Loading ...
Sorry, an error occurred while loading the content.

6152Re: [decentralization] Saaf testimony

Expand Messages
  • Kevin Prichard
    Oct 2, 2002
    • 0 Attachment
      On 2 Oct 2002, Wes Felter wrote:

      > On Wed, 2002-10-02 at 15:07, Lucas Gonze wrote:
      > > coderman wrote:
      > > > This type of DDoS is different, in that it is not relying on sheer traffic
      > > > to implement a DoS, but issuing a number of file requests to tie up available
      > > > download slots on peers sharing copyrighted content.
      > > >
      > > > This is certainly technically feasable, and if they used a distributed network
      > > > themselves to implement the attacks it would be hard to defend against.
      > >
      > > Hm, ok, so servents stop using upload slots and instead let uploaders use
      > > all available bandwidth, just like standard web servers.
      >
      > An obvious extension of these two ideas is to open a very large number
      > of idle connections to each Gnutella node, possibly exploiting hard
      > limits or non-scalability in the Windows 9x TCP stack.

      Even if the attack is distributed, my hunch is an attack coming from a
      given IP is an IP that will never be connected to a valid, human-operated
      gnutellanet client. Blocking said IPs could be done, but identifying when
      a downloader is Them (on a per-IP basis) may be difficult, as all
      characteristics of today's clients can be mimic'd.

      Identifying IPs belonging to Them may require pattern analysis of these
      "attacks" across many nodes, which means sharing, possibly pooling,
      knowledge -not really good for decentralization. And, p2p being
      distributed, they can present data themselves, to bias away from their
      pool of IPs. Hrm.

      Just about anything that an author can build into a client can be
      reverse-engineered and added to the DoS code. I wonder if there exists a
      kind of "proof of membership" scheme whereby peer connection records could
      be signed or encrypted, deposited in a distributed pool for analysis.
      Records from actual human-operated clients, posessing proper
      proof-of-membership credential, could be separated from DoS client
      deposits.

      NNTP is a kind of decentralized, rolling database that could be used for
      depositing and pooling connect records. Just about all ISP accounts have
      NNTP access, it hasn't been legislated away (yet.) Problem is, any
      decentralized means by which records get analysed can be used against
      clients wanting to deny service to the DoSers. Unless they are encrypted
      with a public key, and the analysis is carried out by a central node (on
      Sealand. ;^)

      kevin
    • Show all 14 messages in this topic