Slashdot Mirror
Gnutella Vs. SPAM
darekana writes: "I know you've heard the quote: 'Every new medium will be used for sex.' Well, every new medium also appears to be used for advertising.
Gnutella vs. Flatplanet.net who will win?
From the 'ShareZilla' developers' mouths:
'When the fine folks at Gnutella find a way to filter ShareZilla, we will figure out how to get around their new filters. A subscription to ShareZilla entitles you to that new version of our software at no additional charge.' Beyond the $74.95 (US) initial charge that is."
This isn't +3 insightful, its -1 Troll. And well below Mr So-called-lawyer's usual high standards as well.
He hasn't even read the article for god's sake.
Idiots.
Simon - who originally moderated this down, and wants the points back since the battle's clearly lost.
I worked for a tv station. You know those crappy infomercials selling stupid widgets that cost 29.99, etc?
.02
EVERY time that infomercial runs, the company has paid $2500-$5000 or more! How many losers have to buy that widget to pay for the run? The same ones keep running and running and running. They would not keep paying to run the infomercial if they were losing money...so someone out there is buying, and enough to justify the cost of sending.
maybe we need to organize some kind of campaign, like a public service announcement, to discourage people from buying anything they see advertised this way, along with a public list of companies and their execs who insist on using offensive advertising models. Build it into the next revision?
my
The first thing we do, let's kill all the lawyers. Shakespeare, Henry VI, Part 2, Act 4, Scene 2
Yup, using the spammers srength against them - Spamido. Static filtering ain't going to work.
I think I'd have the client check a few different searches and block anything that appears in all of them. Pass the information about the spammers to other clients as well maybe to make it more effective?
Government of the people, by corporate executives, for corporate profits.
I can see another spam-cancelling service arising from this, too. Once each server has to confirm its existence before its search results will display and the anonymous spam problem is dealt with, it wouldn't be at all difficult to generate random queries and look for returns that have the characteristics of spam. Once a spamming host is identified, it can be put in a blocklist (or hacked, or DDOS'ed, etc). The mind boggles at the possibilities.
--
Time is Nature's way of keeping everything from happening at once... the bitch.
Check out blocks http://www.kripto.org/blocks/, which recently appeared on freshmeat
In the blocks model, servers spin off into pods of 10. The 'blocks' of information are then routed through different pods, the origin IP and destination IP aren't known unless you have compromised all the pods in between.
An advantage of the pod model is that it would be easier to kill.spammers.dead pod A could voluntarily drop connections to adjacent pods if people in the pod B (the evil pod) has been feeding crap. pod A could trust adjacent pods that have been reliable in the past, they transmit a message to drop pod B from the loop and pod A does so.
A neat little system, and the cool factor is that multiple versions of the client could implement their own threshholds, filtering policies etc. You get organic filtering as the protocols that actually keep spammers out become the favored clients.
-spRed
disclaimer, I have no affiliation with blocks, and it has some protocol difficulties of its own. (but I do think it is on the right track)
.sig Karma out the wazoo, better to spend points elsewhere if this is above 2 or below 0
That's really easy. This is being sold to companies, not consumers. So suppose it takes a programmer 2 days to write an easy-to-use program. No matter how much they pay, that's a LOT more than $80. In fact, it's $80 only if they pay the programmer minimum wage.
---
Somebody else raised the very legitimate question of how this would effect clients behind firewalls. Would a change in the protocol, accomodating a proxy server or firewall IP address relative to the client, help? I ain't no IP guru, just curious.
Stop by my site where I write about ERP systems & more
Sure, any filter approach will turn into an arms race as people come up with new ways of avoiding filters, and their opponents come up with new ways of catching them.
So have some trusted authorities that moderate stuff - they don't have to be centralized... For example, just like we have warez groups now that release stuff and crack stuff, we could have groups that test stuff out, make sure it's quality, and pgp sign it to give it a seal of approval.
Then, you could program your client to check for that signature on anything you download.
--
--
Mod up a post Rob doesn't like and you'll never mod again
You mean like: Free naked Natalie Portman pictures here. :)
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
Florida is inexpensive - a 3/2 house runs around $100k. In most counties, your 'homestead' is protected in bankruptcy proceedings - scam artists can hang on to land and buildings up to $1 million when their schemes unravel. No state income tax, so add 6% to your take-home. The weather is nice if you like Turkish baths and lightning). We have beaches where the water is warm. And what snake-oil salesman wouldn't feel at home with alligators in his backyard??
As long as we're on the subject of Gnutella abuses, can anyone explain to me the weird Usenet addresses I'm getting when I do GNUtella searches these days? Things like:
e aky/things/done/with/dishware/17852: How to turn a plate into a vibrator - pladiddilio@asjkgfasg.com
...only I get about 60 of 'em for any search. Is this some kind of strange ad? Or what? I had the feeling these filenames might actually be randomly generated just to take up space and slow down the Gnutella net, or something. But overall I don't see any point in it.
www.usenet-replayer.com/short-archive/part/alt/fr
The link to flatplanet.net is /.ed already it seems. I assume that they are distrubting advertisments in what appear to be files that people are looking for. I'm sure there's something to differentiate them from the other legitamite files on gnutella. flatplanet's gnutella nodes most likley report themselves as being a very high speed to entice users for example. Also, aren't the images that are really adverts going to be a fixed size, I don't think many people expect their porn images to be the filesize of a banner ad.
