6152Re: [decentralization] Saaf testimony
- Oct 2 6:18 PMOn 2 Oct 2002, Wes Felter wrote:
> On Wed, 2002-10-02 at 15:07, Lucas Gonze wrote:Even if the attack is distributed, my hunch is an attack coming from a
> > coderman wrote:
> > > This type of DDoS is different, in that it is not relying on sheer traffic
> > > to implement a DoS, but issuing a number of file requests to tie up available
> > > download slots on peers sharing copyrighted content.
> > >
> > > This is certainly technically feasable, and if they used a distributed network
> > > themselves to implement the attacks it would be hard to defend against.
> > Hm, ok, so servents stop using upload slots and instead let uploaders use
> > all available bandwidth, just like standard web servers.
> An obvious extension of these two ideas is to open a very large number
> of idle connections to each Gnutella node, possibly exploiting hard
> limits or non-scalability in the Windows 9x TCP stack.
given IP is an IP that will never be connected to a valid, human-operated
gnutellanet client. Blocking said IPs could be done, but identifying when
a downloader is Them (on a per-IP basis) may be difficult, as all
characteristics of today's clients can be mimic'd.
Identifying IPs belonging to Them may require pattern analysis of these
"attacks" across many nodes, which means sharing, possibly pooling,
knowledge -not really good for decentralization. And, p2p being
distributed, they can present data themselves, to bias away from their
pool of IPs. Hrm.
Just about anything that an author can build into a client can be
reverse-engineered and added to the DoS code. I wonder if there exists a
kind of "proof of membership" scheme whereby peer connection records could
be signed or encrypted, deposited in a distributed pool for analysis.
Records from actual human-operated clients, posessing proper
proof-of-membership credential, could be separated from DoS client
NNTP is a kind of decentralized, rolling database that could be used for
depositing and pooling connect records. Just about all ISP accounts have
NNTP access, it hasn't been legislated away (yet.) Problem is, any
decentralized means by which records get analysed can be used against
clients wanting to deny service to the DoSers. Unless they are encrypted
with a public key, and the analysis is carried out by a central node (on
- << Previous post in topic Next post in topic >>