Gnutella Forums  

Go Back   Gnutella Forums > Gnutella News and Gnutelliums Forums > General Gnutella / Gnutella Network Discussion
Register FAQ The Twelve Commandments Members List Calendar Arcade Find the Best VPN Today's Posts

General Gnutella / Gnutella Network Discussion For general discussion about Gnutella and the Gnutella network.
For discussion about a specific Gnutella client program, please post in one of the client forums above.


Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old September 26th, 2002
Novicius
 
Join Date: September 26th, 2002
Posts: 4
gnuts is flying high
Default Kazaa 2.0 won't help Gnutella

The new version is generating alot of excitement among file sharers and that can only mean fewer people attracted to Gnutella which is already withering.
Reply With Quote
  #2 (permalink)  
Old September 26th, 2002
Connoisseur
 
Join Date: August 9th, 2001
Location: Philadelphia, PA, USA
Posts: 358
cultiv8r is flying high
Default

In my opinion, the biggest issue is that Gnutella developers are too busy trying to figure out how to get more results to searches, while at the same time reducing bandwidth consumption. But now its going into a "Microsoft Syndrome" where all the focus is on "better" interfaces, better results, more features with snazzy names, etc. Until someone decides to exploit the problems with Gnutella.

It's pretty much the day MS Outlook (Express) started to receive VB scripts, and renamed .exe files in your mail, containing worms and virii, and the HTML pages that automatically zipped you to another site, forced you to upload/download things that were personal, etc. THAT is where Gnutella is going at this rate of development. Most developers that talk on the GDF have their heads in the sand. Security is their lowest priority (with an exception of a small number).

For example, AusCERT (Australian department of CERT) recently sent most Gnutella developers a letter that they were planning to publicize a document, that states that Gnutella can be used for a DDoS attack. This issue is already know among many people, and it has been so for over a year. No one has touched that topic often enough to be resolved. Even when AusCERT sent out that letter, it was discussed for about 3 weeks, with all kinds of interesting ideas, and then it sizzled down into nothingness, replaced by another discussion.

In meantime, all the Gnutella clients are capable of launching a DDoS with little effort. Simply send a Pong with the wrong IP address/port to as many nodes you can. The Ping/Pong caching will also ensure that wrong IP address will remain around for a while to come. A temportary solution? Check Pongs with a Hop count of 0, against the actual IP address of that connection. Is any Gnutella client doing that yet? Perhaps two out of the 2-dozen. A long term solution? Don't trust every node on the network, by accepting their messages at all times.

Now what does this have to do with the end user experience? Currently, the network is filled with bogus of faulty network messages, because everyone is trusted. Everyone, including those organizations you may speak of in dismay. The more bogus and faulty messages around, the less quality messages can be exchanged. The best example would be bogus Query Hits (results to your search). Instead of coming from a file sharer that actually owns that file, it might be "produced" on the fly and leads to nowhere. All downloads for these results will fail, and thus degrading the quality of your search results. Or how about someone tracking your download habits? That "produced" Query Hit might well point to an IP address that happily creates a list of files attempted to be downloaded, with IP, timestampt and all - leading straight to your frontdoor (* although most people cannot be held accountable for 'attempting to download' -- yet). So as the end result, your search results may filled 1/3rd with bogus Query Hits, another 1/3rd of Query Hits no longer valid, while the remainder is flooded with download requests, leaving no spot for you.

The point here? Gnutella developers need to focus more on security. Not only does this prevent Gnutella to be abused against itself or other services, but it will also increase the overall quality of the network. At that point, one can start worrying about getting more search results and reducing bandwidth whereever possible.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Poll: Kazaa V. Gnutella ajutagir General Gnutella / Gnutella Network Discussion 25 August 11th, 2006 02:12 AM
Does Kazaa use Gnutella, or its own network? DallasFlier General Gnutella / Gnutella Network Discussion 2 September 14th, 2005 05:49 PM
Kazaa V Gnutella? - No contest timboyce General Gnutella / Gnutella Network Discussion 0 July 30th, 2004 10:17 AM
ES5 downloads from Gnutella & Kazaa Naked Truth General P2P Network Discussion 0 January 30th, 2004 02:36 PM
When will KazAa support gnutella? anti PatriotAct General Gnutella / Gnutella Network Discussion 1 January 10th, 2003 10:49 AM


All times are GMT -7. The time now is 04:15 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.