gabriel rosenkoetter <gr_at_eclipsed.net> wrote:
>
> Um, is the fact that Gnutella use by users in a DHCP range an
> effective DoS of future users of that IP from their ISP not,
> perhaps, bearing of discussion?
>
> Gnutella has the ability to make even my ADSL go chunky style long
> after the user of it within the apartment has quit the program. I
> don't even want to *think* about what it would do to a PPP/SLIP
> modem link.
The only traffic you get after closing Gnutella are
TCP SYN packets from clients trying to open a new connection.
Looking at the few connection attemps I get on my ISDN line
when running Gnutella I doubt that this could DoS anything.
> I really have felt like I was being DoSed because of this in the
> past, in that my service was denied, not in that someone was out to
> get me. Perhaps not the easiest security compromise ("Get someone to
> run Gnutella!"), but it seems like changes could be requested in the
> way Gnutella clients cache and rebroadcast IP addresses...
You wouldn't even have to make the target run Gnutella. It's trivial
to inject arbitrary IPs into the Gnutella network. Besides that, if
you can get someone to run Gnutella you can make them run a trojaned
version too.
The only posibility I can think of to prevent this kind of DoS
(DDoS actually) would be to attach some sort of timeout value to the
IP and pass it along from client to client and drop the IP when it
gets too old. This would involve having the internal timers of the
clients synced somehow though.
-- Markus <markus-kern_at_gmx.net>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
http://aris.securityfocus.com
Received on Jul 02 2001
Intro
