Slightly more (and slightly old) info on using Gnutella in a DoS: http://www.aciri.org/vern/papers/reflectors.CCR.01/ --Walker > On Thu, 6 Sep 2001, Robert Stoll wrote: > > > Hello all, > > I found what I believe may be a built-in DoS of sorts in Gnutella. For <snip> > > The problem is that the software has no way of verifying what values the > > user has set, which of course can lead to mischief. I can set the > > advertised IP address and port to arbitrary numbers and the result will be > > that the target machine will be bombarded with hundreds inbound tcp > > connections from Guntella clients looking for information. Do this with > > enough clients and you have a re-incarnation of the old Smurf attack. As of > > this writing, I have verified this with the Gnotella and LimeWire clients. > > I will be testing other clients as well but I am confident they will work > > the same way. > > > > > > Bob...
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 16:27:04 PDT