Re: [p2pi] FYI - "Inside the Attack that Crippled Revision3"
"Robb Topolski" <robb@funchords.com> Sun, 01 June 2008 20:37 UTC
Return-Path: <p2pi-bounces@ietf.org>
X-Original-To: p2pi-archive@ietf.org
Delivered-To: ietfarch-p2pi-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AAE9D3A6E91; Sun, 1 Jun 2008 13:37:39 -0700 (PDT)
X-Original-To: p2pi@core3.amsl.com
Delivered-To: p2pi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D7E333A6D3A for <p2pi@core3.amsl.com>; Sun, 1 Jun 2008 13:33:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.976
X-Spam-Level:
X-Spam-Status: No, score=-1.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EyVINczPDjdv for <p2pi@core3.amsl.com>; Sun, 1 Jun 2008 13:33:11 -0700 (PDT)
Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.172]) by core3.amsl.com (Postfix) with ESMTP id 3AC4C28C6D3 for <p2pi@ietf.org>; Sun, 1 Jun 2008 08:51:06 -0700 (PDT)
Received: by wf-out-1314.google.com with SMTP id 27so572604wfd.31 for <p2pi@ietf.org>; Sun, 01 Jun 2008 08:51:06 -0700 (PDT)
Received: by 10.143.1.12 with SMTP id d12mr3119740wfi.297.1212335465760; Sun, 01 Jun 2008 08:51:05 -0700 (PDT)
Received: by 10.142.186.7 with HTTP; Sun, 1 Jun 2008 08:51:05 -0700 (PDT)
Message-ID: <3efc39a60806010851n44d26110i39e09a9b5a1bcdf1@mail.gmail.com>
Date: Sun, 01 Jun 2008 08:51:05 -0700
From: Robb Topolski <robb@funchords.com>
To: Nicholas Weaver <nweaver@icsi.berkeley.edu>
In-Reply-To: <3603DD00-748E-48EF-9E9B-CBBDB39D7C1C@icsi.berkeley.edu>
MIME-Version: 1.0
References: <mailman.1848.1212007894.2345.p2pi@ietf.org> <90D8CEF754D7D9448BA11172BB5044320896CDE8@orange.brnets.int> <483e84f1.0913c00a.2f7b.76ce@mx.google.com> <6FA8D5A0-12DC-4CCD-98A7-CA63134F7E74@voxeo.com> <E9A2E1E5-2210-4916-8D38-691CD9FAA158@icsi.berkeley.edu> <DE8853D60B7D4F6C8A979E3303EA7A6C@mshome.net> <3603DD00-748E-48EF-9E9B-CBBDB39D7C1C@icsi.berkeley.edu>
Cc: p2pi@ietf.org
Subject: Re: [p2pi] FYI - "Inside the Attack that Crippled Revision3"
X-BeenThere: p2pi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: P2P Infrastructure Discussion <p2pi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/p2pi>, <mailto:p2pi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/p2pi>
List-Post: <mailto:p2pi@ietf.org>
List-Help: <mailto:p2pi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2pi>, <mailto:p2pi-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0043951709=="
Sender: p2pi-bounces@ietf.org
Errors-To: p2pi-bounces@ietf.org
I think you're right -- MD was tracking those who were exploiting Revision3's open tracker -- and/or they were putting their own fake torrents there. However, the behavior of several torrent clients I've used do not respond the way that MD did when the tracker throws an error (e.g. "Not Registered"). They will either to stop the task and wait for the user to start it again, or, wait for a minimal interval (which doubles on each attempt) and then ask the tracker again. This is not by specification, but by common programming practices with networking applications experiencing an error. With the above in mind, if they were tracking a number of different hashes, most clients I've used would attempt at least once per hash. The error response thrown for a single infohash query attempt would not apply to different infohash queries using the same tracker. Individual clients don't do enough simultaneous tasks to matter. But if MD tracks thousands upon thousands of hashids on a single tracker, they would be well advised to add some anti-hammer code to prevent hammering even though the infohashes differ. Robb Topolski On Fri, May 30, 2008 at 3:17 PM, Nicholas Weaver <nweaver@icsi.berkeley.edu> wrote: > Actually, it sounds like MD was tracking those who were exploiting > Revision3's open tracker. > > They were set up to agressively monitor, and when they found a hash in the > open tracker that was being used to host questinable material, they kept on > it. And when all those hashes all got removed at the same time, their > monitor went bonkers as it tried to reconnect to every single hash all at > once. > > At least, thats what I'd be doing. > > -- Robb Topolski (robb@funchords.com) Hillsboro, Oregon USA http://www.funchords.com/
_______________________________________________ p2pi mailing list p2pi@ietf.org https://www.ietf.org/mailman/listinfo/p2pi
- [p2pi] Slide decks from today's meetings? John Bartlett
- Re: [p2pi] Slide decks from today's meetings? Andrew G. Malis
- [p2pi] FYI - "Inside the Attack that Crippled Rev… Dan York
- Re: [p2pi] FYI - "Inside the Attack that Crippled… Nicholas Weaver
- Re: [p2pi] FYI - "Inside the Attack that Crippled… Robb Topolski
- Re: [p2pi] FYI - "Inside the Attack that Crippled… Nicholas Weaver
- Re: [p2pi] FYI - "Inside the Attack that Crippled… Ted Hardie
- Re: [p2pi] FYI - "Inside the Attack that Crippled… Robb Topolski