Gnutella Forums  

Go Back   Gnutella Forums > Gnutella News and Gnutelliums Forums > General Gnutella Development Discussion
Register FAQ The Twelve Commandments Members List Calendar Arcade Find the Best VPN Today's Posts

General Gnutella Development Discussion For general discussion about Gnutella development.


Welcome To Gnutella Forums

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, fun aspects such as the image caption contest and play in the arcade, and access many other special features after your registration and email confirmation. Registration is fast, simple and absolutely free so please, join our community today! (click here) (Note: we use Yandex mail server so make sure yandex is not on your email filter or blocklist.) Confirmation emails might be found in your Junk folder, especially for Yahoo or GMail.

If you have any problems with the Gnutella Forum registration process or your Gnutella Forum account login, please contact us (this is not for program use questions.) Your email address must be legitimate and verified before becoming a full member of the forums. Please be sure to disable any spam filters you may have for our website, so that email messages can reach you.
Note: Any other issue with registration, etc., send a Personal Message (PM) to one of the active Administrators: Lord of the Rings or Birdy.

Once registered but before posting, members MUST READ the FORUM RULES (click here) and members should include System details - help us to help you (click on blue link) in their posts if their problem relates to using the program. Whilst forum helpers are happy to help where they can, without these system details your post might be ignored. And wise to read How to create a New Thread

Thank you

If you are a Spammer click here.
This is not a business advertising forum, all member profiles with business advertising will be banned, all their posts removed. Spamming is illegal in many countries of the world. Guests and search engines cannot view member profiles.



           Deutsch?              Español?                  Français?                   Nederlands?
   Hilfe in Deutsch,   Ayuda en español,   Aide en français et LimeWire en françaisHulp in het Nederlands

Forum Rules

Support Forums

Before you post to one of the specific Client Help and Support Conferences in Gnutella Client Forums please look through other threads and Stickies that may answer your questions. Most problems are not new. The Search function is most useful. Also the red Stickies have answers to the most commonly asked questions. (over 90 percent).
If your problem is not resolved by a search of the forums, please take the next step and post in the appropriate forum. There are many members who will be glad to help.
If you are new to the world of file sharing please do not be shy! Everyone was ‘new’ when they first started.

When posting, please include details for:
Your Operating System ....... Your version of your Gnutella Client (* this is important for helping solve problems) ....... Your Internet connection (56K, Cable, DSL) ....... The exact error message, if one pops up
Any other relevant information that you think may help ....... Try to make your post descriptive, specific, and clear so members can quickly and efficiently help you. To aid helpers in solving download/upload problems, LimeWire and Frostwire users must specify whether they are downloading a torrent file or a file from the Gnutella network.
Members need to supply these details >>> System details - help us to help you (click on blue link)


Moderators

There are senior members on the forums who serve as Moderators. These volunteers keep the board organized and moving.
Moderators are authorized to: (in order of increasing severity)
Move posts to the correct forums. Many times, members post in the wrong forum. These off-topic posts may impede the normal operation of the forum.
Edit posts. Moderators will edit posts that are offensive or break any of the House Rules.
Delete posts. Posts that cannot be edited to comply with the House Rules will be deleted.
Restrict members. This is one of the last punishments before a member is banned. Restrictions may include placing all new posts in a moderation queue or temporarily banning the offender.
Ban members. The most severe punishment. Three or more moderators or administrators must agree to the ban for this action to occur. Banning is reserved for very severe offenses and members who, after many warnings, fail to comply with the House Rules. Banning is permanent. Bans cannot be removed by the moderators and probably won't be removed by the administration.


The Rules

1. Warez, copyright violation, or any other illegal activity may NOT be linked or expressed in any form. Topics discussing techniques for violating these laws and messages containing locations of web sites or other servers hosting illegal content will be silently removed. Multiple offenses will result in consequences. File names are not required to discuss your issues. If filenames are copyright then do not belong on these forums & will be edited out or post removed. Picture sample attachments in posts must not include copyright infringement.

2. Spamming and excessive advertising will not be tolerated. Commercial advertising is not allowed in any form, including using in signatures.

3. There will be no excessive use of profanity in any forum.

4. There will be no racial, ethnic, or gender based insults, or any other personal attacks.

5. Pictures may be attached to posts and signatures if they are not sexually explicit or offensive. Picture sample attachments in posts must not include copyright infringement.

6. Remember to post in the correct forum. Take your time to look at other threads and see where your post will go. If your post is placed in the wrong forum it will be moved by a moderator. There are specific Gnutella Client sections for LimeWire, Phex, FrostWire, BearShare, Gnucleus, Morpheus, and many more. Please choose the correct section for your problem.

