CDR: Re: Gnutella scanning instead of service providers.

[Ray Dillinger]

> On Wed, 22 Aug 2001, Gary Jeffers wrote:
>
> >   If a scanner were written and widely deployed, then I think that
> >the problem of crushing Gnutella would be at least a magnitude harder.
> >Maybe the Gnutella support sites would promote and distribute such
> >a scanner?
>
> It is important to note that knowing where the doors are is as
> important to those who want to lock them as to those who want
> to open them.
>
> Bear

I'll just reply to both at once. I think that a scanner for Gnutella may be
quite an interesting proposition, and it certainly wouldn't be hard to make.
This would be much like creating a scanner for a webserver, and Code Red has
certainly shown us how effective that can be. I think Bear hit it rather
correct when he said that it could be used just as easily by those seeking
to shut down as those seeking to look. The question then is who would it
benefit more, and what would it cost each side to use it? The legitimate
scanners would not significantly benefit from a scanner. The scanner would
effectively clog the gateways of common homes for Gnutella servers, creating
a significant hazard for using Gnutella, and creating a mass slowdown of the
connection on those hosts, which would in turn slow the downloads, driving
users to use Gnutella less. The benefits for those looking to shut down the
sites would be much greater. They could not only locate and scan the sites
themselves for prosecution, they could release the tool and create a
massgrave of ISPs that allow the use of Gnutella through publication. Based
on this very coarse analysis I think it would be in our own interest to keep
the usage of such scanning tools to a minimum, perhaps having just a few
central servers that serve up lists of Gnutella hosts.
                        Joe