Typing in chat causes some clients to connect

[j7n 0]

Why is it that typing in the chat of a hub causes some clients in there to attempt a connection to me. This is immediate and automatic, and the other clients are always the same ones, suggesting a setting activated in them. They are listed in the transfers pane for a while as "Connecting..." and then disappear. Not all of them are operators, but often they are, suggesting that a special client is used. Which one that might be?

[Crise 26]

Why is it that typing in the chat of a hub causes some clients in there to attempt a connection to me. This is immediate and automatic, and the other clients are always the same ones, suggesting a setting activated in them. They are listed in the transfers pane for a while as "Connecting..." and then disappear. Not all of them are operators, but often they are, suggesting that a special client is used. Which one that might be?

 

Are they real users or a some type of bot. Either way, can't say I have heard of this kind of behavior exactly. Also what kind of file name they request from you (namely, if it is an actual file in your share a filelist or something else entirely) ?

 

If you want to look into it more, open the CDM debug window and look at the protocol traffic for those connections.

[j7n 0]

Most of these users (passive and active) can be connected and downloaded from. When they make this connection, they are visible in the transfers list for three minutes as "Connecting..." and don't request any file. Repeated chatting in the same hub does not cause them to connect again.

This is only an annoyance when I try to manage the uploads disconnecting duplicate users and observing speeds. The list becomes longer than it really is.

I observed this in Apex and also in an old DC++ which I used until last year.

In CDM I see the following lines. These are the strange clients. 212.142.84.209 is me. I don't know how to interpret the log.

 

Hub:	[Incoming][192.241.88.226:2020]	 	<[JOKER]j7n> test
Hub:	[Incoming][192.241.88.226:2020]	 	$ConnectToMe [JOKER]j7n 188.168.46.193:3785
Client:	[Outgoing][188.168.46.193]	 	$MyNick [JOKER]j7n|
Client:	[Outgoing][188.168.46.193]	 	$Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.785Ref=reloaded.jollyjokerhub.eu:2020|
Client:	[Incoming][188.168.46.193]	 	$MyNick [JOKER]LUXOR
Client:	[Incoming][188.168.46.193]	 	$Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.707ABCABC
Client:	[Outgoing][188.168.46.193]	 	$Supports MiniSlots XmlBZList ADCGet TTHL TTHF ZLIG |
Client:	[Outgoing][188.168.46.193]	 	$Direction Upload 3624|
Client:	[Outgoing][188.168.46.193]	 	$Key A ѱ00 0 0 0 0 0|
Client:	[Incoming][188.168.46.193]	 	$Supports MiniSlots XmlBZList ADCGet TTHL TTHF ZLIG 
Client:	[Incoming][188.168.46.193]	 	$Direction Download 3157
Client:	[Incoming][188.168.46.193]	 	$Key A ѱ00 0 0 0 0 0
Hub:	[Incoming][192.241.88.226:2020]	 	$ConnectToMe [JOKER]j7n 178.48.118.228:54355
Client:	[Outgoing][178.48.118.228]	 	$MyNick [JOKER]j7n|
Client:	[Outgoing][178.48.118.228]	 	$Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.785Ref=reloaded.jollyjokerhub.eu:2020|
Client:	[Incoming][178.48.118.228]	 	$MyNick goodmans
Client:	[Incoming][178.48.118.228]	 	$Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.707ABCABC
Client:	[Outgoing][178.48.118.228]	 	$Supports MiniSlots XmlBZList ADCGet TTHL TTHF ZLIG |
Client:	[Outgoing][178.48.118.228]	 	$Direction Upload 3742|
Client:	[Outgoing][178.48.118.228]	 	$Key A ѱ00 0 0 0 0 0|
Client:	[Incoming][178.48.118.228]	 	$Supports MiniSlots XmlBZList ADCGet TTHL TTHF ZLIG 
Client:	[Incoming][178.48.118.228]	 	$Direction Download 16309
Client:	[Incoming][178.48.118.228]	 	$Key A ѱ00 0 0 0 0 0


