Gnutella scanning instead of service providers.

Ray Dillinger bear at sonic.net
Sun Aug 26 10:17:46 PDT 2001 



On Sat, 25 Aug 2001, Gary Jeffers wrote:

>My fellow Cypherpunks,
>
>   Ray Dillinger believes that scanning would assist oppressors as
>much as regular users. Joseph Ashwood agrees with this and further
>thinks that the Internet overhead of a scanner would be a serious
>problem.

   Not really.  To that extent, a gnutella scanner is probably 
already in the hands of any law enforcement types that are 
interested, and there's no reason gnutella itself ought not 
benefit from the same technology.  Better points, since I need 
to spell them out, are:

	(a) If scanning is done in a clumsy way it generates a lot 
	    of network traffic and twangs a lot of alarms at various 
	    firewalls.

	(b) scanning is a "hot button" issue with a fair number of 
	    people and could generate complaints.

	(c) complaints about gnutella scanning would be "legal ammo" 
            for people who wanted to shut it down.


I think that all network applications ought to be able to find other 
nodes running other copies of the application - but be very careful 
how you design it, so as not to piss people off.  

>   As far as Joseph Ashwood's claim that the Internet overhead would be
>too much. Is his point exaggerated? Would it be possible to write low
>overhead scanners? I do not have the "skill set" to say. Maybe he is
>right, maybe not. Anybody got something definitive to say on this?

A nice low-overhead scanner that doesn't generate complaints, would 
be a request and response on some other protocol.  If you write a 
little cgi program, say IsGnutellaThere.cgi, and have gnutella users 
drop it into their apache (or iis, or whatever) directory, then you 
can make an HTTP request on port 80.  IsGnutellaThere.cgi would run 
and check to see if the gnutella server is up and what port it's on, 
maybe check a table to find other gnutellas that it knows about,
and return that information in an http response.  

Then gnutella users who wanted to be scannable (and not all of them 
will) could drop the program into their CGI directory, and scan-enabled 
gnutellas could just learn how to make a simple HTTP request and keep 
that table up-to-date for IsGnutellaThere.cgi to access.

HTTP is low-overhead and innocuous, and there's already a hole for it 
in most firewalls.  It won't generate alarms.  A straight-up "scanning" 
approach most definitely will.

				Bear

More information about the cypherpunks-legacy mailing list