Thread: Serious Problem That may allow for EASY distributed denial of service attacks
View Single Post
  #1 (permalink)  
Old September 27th, 2002
Unregistered
Guest
  
Posts: n/a
Exclamation Serious Problem That may allow for EASY distributed denial of service attacks
How to use Gnutella for EASY distributed denial of service attacks

As I understand it, when an XML search (under the LimeWire System) is recieved by a servent, the search contains the URL
of the XML schema it is using. The servent must then have a copy
of the XML schema, so if it hasn't downloaded it already, it will
download it now. Then the servent must parse the Schema, etc...

So I could initate a XML search request with the URL of the Schema being somthing like:

http://site_to_crash.com/fakeschema.xml

Then all of the thousands of servents that would recieve it would
contact that site and try to download that file. If I initate a few dozen search requests like this ( each with a different filename on the same host ) I could probably crash that site ( unless it has lots of servers )
Reply With Quote