Hub:	[Incoming][92.222.0.123:411]	 	<!![VIP]j7n> test
Hub:	[Incoming][92.222.0.123:411]	 	$RevConnectToMe ZloyVadim !![VIP]j7n
Hub:	[Outgoing][92.222.0.123:411]	 	$ConnectToMe ZloyVadim 212.142.84.209:6541|
Client:	[Incoming][109.86.172.18]	 	$MyNick ZloyVadim
Client:	[Outgoing][109.86.172.18]	 	$MyNick !![VIP]j7n|
Client:	[Outgoing][109.86.172.18]	 	$Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.785|
Client:	[Incoming][109.86.172.18]	 	$Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.709ABCABC
Client:	[Outgoing][109.86.172.18]	 	$Supports MiniSlots XmlBZList ADCGet TTHL TTHF ZLIG |
Client:	[Outgoing][109.86.172.18]	 	$Direction Upload 3624|
Client:	[Outgoing][109.86.172.18]	 	$Key A ѱ00 0 0 0 0 0|
Client:	[Incoming][109.86.172.18]	 	$Supports MiniSlots XmlBZList ADCGet TTHL TTHF BanMsg ZLIG 
Client:	[Incoming][109.86.172.18]	 	$Direction Download 20692
Client:	[Incoming][109.86.172.18]	 	$Key A ѱ00 0 0 0 0 0
Hub:	[Incoming][92.222.0.123:411]	 	$RevConnectToMe  !![VIP]j7n
Hub:	[Outgoing][92.222.0.123:411]	 	$ConnectToMe  212.142.84.209:6541|
Client:	[Incoming][46.172.1.52]	 	$MyNick 
Client:	[Outgoing][46.172.1.52]	 	$MyNick !![VIP]j7n|
Client:	[Outgoing][46.172.1.52]	 	$Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.785|
Client:	[Incoming][46.172.1.52]	 	$Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.709ABCABC
Client:	[Outgoing][46.172.1.52]	 	$Supports MiniSlots XmlBZList ADCGet TTHL TTHF ZLIG |
Client:	[Outgoing][46.172.1.52]	 	$Direction Upload 3742|
Client:	[Outgoing][46.172.1.52]	 	$Key A ѱ00 0 0 0 0 0|
Client:	[Incoming][46.172.1.52]	 	$Supports MiniSlots XmlBZList ADCGet TTHL TTHF BanMsg ZLIG 
Client:	[Incoming][46.172.1.52]	 	$Direction Download 4252
Client:	[Incoming][46.172.1.52]	 	$Key A ѱ00 0 0 0 0 0
Hub:	[Incoming][92.222.0.123:411]	 	$RevConnectToMe ++++ !![VIP]j7n
Hub:	[Outgoing][92.222.0.123:411]	 	$ConnectToMe ++++ 212.142.84.209:6541|
Client:	[Incoming][91.202.0.204]	 	$MyNick ++++
Client:	[Outgoing][91.202.0.204]	 	$MyNick !![VIP]j7n|
Client:	[Outgoing][91.202.0.204]	 	$Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.785|
Client:	[Incoming][91.202.0.204]	 	$Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.709ABCABC
Client:	[Outgoing][91.202.0.204]	 	$Supports MiniSlots XmlBZList ADCGet TTHL TTHF ZLIG |
Client:	[Outgoing][91.202.0.204]	 	$Direction Upload 1832|
Client:	[Outgoing][91.202.0.204]	 	$Key A ѱ00 0 0 0 0 0|
Client:	[Incoming][91.202.0.204]	 	$Supports MiniSlots XmlBZList ADCGet TTHL TTHF BanMsg ZLIG 
Client:	[Incoming][91.202.0.204]	 	$Direction Download 28367
Client:	[Incoming][91.202.0.204]	 	$Key A ѱ00 0 0 0 0 0


Hub:	[Incoming][109.73.110.190:411]	 	<j7n> test
Client:	[Outgoing][85.254.12.221]	 	$MyNick j7n|
Client:	[Outgoing][85.254.12.221]	 	$Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.785Ref=bin.rec.lv|
Client:	[Incoming][85.254.12.221]	 	$MyNick [LV]Leonkrevs
Client:	[Incoming][85.254.12.221]	 	$Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.674ABCABC
Client:	[Outgoing][85.254.12.221]	 	$Supports MiniSlots XmlBZList ADCGet TTHL TTHF ZLIG |
Client:	[Outgoing][85.254.12.221]	 	$Direction Upload 21148|
Client:	[Outgoing][85.254.12.221]	 	$Key A ѱ00 0 0 0 0 0|
Client:	[Incoming][85.254.12.221]	 	$Supports MiniSlots XmlBZList ADCGet TTHL TTHF ZLIG 
Client:	[Incoming][85.254.12.221]	 	$Direction Download 29459
Client:	[Incoming][85.254.12.221]	 	$Key A ѱ00 0 0 0 0 0

[Mek 13]

I've seen this behavior as well. Those users are using some OP clients that have the ability to automatically "check" users (to get the IP and other info) when they write in chat so that is basically what they do. Another thing is, this is not really needed for ordinary users and so their clients are misconfigured...

[Crise 26]

Some of that traffic looks extremely interesting... without looking into it, they seem to be either OP clients of some description, as Mek said, looking for particular defects, or malicious clients trying to run an exploit (although I did not check the existing public exploits against these patterns).