Bill Pringlemeir wrote: > I know that I was operating passive filters that automatically > downloaded data during this time period. It wasn't the file > extensions that they talked about. It is possible that a gtk-gnutella > node could have downloaded these files. For instance, a gtkg user > might have a filter to downloads anything with > "subject_of_interest.*\.mpg". Another user might search for > "subject_of_interest" and the DDOS node would be successful.
Why another user? This seems a bit far-fetched and over-complicated example. Also by default results without a SHA-1 are discarded. If we know the SHA-1 the file won't be requested by its filename, so you can't do funny things with the filename. > However, as noted the newline filtering should prevent this from happening > with gtk-gnutella. There's no newline filtering in gtk-gnutella as far as I can tell. If it ever requests a file by its filename, the filename will be URL-encoded as usual with HTTP. Thus no issue. The local filename will be sanitized though, thus and control characters will be replaced by a simple space. > The paper recommended detecting that the node was a gnutella > participant before downloading. I don't think that's what solves the DDoS issue. It only mitigates it by using a light-weight UDP exchange in advance e.g., using HEAD Ping/Pongs. This reduces the constant but asymptotical there's no difference at all. You can only prevent a DDoS by adding a bottleneck somewhere. For example, leaves could ask their ultrapeers to perform such a check. The ultrapeers can then cache the results so that they don't have to forward each request. The same things which make DNS scalable: Hierarchy, caching, distribution. Out-of-band results make Gnutella more scalable by avoiding bottlenecks but the other effect is that you have little to no control who talks to whom and in which frequency. One possibility is enforce OOB proxying even for non-firewalled leaves so that you could really look at all results of your leaves. > I don't really think that this is the best approach. Having magnet links > referencing legitimate http is a valid way of using a gnutella client. Search results don't contain magnet links. Magnet-links can be handled differently. -- Christian ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Gtk-gnutella-devel mailing list Gtk-gnutella-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/gtk-gnutella-devel