7. If you see a post in the wrong forum or in violation of the House Rules, please contact a moderator via Private Message or the "Report this post to a moderator" link at the bottom of every post. Please do not respond directly to the member - a moderator will do what is required.

8. Any impersonation of a forum member in any mode of communication is strictly prohibited and will result in banning.

9. Multiple copies of the same post will not be tolerated. Post your question, comment, or complaint only once. There is no need to express yourself more than once. Duplicate posts will be deleted with little or no warning. Keep in mind a forum censor may temporarily automatically hold up your post, if you do not see your post, do not post again, it will be dealt with by a moderator within a reasonable time. Authors of multiple copies of same post may be dealt with by moderators within their discrete judgment at the time which may result in warning or infraction points, depending on severity as adjudged by the moderators online.

10. Posts should have descriptive topics. Vague titles such as "Help!", "Why?", and the like may not get enough attention to the contents.

11. Do not divulge anyone's personal information in the forum, not even your own. This includes e-mail addresses, IP addresses, age, house address, and any other distinguishing information. Don´t use eMail addresses in your nick. Reiterating, do not post your email address in posts. This is for your own protection.

12. Signatures may be used as long as they are not offensive or sexually explicit or used for commercial advertising. Commercial weblinks cannot be used under any circumstances and will result in an immediate ban.

13. Dual accounts are not allowed. Cannot explain this more simply. Attempts to set up dual accounts will most likely result in a banning of all forum accounts.

14. Video links may only be posted after you have a tally of two forum posts. Video link posting with less than a 2 post tally are considered as spam. Video link posting with less than a 2 post tally are considered as spam.

15. Failure to show that you have read the forum rules may result in forum rules breach infraction points or warnings awarded against you which may later total up to an automatic temporary or permanent ban. Supplying system details is a prerequisite in most cases, particularly with connection or installation issues.

Violation of any of these rules will bring consequences, determined on a case-by-case basis.


Thank You! Thanks for taking the time to read these forum guidelines. We hope your visit is helpful and mutually beneficial to the entire community.


Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old March 13th, 2002
Apprentice
 
Join Date: February 20th, 2002
Location: The Netherlands
Posts: 6
Frans Wijnen is flying high
Exclamation DDoS exploit with proposed queuing scheme

When reading the proposed queuing scheme on rfc-gnutella (http://rfc-gnutella.sourceforge.net/...ella_queue.txt) it occured to me that when implemented this widely anyone could go around crawling through gnutella and direct a distributed denial of service attack on any server on the net.

Crawl gnutella and search for common files like "nude" or "Britney" and request some/all results with the new header;

GET /get/123/foobar.txt HTTP/1.0
Range: bytes=0-
User-Agent: Some Client 1.0
X-Host: 123.1.2.3:80

Where 123.1.2.3 is the (in this example web-) server you'd like to hit.


To prevent this you can;

a) Only allow a change of port.
AFAIK the outgoing and incomming IP address of any "normal" firewall is always the same. But you need to know which port is to be used for the callback.
X-Callback-port: 6346

b) Don't do callbacks
Keeping a socket open requires virtually no IP packets at all, so why not keep some of the queued sockets open?

Request from client
GET /get/123/foobar.txt HTTP/1.0
Range: bytes=0-
User-Agent: Some Client 1.0
X-Queue-Request

Response from server when immedeately queuing.
HTTP 100 OK
Server: Some Server 1.0
X-Queued: position=3; eta=42; ID={123432-45673-58787-65465465}
Server waits with transmission until a slot is available.

When there is no queue-slot available, it asks the client to retry.
HTTP 503 Server Busy
Server: Some Server 1.0
X-Queue-Retry: 600
X-Queued: position=8; eta=3600; ID={123432-45673-58787-65465465}
The client waits 10 minutes (600) and retries the request. The retry time can be estimated by the server as the eta for the first queue-slot (plus some)

Request from client when retrying
GET /get/123/foobar.txt HTTP/1.0
Range: bytes=0-
User-Agent: Some Client 1.0
X-Queue-Request: ID={123432-45673-58787-65465465}

c) ... (anyone?)


