At 09:28 AM 3/29/02 -0800, Greg Broiles wrote: >At 08:55 AM 3/29/2002 -0800, Major Variola (ret) wrote: >> 1. ISPs blocking its ports >> >> 2. The "entry points" to P2P are vulnerable ---web sites that point >>to dynamic list of *tella >> servents, or the Kazaa site that points to active Kazaa supernode
>>servents. Simply sue >> any of the sites with lists of *tella hosts. Even better, get the >>ISPs to drop host lists >> as fast as they drop stuff under DMCA. >>[...] >>To resist 2. you have to be able to randomly probe IP addresses to find >>a node. > >This sounds like a bad assumption to me - both because it seems unworkable >given the size of the IPv4 address space (without even thinking about >IPv6), and because randomly probing other machines isn't likely to be >allowed (or successful) in a more security-aware environment, which is what >the DMCA and its ilk are creating. Re IPv6: yes, you'd have to restrict search to netblocks known to be used by folks at home. Randomly probing machines is legal if not intended to disable the destination. And how else can you find peers if a fixed site that refers you to them is succeptible to attack? The very fact that such a fixed site would be advertizing its services brings (unwanted legal) attention to it, even as it helps the user community through this same attention. If the "probe" were disguised as an HTTP request it would not be seen as a probe, but as a misconfigured browser request. >Also, from an inbound perspective, it's not sensible to respond to incoming >queries from unknown users with potentially incriminating information - >e.g., "If he's connected to my port 31337, he's here for my warez, I'll >give him a full list!" - because what looks like an inbound "random probe" >may be a sweep performed by hostile actors, e.g., ><http://www.mediaenforcer.com> or <http://www.baytsp.com>. But how do you admit new nodes without also admitting spies? This is how those spy-sites work. >Naive "self-organization" is not a reasonable approach for a hostile >environment. P2P content networks exist (and have always existed) in a >hostile environment. >Designs which depend on friendly behavior on the part of unknown >counterparties are doomed. Eliminate the "friendly" assumption, or >eliminate the "unknown" aspect of the counterparties before transacting >with them. How *do* you stop hostile entities from finding your network? How do you admit benign users without accepting spies? Passwords and the like offer small obstacles to spies and prevent network deployment. Yes, you can have the equivalent of invisible 'private clubs' but how do you open a general gallery to the public without admitting spies who report that you're reading copyrighted poems without paying the author? I don't see how crypto for authentication, confidentiality, or stego for concealment can help. All the RIAA has to do is get the congresshits to pass a few laws making Freenet & *tella list sites illegal, ISP's responsible, and publicly-accessable P2P is toast. Random probing and forged-source encrypted UDP packets seem like a good place to start... when the nightmare of the RIAA shredding the 1st and 4th becomes the present. Thanks
