Hello all, I found what I believe may be a built-in DoS of sorts in Gnutella. For those of you who are not familiar with Guntella, it is a peer-to-peer file sharing system that popped-up a while back as one of the may alternatives to Napster. Gnutella is more of a protocol specification than an application so it has many different clients such as Gnotella, LimeWire, and BearShare among others. Once on the network, the Gnutella client connects to other hosts running Gnutella and starts exchanging lists of "up" hosts and search queries. This (at least on my machine) creates about 5-45k worth of background noise while the client is running. Additional bandwidth gets consumed when the user downloads files from someone else or vice versa. One of the many features of Gnutella is that it is firewall-aware and will allow the user to force the client to advertise a different IP address than is actually on his or her the machine to allow for any NAT that may be going on. The client will also allow the user to change the port that incoming clients will connect to as well. The problem is that the software has no way of verifying what values the user has set, which of course can lead to mischief. I can set the advertised IP address and port to arbitrary numbers and the result will be that the target machine will be bombarded with hundreds inbound tcp connections from Guntella clients looking for information. Do this with enough clients and you have a re-incarnation of the old Smurf attack. As of this writing, I have verified this with the Gnotella and LimeWire clients. I will be testing other clients as well but I am confident they will work the same way. Bob... -----BEGIN PGP PUBLIC KEY BLOCK----- mQGiBDkZl/IRBADnB0FEr2gi0lb6mVGCqGBssoomn2Nu9JggyZw9rrZpzk76oWAT Nal7w/+670rK14Fn7jPrSERhWc3yArfbRV3dueP5w5yhwDrVPxfOQJqNqnvhAf8I iT4qiCaeXuZQVFFw2i5jLHoI2yENx+kEvOnihKXIdwhg5QE5+zXFkrcnOQCg/z/U 9jz+OzvtVugq+KAxcRE3TlkEALN8cTU2bRiM4jfee8CHsttuKkzdc2ozyQFuVF6K dPU/vCt30VywpHWaXLQIiFIns2u0B5gI/Q7GM5Q3Kw/JPcVWOTBYbT8mVNS9JuGb R8LiVHjmxxdfhGHMCT13tV17yb1Ojt5UXlAJWTA3ouSv/jTwBzb+NqUWt7MJfRG+ 33VLA/wOMPkVva/nkG5XlBYZXa6J4vCJ9MYvQSggF9MWHRD5TqxXiIB30X+eZthi FcedaeCrwyRE8+m2k+zlvB60EcEmvFm77sY5y8lzJj/GwnvZ0yixaeW4Dsoa4xMZ FdFMkzyPMdLrTy7T+mFPWHuHgZz7mV9CNPRCl6DmsloG8kHseLQdUm9iZXJ0IEMu IFN0b2xsIDxib2JAZXNyLmNvbT6JAE4EEBECAA4FAjkZl/IECwMCAQIZAQAKCRDE dGCFFngO4joYAKC3NcDOOZpweW3xc9mm09f/kR5wWQCgkHDCl5JE/1TGr7sdWAHG rlt8FgS5Ag0EORmX8xAIAPZCV7cIfwgXcqK61qlC8wXo+VMROU+28W65Szgg2gGn VqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZSTz09jdvOmeFX klnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI61Brwv0YAWCvl 9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/ClWxiNjrtVjLhd ONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgHKXrKlQzZlp+r 0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVekyCzsAAgIH/0rX1B6VQu53UPm7 MGxVU7CyCJ/Is3bezieyQvDjcPtUqZc3+tDXJH4a13+KFANm8S7wuiSw6kkllOcF 991yw1Lb15kSLoaSXmDj1dA0RX2ZtPRwQwdJUIy6vH/RXQQfIhgKQ2ZjsoMa1ga6 ij8QGQkUlAqbb2BCajfR0LCataNiRmLnxsCzu9UglAglMyytSExq7qMh1l3IRTcM vJtfNb4vj13JGDiBu757oQUCEkgOSCx1C+EXHRavQ0C/17da/IZuPhMD4kN//rYD KumIPYIiE5oMq+73S5Og981Dxs+ZMB0EGofKbmNviotaBZw9tkmgQmsK1kHIYG9v gLGxU2qJAEYEGBECAAYFAjkZl/MACgkQxHRghRZ4DuK48wCg3o17KpDCt2bZXEKs nqz74gC0iuQAnAysusc9AiVDz0/LuSpKL9KzDH4z =ERVJ -----END PGP PUBLIC KEY BLOCK-----
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 11:16:02 PDT