On Wed, 27 Dec 2000 02:10:38 -0600 (CST) "Mark J. Roberts"
<[EMAIL PROTECTED]> writes:
> On 26 Dec 2000, Mr.Bad wrote:
>
> > API> I am very frightened for Freenet because of this
> technology.
> >
> > Join the club. Until I figger out a way to protect myself, my
> nodes
> > are off and I'm not updating Pigdog Journal in Freenet (sorry,
> > folks).
>
> And what are the best defences against this MediaOverLordDominator
> thing?
>
> 1) They can't change IPs that often. If node operators (and
> even
> people who aren't node operators) configured their systems to
> detect
> portscans, and then reported them somehow, we could use updated
> IP-banlists to block their scans. They will also be on really fat
> pipes
> that should be easy to identify. Scanning millions of IP addresses
> --
> EVERY port -- takes serious bandwidth.
My firewall, Zone Alarm, puts all my ports in stealth mode, unless a
program is setup as a server for listening on particular ports. If the
ports being listened to are constantly changeing, instead of always the
same for All freenet nodes, then they will be forced to try to scan ALL
of the ports on a particular IP address. I could very easily upload
lists of port scans and attacks that my firewall blocks.
>
> 2) Portscans are easy to block, if the OS is configured to do
> so.
> Block them and report them.
Yep, but my OS never had that ability till I got Zone Alarm. :)
>
> 3) They have ISPs, too. When a portscan is reported, send an
> email to
> the ISP in question reporting it and demanding action. Better, send
> a real
> letter. Send big boxes full of lead pipes. They'll go nuts. We
> could
> certainly organize something like this. They certainly can't hide.
First the email, then the letter, then the boxes full of lead pipes. :)
>
> Etc. This is really some great Slashdot material. People would go
> nuts.
>
> We should also keep in mind that we don't even know whether or not
> they
> will bother doing a complete portscan of every IP they scan. I
> doubt
> it. They'll probably concentrate on sitting ducks like Napster
> shares. Then we won't have much to worry about.
If everyone uses the same ports for their freenet nodes, all they will
need to do is scan just those ports on IP addresses. But what if you set
up the freenet software to be in stealth mode, as in it doesn't send
anything back saying "I'm here, and listening, go ahead" unless it
recieves a data request for a freenet key, then their port scans would
reveal nothing about any IP address they look at. :)
>
> It would be a very good idea to push for the deployment of robust
> connection logging at file-sharing hot-spots like universities, as
> well as
> just random net connections. Even if they only try four or five
> ports, it
> will be identifiable and reportable. Then the identities of the
> attackers
> and their ISP can be identified and published. Again, lead pipes in
> boxes.
> Make their lives difficult.
>
> Immediately, we must randomize the FProxy port. Otherwise, Freenet
> nodes
> are sitting ducks too. I will work on this tonight if nobody else
> volunteers.
YAY!! I hope freenet teaches those government and software company
bastards a lesson they will never forget!! :)
________________________________________________________________
GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today! For your FREE software, visit:
http://dl.www.juno.com/get/tagj.
_______________________________________________
Freenet-chat mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/freenet-chat
