Good, I'm glad other people have noticed these anomalous search results. I blocked the IP, as bad_vlad suggested, and problem is solved, for now. It is interesting to note that blocking only one IP solved the problem (*IP address removed*) and that that IP address ia associated with a web hosting firm in Los Angeles.
It is possible to design a malicious attack based on the strategy of responding to every search string (a la Paradog) that is much more effective than what we are seeing now (assuming this is a malicious attack, of course). If this is an attack on the gnutella network, it is then reasonable to assume that it is just a trial run to debug, test expected bandwidth, etc., and that more sophisticated attacks will follow shortly. More IPs, more sophisticated file naming schemes, random file sizes, viruses, etc.
I read something a few weeks ago about some proposed legislation in the U.S. that would make this kind of malicious attack legal for "content owners" or something... does anybody have a link for more info on that?
OTOH, maybe it is not an attack, maybe someone is testing their new, poorly designed gnutella client.
Last edited by birdy; February 1st, 2008 at 04:42 PM.
|