Gnutella Forums

Gnutella Forums (https://www.gnutellaforums.com/)
-   Open Discussion topics (https://www.gnutellaforums.com/open-discussion-topics/)
-   -   Serious Possbile Problem With LimeWire's XML Searching System (https://www.gnutellaforums.com/open-discussion-topics/15890-serious-possbile-problem-limewires-xml-searching-system.html)

Unregistered September 26th, 2002 09:29 PM
Serious Possbile Problem With LimeWire's XML Searching System
 
How to use Gnutella for EASY distributed denial of service attacks

As I understand it, when an XML search (under the LimeWire System) is recieved by a servent, the search contains the URL
of the XML schema it is using. The servent must then have a copy
of the XML schema, so if it hasn't downloaded it already, it will
download it now. Then the servent must parse the Schema, etc...

So I could initate a XML search request with the URL of the Schema being somthing like:

http://site_to_crash.com/fakeschema.xml

Then all of the thousands of servents that would recieve it would
contact that site and try to download that file. If I initate a few dozen search requests like this ( each with a different filename on the same host ) I could probably crash that site ( unless it has lots of servers )


All times are GMT -7. The time now is 12:37 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.