View Single Post
  #4 (permalink)  
Old March 17th, 2002
ragger ragger is offline
Join Date: December 31st, 2001
Posts: 2
ragger is flying high

isn't this more or less an inherent problem of the gnutella protocol (and probably other p2p) ?
I could make a client to distribute query hits, pongs or pushes with a faked ip and port. That would have the same effect.

The question is how serious is this problem.

If i understand correctly, for an attack using the queing proposal, each faked request results in only one connection to the target. This means an attacker would have to generate just as much requests as he wants the target to recieve, which doesn't seem very effective to me.
An attacker could just as well attack the target directly (except that through gnutella his ip will be hidden).

The same more or less goes for fake push requests (as i see it, the queing proposal is just a sort of delayed push).

Queryhits seem even less effective as it relies on the end user to actually start a download based on the hit.
Each fake queryhit probably results in less than one connection to the target on average.

I'm unsure about the effect fake pongs would have. But i don't think they would be much more effective than the others.

Any serious DoS'er would probably choose more effective ways than poisoning gnutella.

Ok, this are some sunday morning thoughts, feel free to shoot some holes in it
Reply With Quote