Gnutella scanning instead of service providers.
My fellow Cypherpunks, Ray Dillinger believes that scanning would assist oppressors as much as regular users. Joseph Ashwood agrees with this and further thinks that the Internet overhead of a scanner would be a serious problem. I still think that scanners would be effective. Here's why: Gnutella still exists, Napster doesn't! Security does not have to be bulletproof in all cases. Gnutella is a harder target than was Napster. There may be other reasons why Gnutella is alive and Napster is dead. I would think the ability to pin blame on the target might be another reason. A scan enabled Gnutella would be a much harder target than a central service provided Gnutella. The scan enabled version would be much harder to shut down due to various kinds of expenses - legal, administ- rative, politics, etc.. Not impossible to shut down - just harder, slower, and with various expenses we would like the oppressors to pick up :-) Also, with lack of centralization, it would be much harder to pin legal blame on the servers(users). - Much harder, slower, and politically expensive. This is generally a sort of economics problem for oppressors. As far as Joseph Ashwood's claim that the Internet overhead would be too much. Is his point exaggerated? Would it be possible to write low overhead scanners? I do not have the "skill set" to say. Maybe he is right, maybe not. Anybody got something definitive to say on this? Yours Truly, Gary Jeffers BEAT STATE!!! _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
----- Original Message ----- From: "Gary Jeffers" <jeffersgary@hotmail.com>
I still think that scanners would be effective. Here's why:
A scan enabled Gnutella would be a much harder target than a central service provided Gnutella. The scan enabled version would be much harder to shut down due to various kinds of expenses - legal, administ- rative, politics, etc.. Not impossible to shut down - just harder, slower, and with various expenses we would like the oppressors to pick up :-)
A scan enabled Gnutella would reveal itself immediately to a somewhat intelligent legal team who would simply set up a cheap system that would recieve the pings, making the users _easier_ to locate instead of your assumed harder, since the legal team would not even necessarily have to ping the world themselves.
As far as Joseph Ashwood's claim that the Internet overhead would be too much. Is his point exaggerated? Would it be possible to write low overhead scanners? I do not have the "skill set" to say. Maybe he is right, maybe not. Anybody got something definitive to say on this?
It's a fairly simple problem, under IPv4 there are 2^32 ip addresses. A fast ping is a few milliseconds each ping, and can be mounted from a large connection at a large number simultaneously, so lets say 8192 attempts per second. A fast ping machine will take 2^32/8192 seconds which comes out to 524288 seconds or about 4 days. So the ping set itself would take too long. The internet clogging comes from the quantity of these pings. Let's say there are 1 million Gnutella pingers, they all of course first hit AOL because it's a prime candidate for pretty much anything. AOL has let's say 65536 addresses, receiving 1 million pings per second (approximately) which will fully occupy several T1 lines which means that the ping messages will be blocked at every router disabling the scan portion of gnutella putting us back where we are now, but with more time, more code, and more bloat dedicated to it. So we'd slow down every major network until they all block the gnutella ping messages some how, costing everyone more time, more money, more hassle, more headaches. Like it or not, the ping idea for Gnutella is a very bad idea. Joe
<color><param>0100,0100,0100</param>On 25 Aug 2001, at 16:06, Gary Jeffers wrote: <color><param>7F00,0000,0000</param>> My fellow Cypherpunks,
Ray Dillinger believes that scanning would assist oppressors as
much as regular users. Joseph Ashwood agrees with this and further
thinks that the Internet overhead of a scanner would be a serious
problem.
</color>The problem is this: there's no way that you can set this up so that random users can find gnutella servers and LEOs can't. No way, impossible, give up. <color><param>7F00,0000,0000</param>> I still think that scanners would be effective. Here's why:
Gnutella still exists, Napster doesn't! Security does not have to be
bulletproof in all cases. Gnutella is a harder target than was Napster.
There may be other reasons why Gnutella is alive and Napster is dead.
I would think the ability to pin blame on the target might be another
reason.
