Thread: BEARSHARE clients & its encrypted packets (NOTE: Not related to it's 'spyware')
View Single Post
  #17 (permalink)  
Old August 11th, 2001
Abaris's Avatar
Abaris Abaris is offline
Ringwraith
  
Join Date: May 13th, 2001
Location: Europe
Posts: 86
Abaris is flying high
Question mysterious
Vinnie said on the GDF:

> Damn these people that didn't learn from BearShare's mistakes!

> If you recall, the "problem" version of BearShare would send a binary
> query of fixed length ONCE to EACH new connection that was
> established.

> This is identical to the proposal that John Marshall suggested (a new
> query per new host connection).

Is this update behaviour still built into newer bearshare servents ? don't know, i don't use bearshare, but it would seem very strange to me as vinnie said it "screwed up the network" and as he didn't want it to be used for automated researching. I am very confused about this thing as well, for several reasons:

1) there is absolutely no sense in broadcasting version numbers in order to look for an update. it causes too much traffic and it would be way easier to just connect to the home server on startup (like other servents do).

2) there is even less sense in <I>encrypting version numbers with an RSA key.</I> this is simply ridiculous.

3) if it were to block fake versions, why is this protocol enhancement secret ? it would protect bearshare servents, but every other servent would still connect to the fake version (which might be a virus or something even worse...) because they don't have a notion of what these packets mean.

4) a fake version of bearshare could just send normal messages, identifying itself as "SomeNewClient", and noone would notice it!
The user running the fake would never know what messages it sends to other servents (if he is not a hacker himself), and those servents (including bearshare!) would connect to it because they think it is just a new unknown servent. If it is published under the name of bearshare but sends messages identifying itself as gnotella or gnucleus, then every version of bearshare would connect to it because gnotella and gnucleus have no encrypted authentification feature. As a blocking mechanism, it is absolutely ineffective, it is useless.

but if the packets would contain information about the user's system or downloads or something else which all these sp***re fanatics claim (i can't hear the word anymore), why should it be broadcasted to other servents instead of sending it home? that makes no sense either.

what could these packets ever be good for ?
Reply With Quote