[ANet-devel] TimeToLive security hole
Status: Abandoned
Brought to you by:
benad
Menu
▾
▴
[ANet-devel] TimeToLive security hole
|
From: Benoit N. <be...@ma...> - 2001-01-17 01:41:39
|
Here's a question Mathieu sent me two weeks ago, and what I replied. Note that his question raises an important security hole that currently exist in Gnutella and that might be a problem for us. > >I see=A0a problem there :=A0=A0=A0 If the=A0network contains many nodes= and the > >query takes more than 30 secs to be passed to everybody... the query wil= l > >have an eternal life... because=A0anet wont remember that he already > >received=A0so it will receive it and send it back to every node connecte= d > >to it.=A0 If one query has an "eternal life", it will slow down the netw= ork > >and so on.... and=A0everything will be jammed in just a few queries.=A0 = If > >Anet becomes popular, this problem might happen... If we keep track of > >every query that we received,=A0it will take a lot of space since every > >query is sent to every node on the network...=A0 > > > > > >i'm done with the lecture of the first document, still have some question= s > >but i'll read on the other docs before asking... they might be answered > >there. > > > > They were, but it's very hard to see... > Similarly to Gnutella, each query will have a "TimeToLive", reduced by 1 > each time it is copied, and when it gets to 0, the packet cannot be > distributed anymore. (actually, that's what I've seen from some source cod= e > of some Gnutella clones) > > Only one problem here. What happens if one node "decides" to increase the > value of "TimeToLive"? How can we detect a node that does this kind of > spamming? - Benad |
