Re: Guntella Built-in DoS

From: Brian Smith (avalon73@arthurian.nu)
Date: 09/06/01


Date: Thu, 6 Sep 2001 16:05:36 -0400 (EDT)
From: Brian Smith <avalon73@arthurian.nu>
To: Robert Stoll <bob@esr.com>
Subject: Re: Guntella Built-in DoS
Message-ID: <Pine.LNX.3.95.1010906155906.14262A-100000@camelot.arthurian.nu>

On Thu, 6 Sep 2001, Robert Stoll wrote:

> The problem is that the software has no way of verifying what values the
> user has set, which of course can lead to mischief. I can set the
> advertised IP address and port to arbitrary numbers and the result will
> be that the target machine will be bombarded with hundreds inbound tcp
> connections from Guntella clients looking for information. Do this with
> enough clients and you have a re-incarnation of the old Smurf attack.
> As of this writing, I have verified this with the Gnotella and LimeWire
> clients. I will be testing other clients as well but I am confident
> they will work the same way.

What you're saying is correct... it's something in the Gnutella protocol
itself and, even if none of the clients out there let you specify an
arbitrary IP address to advertise, you'd still have those out there that
could write something to get into a Gnutella network and start falsely
advertising itself. It wouldn't be that hard at all for someone who is
familiar with the protocol.

Any DoS that could result from this is kind of limited, though, since
every Gnutella client is not going to connect to every other client's IP
that it knows of... they usually keep a cache of client IPs that are out
there and connect *up to* a certain, usually user-specified, number of
other clients at a time. At least that's how it's worked in every
Gnutella client that I've seen. With every client doing routing in the
network, there's simply no need for everyone to connect to everyone else,
so no one does that.

----------------------------------------------------------------------
Brian Smith // avalon73@arthurian.nu // http://www.arthurian.nu/
Software Developer // Gamer // Webmaster // System Administrator
Friends don't let friends wear Speedos. Ever.



Relevant Pages

  • Re: Default-First-Site-Name
    ... >So clients are not calculating which DC at what site to ... replica or must go on when a site log-on and no cache exist? ... > to that site and some of those DCs will advertise themselves in the ...
    (microsoft.public.windows.server.active_directory)
  • RE: message 10035
    ... request id ... this is consistent for the same clients no matter what i advertise to them. ... What can i do to make my clients see their DP? ... > program will start once the download has been successfully completed. ...
    (microsoft.public.sms.swdist)
  • Re: Software Advertising Problem
    ... Do the clients have the advertised programs client agent enabled? ... >> Kim Oppalfens ... >> MVP SMS ... >>> advertise any software packages to the clients. ...
    (microsoft.public.sms.admin)
  • Re: Non Mandatory Advertisements do not work
    ... If I advertise a package with out assigning it the it does not ... On one of my clients I noticed that the following in execmgr.log: ... I noticed that the Presented Programs key does not get populated on as it ... Advertised Programs Applet remains blank gey. ...
    (microsoft.public.sms.admin)
  • Re: Buisness with John Sisiker
    ... I heard that if you book with Ray, Sisker will send you a duplicate set ... Perhaps Nonymous was trying to see if there were any real clients of J ... advertise here. ... Business must be down for some TA's to have their clients post fire storms ...
    (rec.travel.cruises)