Signal 11 core-dumped:
> I would consult /etc/services
More specifically:
1) Does Windows have the equivalent of /etc/services?
2) Can we truly rely on a grep of the local /etc/services
to provide a comprehensive list? If other machines (like
the local firewall) are involved, can we programmatically
find and grep them? What else should we consult?
> setting up a "test box" and then trying to connect to each port in
> sequence would be a good way to figure this out automagically.
> Someone needs to volunteer a test box, however. :) This, AFAIK, is
> how ICQ, Yahoo Messenger and the AIM client all bypass firewalls.
Really? Wow. Well, if popular clients are out there bypassing
firewalls by testing for an opening, then I'm not nearly as worried
about doing the same thing. I guess it makes sense that scanning for
a port out of firewall is viewed with less concern than scanning for
a port into one.
> There still needs some way (eventually) to automatically communicate
> this to new nodes. I'm out of ideas on this one - the only way is
> to have a central server.. which is what freenet is trying at all
> costs to avoid.
There are other out-of-band ways to get the message across besides
a single central server, but you're point is well-taken. Yes, using
different ports at different times means people have to be more
careful about keeping their contact information updated and accurate.
Fortunately, Freenet does a good job of taking over once you get in,
so this problem should not be a show-stopper.
I have some ideas about the out-of-band problem. I'm sure some other
people do as well.
> someone is going to
> simply hack their client to portscan as it is more efficient than
> guessing ports at random.. effectively a very slow portscan. It
> might as well be in the "official" client if that will be the
> de facto standard for finding Freenet nodes...
You really want to put a port scanner into the reference client?
Uh, take it up with Stephen, but the concept makes me nervous. I
got the impression that sysadmins really take it personally when
someone rattles each door on their house to see if they're all
locked. I'd much rather just tell users to go find the right addy
and port in the first place. Those who want to port scan can use
the source, luke.
> Napster does not have plausible deniability as their servers
> maintain a plaintext list of who has what. Freenet will not
> have this ability,
Yes, yes, I know about all that. I just meant that trying to
"plausibly deny" that you accessed illegal material depends in
part on the assertion that there is frequent and routine usage
of Freenet for legal purposes.
The problem here is that we have a tradeoff. The more you hide
nodes, the less likely a node operator will get caught running
one. On the other hand, once they are caught, they are more
likely to be successfully prosecuted (in the context of the
current discussion). But if it's nearly certain that your node
will be detected anyway, then trying to hide it will not keep
you from getting caught, and will only increase your punishment.
The better alternative is to make no bones that the node exists,
and emphasize approved uses for Freenet like automatic caching
of "Slashdotted" web sites and such.
> Unless of course Freenet per default hides itself. There are good
> justifications for this... one of which is that by providing a
> central list of servers, you are giving attackers an easy way to
> trash the entire network. Hiding/obscuring nodes would help it
> to resist DoS attacks - a noble goal.
Yes, have Freenet use random ports by default. My own motivation
is that it would be helpful to future stego nodes. I hadn't
thought about the "good against DoS attacks" angle, but I'm glad
you mentioned it.
--Will
_______________________________________________
Freenet-dev mailing list
Freenet-dev at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
