'Rewiring' file-sharing networks may stop attacks

A proposed US law permitting attacks on peer-to-peer file sharing networks to disrupt illegal copying could be undermined by research from Stanfords computer science department.

Peer-to-peer networks let thousands of personal computers communicate with each other so that users can search each other's hard drives for files.

Some sections of the US entertainment industry are so concerned about copyright infringement on peer-to-peer networks that they are pushing for new powers to put a stop to the activity themselves. The plans have outraged many peer-to-peer network users and civil liberty campaigners.

A US bill proposed in July 2002 would give copyright holders the legal power to attack the computers of file sharers suspected of piracy. Experts say it would be relatively easy to log on to a network and deliberately overload suspected users with fake requests for a file, by misinforming other "nodes". This is similar to overloading a web site with fake traffic in a "denial of service" attack.

But Neil Daswani of the Database Research Department at Stanford University and Hector Garcia-Molina, the head of the Computer Science department believe it may be possible to redesign peer-to-peer networks to protect them against such attacks. Daswani says this may also guard these networks against malicious computer hackers. He told New Scientist: "We were interested in both protecting the network from being shut down and protecting individual users."

Read the entire article here

Woohoo! That James Taylor song, "You've Got a Friend" is starting to play in my head.

Its not going to work. Networks can easily be made attack resistant, but we are not talking about a script kiddie and a ping of death. This is the RIAA and some hired online goons. Their idea of a technical attack involves a T3 line or above and a cluster of pingflooders, or a mass spoofing campaign using several million virtual clients and a lot of bandwidth. They want those networks down, and they dont care how much of the internet gets caught in the crossfire. I hope they accidentially DoS a corporate lan.

Well, that's great.

If the RIAA does completely fuck up, and burn some computers, and clog up the net, WHO IS GOING TO KNOW?

Who the hell is our voice in this, being a pain in the media's butt to publish OUR side of the story? Where where where?

Folks, we better organize quickly here. It's been fun and games up until now, but we better have an organized voice or we're gonna be lost here...

This law would be in conflict with the Cyberterrorism laws of 2001, and would most probably have the loophole of allowing pretty much anyone then to attack comptuer simply because they suspect there is copyrighted material.

Besides, most P2P nets are undergoing a rewrite at this time anyway to prevent malicous users that do this just because, so they may not even be affected.

I suspect if this law passed, it would be quicky shot down anyway, so no worries. We can go on with life.

Lars: Take something, will you? Sheesh. Computers can always be restared, IPs changed, net blocks banned from routers, etc. Nothing worth mentioning. If everyone made a huge stink every time a web server, file server, or terminal server got burned, slashdot would be constantly cycling it's stories .

What a f*ckin' bullshit to allow people to 'hack'!
It's like realeasing everyone who ignored a red sign from prison and then outlawing them! Gee... What's next?!

Actually the entire point of the p2pppa is to add loopholes to other laws includeing those cyberterrorism laws to allow copyright holders to hack, so the cyberterrorism isn't likely to be a huge problem.

If it does pass, and even the current political climate will need an unusual level of stupidity to pass it, it probably wouldn't last long. Not because its a bad idea (althrough it is), but because there would be a sudden rush of angry ISPs, backbones and companys with DoSs lans complaining, and then some ISPs lobbying.

Part of the current rewrite work is adjustments to limit who can use it. The original version allowed just about any copyright holder to use it as a defence. The new version will be more limited, probably only allowing large companys.

Okay, that's someone who knows what he's talking about! I wish there were more of those people here@DMusic in stead of many people, like me, who are just yelling around what they think about something they know nothing about!

It can't pass.
I mean the congress whould have to smoke 1/2 lb. of coke to eve consider it!
It is compleetly unconstitutional.
If record companies could hack then I'd make a music company and hack the other companies and say I thought they had my music illeagly.
It is basically vigilante.
If they are allowed to f up our computers we can F up theirs!

Yeah, this point's already been made. It's total vigilantism. There's no way it'll pass because for every hacker the RIAA can hire or train, there will be a hundred hackers capable of making the RIAA hackers look like script kiddies. Then REAL vigilante justice will begin...