---

Although option a) is a _lot_ simpeler to implement, I personally don't like the idea of callbacks. It seems to me that if you want something, then come and get it.
Reply With Quote
  #2 (permalink)  
Old March 13th, 2002
Unregistered
Guest
 
Posts: n/a
Default

My 60GB drive is full and I now have to start figuring out what to delete.
Why are people thinking about new ways to get more files when everything works fine?
I think the people complaining are the same people who are behind a firewall and wonder why they can't get anything via a push. Dumb arses complaining when it's their fault.
The problem doesn't exist. There are plenty of files, and you can fill up a 60GB drive with a modem connection.
And before adding this, why don't you developers get with it and ask the user what his upload bandwidth is and then open more upload slots till it's used up?
WHY ISN'T ANYONE WORKING ON THAT SIMPLE THING? It's been more than a year now and no one has done this, are all developers lame?
Reply With Quote
  #3 (permalink)  
Old March 16th, 2002
Connoisseur
 
Join Date: August 9th, 2001
Location: Philadelphia, PA, USA
Posts: 358
cultiv8r is flying high
Default Re: DDoS exploit with proposed queuing scheme

Hoi Frans,

Quote:
it occured to me that when implemented this widely anyone could go around crawling through gnutella and direct a distributed denial of service attack on any server on the net.

...
X-Host: 123.1.2.3:80
...
You're right. It has been implemented on a small, non-public scale only, so thank goodness for that. But someone could indeed create false requests which could lead to a DDoS.

Solution A, just sending the port (as the receiver can detect the IP by itself) seems most suitable in this case. The reason for a callback instead of keeping the port open is that the QUEUE (no emphasis) is used when a client is out of upload sockets. That indicates a limit set by either the end-user or as a precautionary limit on non-server operating systems like Windows 9x and Windows ME (which have terrible time opening and maintaining many socket connections).

I'd like to point out that with the introduction of a file mesh based on the HUGE proposal, the QUEUE will have a less important role. Nonetheless, it still has a good use so carefully examining all issues is a must. Thanks for pointing this important one out.

Quote:
c) ... (anyone?)
There have been several discussion about resolving an ID (similar to the ClientID [a GUID]) to an IP address, almost acting like an alternative to a DynDNS-like domain name (like DNS2GO, TZO), so an IP does not need to be transmitted at all times. However, in its current proposed form it could also cause a similar DDoS attack.

I'm glad you pointed this out, and it should have been obvious. There are a number of other areas in Gnutella that need to be addressed as well, but solutions are not always as easy to find as they may seem. I hope more people come forward in improving the vulnerabilites in Gnutella Thanks again!
Reply With Quote
  #4 (permalink)  
Old March 17th, 2002
Novicius
 
Join Date: December 31st, 2001
Posts: 2
ragger is flying high
Question

isn't this more or less an inherent problem of the gnutella protocol (and probably other p2p) ?
I could make a client to distribute query hits, pongs or pushes with a faked ip and port. That would have the same effect.

The question is how serious is this problem.

If i understand correctly, for an attack using the queing proposal, each faked request results in only one connection to the target. This means an attacker would have to generate just as much requests as he wants the target to recieve, which doesn't seem very effective to me.
An attacker could just as well attack the target directly (except that through gnutella his ip will be hidden).

The same more or less goes for fake push requests (as i see it, the queing proposal is just a sort of delayed push).

Queryhits seem even less effective as it relies on the end user to actually start a download based on the hit.
Each fake queryhit probably results in less than one connection to the target on average.

I'm unsure about the effect fake pongs would have. But i don't think they would be much more effective than the others.


Any serious DoS'er would probably choose more effective ways than poisoning gnutella.

Ok, this are some sunday morning thoughts, feel free to shoot some holes in it
Reply With Quote
  #5 (permalink)  
Old March 17th, 2002
Apprentice
 
Join Date: February 20th, 2002
Location: The Netherlands
Posts: 6
Frans Wijnen is flying high
Default

To ragger
I think you're right. From a single host you cannot do a lot of harm. The best you can do is adding the gnutella attack to your own (Gnutella's response will be delayed)

Still, it is a very simple and obvious scheme. And there is no real use for directing a queue request to a different IP.

Adding those two with a script kiddie and a grummy site operator, you get bad press about gnutella/p2p. (Like: grummy.com attacked by exploit in Gnutella)

Aan Cultiv8ter:
How's the weather in Philly?
Reply With Quote
  #6 (permalink)  
Old March 17th, 2002
Connoisseur
 
Join Date: August 9th, 2001
Location: Philadelphia, PA, USA
Posts: 358
cultiv8r is flying high
Default

Quote:
Aan Cultiv8ter:
How's the weather in Philly?
Koud en regenachtig, as opposed to a few days ago
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
ability to change own color scheme miracleworks New Feature Requests 1 September 9th, 2004 12:39 AM
Queuing questions SgtStedenko Open Discussion topics 1 November 27th, 2003 09:54 AM
Versioning scheme Quick New Feature Requests 2 November 27th, 2002 11:27 AM
Prinkey's Scheme Unregistered Open Discussion topics 0 November 24th, 2002 05:46 PM
Remote Queuing? Anenga LimeWire Beta Archives 2 August 20th, 2002 03:00 AM


All times are GMT -7. The time now is 02:59 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.