> On Friday 15 June 2007 01:29, Lloyd Bryant wrote: >> What this person is attempting to do is create a DDoS (Distributed >> Denial of Service) tool. Basically, take every query that is >> received by a given node, and reply to it showing a matching file >> on the machine that attacker wishes to DoS.
On 14 Jun 2007, [EMAIL PROTECTED] wrote: > Perhaps it would be possible to make such a behaviour less > effective. > The hostile node must be connected to the gnutella network through > some other ultrapeers. At least the directly adjacent UPs could > possibly detect such a behaviour with reasonable certainty and then > stop forwarding any search requests to the hostile node. Don't > simply drop the connection, otherwise the hostile node would just > reconnect to another ultrapeer. > If most ultrapeers (not only gtk-gnutella) had this detection > mechanism in place, that could be helpful. The paper on this has been out for some time and was posted to the GDF forum some time ago. "http://www.ics.forth.gr/~elathan/publications/gdos-paper-final.pdf"; If you read the paper, you have to mangle the returned file name to include new lines. GTKG already protects against this for queries it receives. I think that it also does this for forwarded query responses [but I am not so sure about that]. The OOB (udp query responses) have a new cookie that protects against this DDOS attack. My understanding of the query protocol is that the network is flooded with the query, but only response to your own nodes or a proxied leaf will flow through. You would have to have both the target of the attack and the attacker connected to you to detect this. If you cannot do this file name trickery, you will just have the target web server do a "404 - NOT FOUND" which won't take nearly as much bandwidth. You have to gain something by using gnutella to do this. You get some anonymity, but the bandwidth multiplication is probably more important. There are lots of ways to do HTTP anonymously, so if gnutella nodes ignore files with newlines, it becomes much harder to use this for DDOS. My guess would be that the OP wanted to spam instead. They are sort of the same thing I guess (DDOS vs spam). fwiw, Bill Pringlemeir. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Gtk-gnutella-devel mailing list Gtk-gnutella-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/gtk-gnutella-devel
