On Sun, 29 Sep 2002, Samuele Giovanni Tonon wrote:
> On Sat, Sep 28, 2002 at 05:36:06PM +0100, Dale Amon wrote: > > I'm curious if anyone has thought about ways of blocking > > this sort of attack before it gets to the home user? > > http://www.the-dailyrant.com/archives/000855.html#000855 > > > it depends on the attack: they say they want the > "Congress to allow them to be able to legally hack" > My understanding of this, just from some online study, is that what they are contemplating doing at this time would be along the lines of: Custom client uses the normal API of the P2P sharing services to find files that are being made available from the individuals machine, in the ordinary way of doing so. (So far that is not a hack or attack in any sense I am aware of). Then they retrieve the shared file(s) but at a very slow rate and from as many client machines as the 'server' machine will allow. Thus tying up the 'server' at it's limit denying access for as long as they can keep the connection alive. Still IMHO not a real 'attack', but may in some cases be a form of denying legitimate 'use and enjoyment' of the individual's computer. Not likely to be a cause of 'damage', so much as it might tie up lots of bandwidth through any particular ISP, when/if they concentrate efforts on some range of IP addresses. On some of the networks we oversee, we were doing some really short DHCP leases to their DSL customers. Got only one complaint, and it likely was a user whose P2P sharing was hampered. But we decided for other reasons to lengthen the default and allowed leases to 14400 and 7200 seconds anyway. (We were using 3600 Max and 600 Default for the trial period). Mostly we wanted to see if we could get more efficient return of ip addresses to the DHCP pool. And gather stats on how long customers were actually leaving their systems/bridges (call them modems if you want) on. Turns out to be about two hours per session. I personally thought that we had somewhat fewer questions and complaints about 'hacking attempts' from those customers for the duration of the experiment. But it really is not common enough to get complaints that there could be any statistical validity, and other influences could easily be the cause of perceived reduced complaints. > so it seems not specific to p2p flaws but by using > any known flaws of the target system. > How can you block them ? the same way you block > normal "hackers" . Really, from what I have read, the way to block it would seem to be to limit how many slow connections the P2P software would permit. > > I think it is especially important to those of us > > who are not under US law, living in places where such > > activity would not only *be* criminal, but would be treated > > as such under law. Not at all obvious that it would be criminal anywhere if the so-called hack is as I saw described. > it depends on the "agreement law" between your country and US, > Anyway they should cooperate with the local country police, > because (fortunately) DMCA is not a "global law"; so they can > be persecuted if they hack on to my pc that is outside us law; > if not, well, there would be so many law about privacy, private rights, > local law that were breaked, that i should start to think of living > in a world with a "us dictatorship", and that "1984" is now true. But is it a problem if someone just hogs the available connections that your software is able to form? Doing nothing other than what you set it up to provide, but much slower? > Anyway, Stay in touch with debian security updates and watch your logs :-) > > Regards > Samuele > Standard disclaimers apply. IANAL. Not anyone's opinion except my own. No warranty. Do not eat anything bigger than your head.
