do this.

....Was just doing it for fun, honest.

Originally posted by thrombus29
I am at work so I don't have it in front of me, but with Kazaa and any fasttrack client the IP's are not obscured in any way, there is a freeware program (Analog X perhaps) that shows the IP's uploading to or downloading from you.

In that case, you are making direct connections. That's not the way some others, like WinMX, work.

Does this work only for uploading/downloading, or can you get the IP address just by searching, too?

Originally posted by shanek


In that case, you are making direct connections. That's not the way some others, like WinMX, work.

Does this work only for uploading/downloading, or can you get the IP address just by searching, too?

When you first connect you are sent by a master supernode list server (Somewhere in Bukurna Faso or Estonia) to a supernode, the supernode indexes what files are held by what peers and then connects the two peers together. Supernodes also occasinally send info to each other.

The Supernode code is the one thing that hasn't been cracked yet, so no one knows exactily what they are doing before they connect clients, which would make it hard to get I.P.' s before you connected. There were a few open source Fasttrack clients announced that said that they were going to give you this, ability. but they were all BS (RapidRoad).

As for the Freenet question:
It is safer than other P2P's but not 100%

From:
http://freenet.sourceforge.net/index.php?page=faq

Won't attack X break Freenet's anonymity?
Short answer: Probably yes.

Long answer:

Freenet does not offer true anonymity in the way that the Mixmaster and cypherpunk remailers do. Most of the non-trivial attacks (advanced traffic analysis, compromising any given majority of the nodes, etc.) that these were designed to counter would probably be successful in identifying someone making requests on Freenet.

On Freenet, whatever you do, your identity is still revealed to the first Freenet Node you talk to, and even if you limit yourself to talk only to trusted nodes (a feature that will be implemented in the future), they will have to talk to the rest of the network at some time or another. The anonymity that Freenet offers is really just obscurity in the fact that it is hard to prove that your node wasn't proxying the request for or insert of data on behalf of somebody else (who might also just have been proxying it).

The problem is that the only way that you can offer true anonymity is if the client can directly control the routing of data, and thus encrypt it with a series of keys of the nodes it will pass through (a la Mixmaster). Freenet's dynamic routing cannot offer that, so to attain true anonymity you have to send the message through an external network of anonymous remailers first (a future SMTP->Freenet bridge would make this possible). There are also plans for doing mixmaster-style injection of requests over the "standard" protocol, however this probably won't be implemented before version 1.0, which is still some way off.

Originally posted by shanek


In that case, you are making direct connections. That's not the way some others, like WinMX, work.


Would the "chat" function in WinMX connect users directly (like in other programs), so that you can obtain a user's IP that way?

Originally posted by Joshua Korosi
Would the "chat" function in WinMX connect users directly (like in other programs), so that you can obtain a user's IP that way?

No; you connect through a secondary host. If you try to chat with the same user later, you may get an error because now they're going through a different secondary. You'd have to search for them again.

Originally posted by shanek


No; you connect through a secondary host. If you try to chat with the same user later, you may get an error because now they're going through a different secondary. You'd have to search for them again.

(hiding his desperation)

Is there any theoretical possibility of obtaining a WinMX user's IP?

Originally posted by Joshua Korosi
Is there any theoretical possibility of obtaining a WinMX user's IP?

Proably; I've never really tried. You might be able to trace the traffic as it goes through the secondaries, but you might have to compromise the secondary in doing so. Or set yourself up as one; if you aren't particular about whose specific IP you get then theoretically you can get the IP of anyone connecting through you. I've never tried it, though.

Originally posted by Joshua Korosi


(hiding his desperation)

Is there any theoretical possibility of obtaining a WinMX user's IP?

Set another computer on your network up as an Opennap server:
http://www.angelfire.com/music4/napimx/napimx.html#napmaster_faq

Connect to the network and lure your prey to your server with all your feminine wiles.

Use Netstat/server logs to log all IP.s.

Originally posted by thrombus29
Set another computer on your network up as an Opennap server:
http://www.angelfire.com/music4/napimx/napimx.html#napmaster_faq

But WinMX doesn't have to run through OpenNap.

Originally posted by shanek


But WinMX doesn't have to run through OpenNap.


What other network would it run through? WinMX's client software isn't open source but it connects through the OpenNap servers (Public and Private).

I don't think it is like Shareazza where one client can use/support different networks (Emule/BT/Gnutella2)

Where else can it search/connect?

Originally posted by thrombus29
What other network would it run through? WinMX's client software isn't open source but it connects through the OpenNap servers (Public and Private).

WinMX uses its own network. If you look at the software, you'll see that there's an option to connect to the OpenNap network, but if you do, you lose a lot of the features you get with the WinMX network.

Originally posted by shanek


Proably; I've never really tried. You might be able to trace the traffic as it goes through the secondaries, but you might have to compromise the secondary in doing so. Or set yourself up as one; if you aren't particular about whose specific IP you get then theoretically you can get the IP of anyone connecting through you. I've never tried it, though.

It's times like this I wish I was a millionaire, just so I can offer up some type of prize or reward as an incentive for somebody to figure out a way to do it.

I suppose there's always the old standby of having somebody download something with a little secret hidden inside...but I dislike that sort of action and would prefer anyway to be able to use a less-detectable method.

Now you've really made us curious....what nefarious activities do you plan?

All in good time, sir. Nothing malicious, if it will put your mind at ease...

...though I suppose "malicious" would depend on your point of view. How about this: nothing "ethically repugnant". :)

Originally posted by Underemployed
Now you've really made us curious....what nefarious activities do you plan?

Given the other thread, it sounds like he wants to engage in vigilanteism against alleged child pronography traffickers.

Originally posted by RPG Advocate


Given the other thread, it sounds like he wants to engage in vigilanteism against alleged child pronography traffickers.

Fascinating, though invalid, deduction. While the idea of engaging in "vigilanteism" for whatever reason may appeal to some, and sound romantic to others, I must confess that I take offense at the suggestion. There are people whose job it is to uphold the law; I am not one of them. I do not take the law "into my own hands". When I am wronged, I call the police.