gabriel rosenkoetter <grat_private> wrote: > > Um, is the fact that Gnutella use by users in a DHCP range an > effective DoS of future users of that IP from their ISP not, > perhaps, bearing of discussion? > > Gnutella has the ability to make even my ADSL go chunky style long > after the user of it within the apartment has quit the program. I > don't even want to *think* about what it would do to a PPP/SLIP > modem link. The only traffic you get after closing Gnutella are TCP SYN packets from clients trying to open a new connection. Looking at the few connection attemps I get on my ISDN line when running Gnutella I doubt that this could DoS anything. > I really have felt like I was being DoSed because of this in the > past, in that my service was denied, not in that someone was out to > get me. Perhaps not the easiest security compromise ("Get someone to > run Gnutella!"), but it seems like changes could be requested in the > way Gnutella clients cache and rebroadcast IP addresses... You wouldn't even have to make the target run Gnutella. It's trivial to inject arbitrary IPs into the Gnutella network. Besides that, if you can get someone to run Gnutella you can make them run a trojaned version too. The only posibility I can think of to prevent this kind of DoS (DDoS actually) would be to attach some sort of timeout value to the IP and pass it along from client to client and drop the IP when it gets too old. This would involve having the internal timers of the clients synced somehow though. -- Markus <markus-kernat_private> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jul 02 2001 - 10:33:09 PDT