Gnutella Forums

Gnutella Forums (https://www.gnutellaforums.com/)
-   General Gnutella Development Discussion (https://www.gnutellaforums.com/general-gnutella-development-discussion/)
-   -   Warning to developers, network flooding 10-21-03 (https://www.gnutellaforums.com/general-gnutella-development-discussion/22232-warning-developers-network-flooding-10-21-03-a.html)

Anymouse October 21st, 2003 02:49 AM
Warning to developers, network flooding 10-21-03
 
You may already be aware of this, after doing some network monitoring I found query hit returns of 24K full of "text"!
They came in for my requests, and were also being passed through my node to others (other people's requests).
24K takes up a lot of bandwidth when you are on a modem, you only have about 5K in and 1K out. The packets repeated for different word queries, looks like someone thinking they can slow down the network via flooding.
I can't drop the packet because it's coming down the Gnet,.
The packets always seemed to be the same size but nothing says they can't do a little more work and make them variable.
The text content was like text from a book, it just went on and on and on about nothing. It tried to look like XML so it can pass through.
Clients should monitor for this, let the user know somehow, and should have a way to set a drop the node limit (with suggested size) so a user can set it just a few bytes below the typical offending packet.
The problem with dropping a node is a big attack like this could disrupt the whole Gnet.

The real solution: Make a connection option for Gnet that packetizes Gnet data with the ability to send a "cancel" message at any time so the sending node stops sending that packet, or even better, send a "block this guid" message so that node knows not to send any more packets to you from that guid. Then you don't have to drop the node connection.

Anymouse October 22nd, 2003 03:30 AM
Another trick is to use a very high speed server connection and high speed CPU and put up a modified Ultrapeer/Supernode to capture as many connections as you can and not return any search hits, or only "approved" filtered ones, meaning no MP3s mostly.
This would effectively lock a leaf node into that Ultrapeer, since it dropps all other connections, and then play "censor" as they see fit.
If enough nodes get sucked in (could be 10's of thousands times as many servers as they can put up) they could censor the whole Gnet.
Need to think up a way to detect and stop this, a central trusted IP based black list would be a good start, but they can move their servers around or other tricks to get new IPs.
Another idea is to always connect to a few other non Ultrapeer nodes no matter what.
More ideas?


All times are GMT -7. The time now is 04:02 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.