Gnutella scanning instead of service providers.
Ray Dillinger
bear at sonic.net
Sun Aug 26 10:17:46 PDT 2001
On Sat, 25 Aug 2001, Gary Jeffers wrote:
>My fellow Cypherpunks,
>
> Ray Dillinger believes that scanning would assist oppressors as
>much as regular users. Joseph Ashwood agrees with this and further
>thinks that the Internet overhead of a scanner would be a serious
>problem.
Not really. To that extent, a gnutella scanner is probably
already in the hands of any law enforcement types that are
interested, and there's no reason gnutella itself ought not
benefit from the same technology. Better points, since I need
to spell them out, are:
(a) If scanning is done in a clumsy way it generates a lot
of network traffic and twangs a lot of alarms at various
firewalls.
(b) scanning is a "hot button" issue with a fair number of
people and could generate complaints.
(c) complaints about gnutella scanning would be "legal ammo"
for people who wanted to shut it down.
I think that all network applications ought to be able to find other
nodes running other copies of the application - but be very careful
how you design it, so as not to piss people off.
> As far as Joseph Ashwood's claim that the Internet overhead would be
>too much. Is his point exaggerated? Would it be possible to write low
>overhead scanners? I do not have the "skill set" to say. Maybe he is
>right, maybe not. Anybody got something definitive to say on this?
A nice low-overhead scanner that doesn't generate complaints, would
be a request and response on some other protocol. If you write a
little cgi program, say IsGnutellaThere.cgi, and have gnutella users
drop it into their apache (or iis, or whatever) directory, then you
can make an HTTP request on port 80. IsGnutellaThere.cgi would run
and check to see if the gnutella server is up and what port it's on,
maybe check a table to find other gnutellas that it knows about,
and return that information in an http response.
Then gnutella users who wanted to be scannable (and not all of them
will) could drop the program into their CGI directory, and scan-enabled
gnutellas could just learn how to make a simple HTTP request and keep
that table up-to-date for IsGnutellaThere.cgi to access.
HTTP is low-overhead and innocuous, and there's already a hole for it
in most firewalls. It won't generate alarms. A straight-up "scanning"
approach most definitely will.
Bear
More information about the cypherpunks-legacy
mailing list