>From: Haxe <[EMAIL PROTECTED]>
>To: gtk-gnutella-devel@lists.sourceforge.net
>Subject: Re: [Gtk-gnutella-devel] Gnutella Query
>Date: Fri, 15 Jun 2007 02:05:34 +0200
>
>On Friday 15 June 2007 01:29, Lloyd Bryant wrote:
> > >How in hell would that be helpful for gnutella?
> >
> > It wouldn't.
>
>That was a rhetoric question :-)
It was a rhetorical answer :-)
>
> > What this person is attempting to do is create a DDoS
> > (Distributed Denial of Service) tool. Basically, take every query
> > that is received by a given node, and reply to it showing a matching
> > file on the machine that attacker wishes to DoS.
>
>Perhaps it would be possible to make such a behaviour less effective.
>
>The hostile node must be connected to the gnutella network through some
>other ultrapeers. At least the directly adjacent UPs could possibly
>detect such a behaviour with reasonable certainty and then stop
>forwarding any search requests to the hostile node. Don't simply drop
>the connection, otherwise the hostile node would just reconnect to
>another ultrapeer.
>
>If most ultrapeers (not only gtk-gnutella) had this detection mechanism
>in place, that could be helpful.
>
Consider this scenario: The attacker connects to an ultra node, "harvests"
queries for 1 to 2 minutes (generating bogus query results), then
disconnects and seeks another ultra node. I've seen obvious spammers and
"disruptors" (those returning false results for non-existent nodes) using
this technique, so a DDoS attacker would simply do the same.
Lloyd B.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Gtk-gnutella-devel mailing list
Gtk-gnutella-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/gtk-gnutella-devel
