On Friday 28 March 2003 08:14 pm, Vinnie wrote:
> --- In firstname.lastname@example.org, Kenneth Corbin <kencx@p...> wrote:
> > Above and beyond what can be done with a publicly
> > distributed blacklist, we have to work out protocols that identify
> > that are issueing excessive queries and stop responding to their
> Above and beyond publicly distributed blacklists, we have to work out
> protocols for identifying excessive queries at HOPS>0.
> (Unfortunately, this is impossible given Gnutella architecture).
Why? Just counting queries and throttling back on clients who send too many
is probably an overly simplistic solution, but it would do the job. Keeping
tables of queries received and throttling down someone who keeps sending the
same queries over and over again would be better, as this identifies them as
either a client that is issueing excessive queries itself, or failing to
throttle queries from one of it's clients. Either way we want to discourage
its use, and failing to respond to its queries is the most effective way we
can accomplish that.
> > Identifying excessive query
> > clients is a non-trivial problem, but one that several people are
> working out
> > solutions for.
> Identifying excessive query clients is a trivial problem, for a
> single vendor environment.
> > I happen to like open
> > source solutions because I can be involved in both design and
> I happen to like proprietary solutions because they are not as
> vulnerable to attack, and give the user a better experience.
That does seem to be the case to date, but we keep trying.
> > With a closed source solution you are pretty much on your own, with
> a much
> > smaller development pool and higher development costs, which have
> to be
> > recouped somehow.
> With an open source solution, you are pretty much restricted to the
> least common denominator of performance, with a much larger base of
> resource-hungry nodes and higher per-node resource consumption costs,
> which have to be recouped somehow (hopefully, without resorting to
Not necessarily, there is no reason why the gntella protocol couldn't be
scrapped in favor of something else if someone wants to make the case for
something bigger in and better. Whichever way we go, and open protocol has
the advantage of having a lot of very smart people trying to pick holes in in
in order to make it beter. Network protocols in general, as opposed to
specific file sharing protocols, have been an area where open standard
protocols have consistently outperformed propriatory (ie Microsoft)
> You still haven't addressed the primary problem with an open network
> solution. Any fully open network is going to get compromised by
Demonstrated absurd. Consider the Internet itself, which is a completely
open protocol, operating in an incredibly hostile environment marked by a
continuous arms race between hostile attackers and security defenders, which
netherless manages to continue functioning.
> > Unless you can move somewhere beyond
> > the reach of American law you will get shut down.
> Unless you can remain within reach of American law, but remain
> untracable in your distribution of executables and private server
> locations, you will get shut down.
Distributing executables can be done in ways that are impossible to trace.
Where they will get you is where you collect funds. Whether you get money
from users or advertisers, someone has to have a fixed point of contact that
can be traced. It is possible to make this very difficult, with offshore
fronts, Swiss bank accounts, and the like. Kazara was doing an excellent
job of keeping their financial trail under cover until they made the decision
to stand and fight. But it takes some really sharp people and you will end
up spending a lot of time and energy playing accounting games that won't be
available for software development.