Vigilantism exactly... It's the same as saying yeah that kid stole my lunch money so I should be allowed to beat the crap out of him. No-one in their right mind will pass that law, and even if they do, no court will uphold it when it gets challenged.

Lars: no-one will ever stop p2p (until something better comes along), 10 RIAAs wouldn't be enough to sweep the millions of people using it under the carpet...

It isn't merely vigilantism . . . it's police-state-style fascism with a dash of Leninism, Stalinism, Maoism and Castroism added on. These exact same kind of tactics, as I've noted before, are already employed by Communist regimes like China and Cuba as a weapon or weapons against political dissidents and independent journalists who organize over or communicate via the Internet and E-mail. And the motives are pretty much the same: To maintain their respective strangleholds of absolute power over everything and everybody at any and all costs. "P2PPPA" is nothing less than but one aspect of the multinational entertainment-media complex's "digital coup d'etat" against the masses.

I agree congress would have to be almost unimaginably stupid to pass this. But never underestimate the combined power of the television, movie and music industrys. Remember these groups have experience lobbying. They have entire departments devoted to manipulateing polititions. And they have lots of money. Its unlikely, but it could pass. If it somehow does it still wont last long. I can predict exactly what would happen:

The many large copyright holders would either set up hacking departments to hire another company to do it for them...
These hacking departments would consist of a number of p2p clients mapping networks and a few poorly-trained hackers directing a huge DoS machine at importent targets - large sharers and important points in the network...
Unfortunatly them them some of those large sharers will be on company systems to use the office broadband, and the rest will be using ISPs. Neither of those groups will be too pleased...
The lawyers will start their work, as various ISPs and lan-useing companys sue for damages...
The whole situation will get out of control until there is no option except to remove the offending bill

And the effect on p2p networks? Absolutly disasterous, will completly ruin them. But as fast as they shut them done replacements will be started. Worst that can happen is a return to IRC and FTP warez systems.

remember the private network option we had in gnotella? why dont we impliment something like that in some of these modern clients? Join the Electronic Frontier Foundation www.eff.org, they are our voice. (US MILITARY FYI this organization is in your combined federal campaign book)

With windows, I have sygate firewall and zonealarm firewall running. Sygate blocks the 3 blatantly obvious spoof ips. Zonealarm is set to high on both zones. I am soon to be getting a router. I use xpantispy and spybot. I want to see them try and hack me!

Thasp, your system is so well secured, but I'm seriously asking: With all that security, how are you able to fileshare?

Honest question here.

LIMB

Sygate and zonealarm ask me as soon as a program requests to go online if I want to allow it to go online. I simply give gnucleus the right to go online. Sygate being able to block those 3 ips is a Godsend though. What shall I do when I install SuSE LInux 8.1? *sigh*

i'm busy working on an idea "GNetReactor". i'm also going to make a fakelist script that apps could use... neet idea, eh?

I think ipchains can be used to block ports.

Dont bother trying hosts.deny, it only workd on inetd services.

Ok Thasp then you aren't safe. The riaa hackers will be using your own filesharing software to block you. A DOS attack will flood your open ports you told zone alarm to leave open for the gnutella client, and the client will shut down. Firewalls are no safeguard if you tell them to ignore a certain program.
GoldenPI: Do you think they would win if they sued? They had copyrighted material on their servers. People have gone to jail for that. Plus dont forget AOL-timewarner is the biggest isp there is and it is involved in this. Microsoft is #2. Anyone shared microsoft software lately? I think they would look the other way also.
And Graduates from MIT and the like who are hired by companies like that are not "poorly trained". A stanford student proposed the changes we are discussing. You think he'll get a job offer with a large salary? You bet he will.
Here's another thing they are doing:
ever downloaded a file and it wasnt what it said it was or it was a 600mb video of a blank screen? Who do you think shares stuff like that? It is put there by riaa. Lets examine how this would work. Its real simple really:
Guy installs Kazaa for RIAA
searches for a copyrighted program.
finds it on Joe Blows computer
does a search "more files from same user"
has a script running that does it over and over again. Joe blow's connection drops to 0kb/sec and loses connection with central server and client disconnects. Pretty simple huh?

Do their attacks work on Linux yet? Hell Linux has 1 virus or 0 as I know of. They make the security patches within 24 hours. Let em try to hack my linux laptop!