On Thu, 6 Sep 2001, Robert Stoll wrote: > The problem is that the software has no way of verifying what values the > user has set, which of course can lead to mischief. I can set the > advertised IP address and port to arbitrary numbers and the result will > be that the target machine will be bombarded with hundreds inbound tcp > connections from Guntella clients looking for information. Do this with > enough clients and you have a re-incarnation of the old Smurf attack. > As of this writing, I have verified this with the Gnotella and LimeWire > clients. I will be testing other clients as well but I am confident > they will work the same way. What you're saying is correct... it's something in the Gnutella protocol itself and, even if none of the clients out there let you specify an arbitrary IP address to advertise, you'd still have those out there that could write something to get into a Gnutella network and start falsely advertising itself. It wouldn't be that hard at all for someone who is familiar with the protocol. Any DoS that could result from this is kind of limited, though, since every Gnutella client is not going to connect to every other client's IP that it knows of... they usually keep a cache of client IPs that are out there and connect *up to* a certain, usually user-specified, number of other clients at a time. At least that's how it's worked in every Gnutella client that I've seen. With every client doing routing in the network, there's simply no need for everyone to connect to everyone else, so no one does that. ---------------------------------------------------------------------- Brian Smith // avalon73at_private // http://www.arthurian.nu/ Software Developer // Gamer // Webmaster // System Administrator Friends don't let friends wear Speedos. Ever.
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 15:37:15 PDT