</color>Right. Napster is an entity, Gnutella is a protocol. <color><param>7F00,0000,0000</param>> A scan enabled Gnutella would be a much harder target than a central
service provided Gnutella. The scan enabled version would be much harder to
shut down due to various kinds of expenses - legal, administ-
rative, politics, etc.. Not impossible to shut down - just harder,
slower, and with various expenses we would like the oppressors to pick
up :-)
</color>No. The scan version would make it a little harder for everyone to find the first gnutella server to connect to, and that's all it would do. The only way a scan version would make any sense would be if it somehow became illegal to post a list of gnutella servers while it remained legal to actually run a gnutella server, a situation so bizzare I don't think it merits discussion. <color><param>7F00,0000,0000</param>> As far as Joseph Ashwood's claim that the Internet overhead would be
too much. Is his point exaggerated? Would it be possible to write low
overhead scanners? I do not have the "skill set" to say. Maybe he is
right, maybe not. Anybody got something definitive to say on this?
Yours Truly,
Gary Jeffers
</color>Atwood's numbers are based on estimates as to how many people want to use scanners, and the fact that they're pretty likely to hit the same set of addresses. If you're the only one using a scanner, it won't be much of a burden on anyone. It really wouldn't be difficult to write one. Here's the URL of the protocol spec http://www.gnutelladev.com/protocol/gdnp.html basically, all you have to do is send it a UDP packet saying <color><param>0100,0100,0100</param><FontFamily><param>Courier New</param>'GDNP CONNECT/0.10\n\n'<FontFamily><param>Times New Roman</param><bigger> </color><FontFamily><param>Arial</param><smaller>and see if you get back <color><param>0100,0100,0100</param><FontFamily><param>Courier New</param>'GDNP OK\n\n'<FontFamily><param>Times New Roman</param><bigger> it may be worth your while just to see if you can get it to work as an excercise. If you're running your own server and just look at your own IP address (use 127.0.0.1 if you don't know it) you can play with it without affecting the outside world. George</color><FontFamily><param>Arial</param><smaller> <color><param>7F00,0000,0000</param>
BEAT STATE!!!
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
<nofill>
On Sat, 25 Aug 2001, Gary Jeffers wrote:
My fellow Cypherpunks,
Ray Dillinger believes that scanning would assist oppressors as much as regular users. Joseph Ashwood agrees with this and further thinks that the Internet overhead of a scanner would be a serious problem.
Not really. To that extent, a gnutella scanner is probably already in the hands of any law enforcement types that are interested, and there's no reason gnutella itself ought not benefit from the same technology. Better points, since I need to spell them out, are: (a) If scanning is done in a clumsy way it generates a lot of network traffic and twangs a lot of alarms at various firewalls. (b) scanning is a "hot button" issue with a fair number of people and could generate complaints. (c) complaints about gnutella scanning would be "legal ammo" for people who wanted to shut it down. I think that all network applications ought to be able to find other nodes running other copies of the application - but be very careful how you design it, so as not to piss people off.
As far as Joseph Ashwood's claim that the Internet overhead would be too much. Is his point exaggerated? Would it be possible to write low overhead scanners? I do not have the "skill set" to say. Maybe he is right, maybe not. Anybody got something definitive to say on this?
A nice low-overhead scanner that doesn't generate complaints, would be a request and response on some other protocol. If you write a little cgi program, say IsGnutellaThere.cgi, and have gnutella users drop it into their apache (or iis, or whatever) directory, then you can make an HTTP request on port 80. IsGnutellaThere.cgi would run and check to see if the gnutella server is up and what port it's on, maybe check a table to find other gnutellas that it knows about, and return that information in an http response. Then gnutella users who wanted to be scannable (and not all of them will) could drop the program into their CGI directory, and scan-enabled gnutellas could just learn how to make a simple HTTP request and keep that table up-to-date for IsGnutellaThere.cgi to access. HTTP is low-overhead and innocuous, and there's already a hole for it in most firewalls. It won't generate alarms. A straight-up "scanning" approach most definitely will. Bear
participants (4)
-
Gary Jeffers
-
georgemw@speakeasy.net
-
Joseph Ashwood
-
Ray Dillinger