Shine on, you crazy diamond.
Geez, all I thought there was down there was blue-haired little old ladies from Binghamton who weren't strong enough to start the snowblower anymore.
Are you kidding? We're the beating heart of the porno movie industry, baby!
Also, the primary import location for nearly every drug except marijuana. That, we just grow. 2nd would probably be the CIA's fields in Arkansas.
--
Besides, If you're downloading anything that has a filename like "MAKE MONEY FAST - WWW.SPAM.COM.exe", you deserve to be infected. In fact, you deserve to be shot.
.exe? .com is already an executable file under DOS systems.
Why the
Actually, though, it strikes me as very strange that there so few (in fact, none that I've heard of) file.com viruses that masquerade as URLS. It seems like a filed called "Go To Weirdxxx.com" would fool a lot more people than one called "Love Letter for You.vbs". I'm sure plenty of people have already thought of this, so - can anyone give me an explanation why it isn't seen?
"Beware he who would deny you access to information, for in his heart he deems himself your master."
Like any true spam promoter on the Internet, alas, they will most likely move their operations and continue with their unethical practices. :P
Thanks for reading, and not spamming,
Al Gordon
Sr. UNIX Systems Administrator
DSL.net, Inc.
http://www.dsl.net/
After spending two weeks playing with a limited-depth trust model for Gnutella, you come along with an idea that kicks my ass?!?! Why is this fair?!?!?
This is probably the best answer, snagging a large chunk of spammers and easy to implement, although I'd use comparitive lists of stuff, and not random words. Search once for Pink_Floyd-Have_a_cigar.mp3, then 'CIT coffee mug', then for 'The Phantom Menace', and finally 'K3w7 W4r3z d00d'. Blacklist anyone that responds to more than two.
.sig: Now legally binding!
Actually, I'd liken it more to stickers with ads stuck to the pages of the library books.
Obscuring the text you're wanting to read, you'd have to peel the stickers off the pages (and occasionally lift the text you want to read with them) before you could actually make such a defaced book useful again.
I'm sure that legitimate Gnutella sharing servers will still be in there somewhere, but I really don't like the looks of the future Gnutella if this system is allowed to survive.
Imagine getting 100+ responses to every search, 96 of each responses being from spam. It would take forever to find anything, effectively killing Gnutella's usefulness.
Perhaps the RIAA/MPAA had something to do with this?
I suggest we take steps to destroy it now. Anyone have an offshore ISP that is immune to legal action from yanking Sharezilla's website?
Man, oh man, if only I were in high school again. I beat the snot out of a kid who was tearing the pages out of books because he was too cheap to use the photocopier. (I was a bit of an unorthodox library geek back then, and while I was also an autoshop grease-monkey and an electronics lab terror, I've always loved books.) Anyone who assumes that nerds are placid sheep is an idiot. I see a wonderful parallel here... do any Slashdotters have nothing to lose?
Fire and Meat. Yummy.
Hash cash (no, it's not paying for access through the distribution of drugs). Basically, it is a way of ensuring that the server receiving and acting on a request must spend a certain amount of time computing some function of the input in order to be able to send information back. This normally would not bother a typical user who would only need to respond to requests that match a real file if you set the delay to something like a tenth of a second on a normal computer in use today. The amount of work that needs to be done could be increased to keep up with the growth in speed of computers.
A possible protocol based on hashing:
*Each client selects a random nonce constructed by appending n bits to a representation of the current time in seconds, as well as a header describing how much hash cash would be needed for a valid response.
*Any software receiving the query would be required to construct say x different collisions on the first y-bits of the hash of the nonce, with the input restricted to appending more information to the random nonce.
*If the original client does not a receive a reply containing valid, distinct units of hash cash, the client silently discards the information and places the offending IP on a blocklist. The original client keeps track of the last m units of hash cash to prevent duplicates.
*Each client may set its own threshold for how much hash cash will be needed for a valid reply. Responding clients may choose not to respond if it decides that too much hash cash would be needed.
There are many other alternatives that offer even more control over how much work would be required.
Just a theory =)
---
-
ping -f 255.255.255.255 # if only
In the GNUtella network, any sort of information is allowed. So yes, you could add your ads to the whole mix. However, subverting the system to return false information is not kosher. In this case, it's not the same as simply having a similarly named file. They respond to each and every request the same way. They are not adding to the system. They deserve to be filtered.
How would those clients on your LAN handle a Push request? By GUID? What I was thinking of was something similar to a Push request, just to verify that there is someone on the network at that IP address or GUID, I guess...
Stop by my site where I write about ERP systems & more
You are Joe Cool-Hacker, a coder of such prodigious and long-standing skill you make Hiro Protagonist look like B1FF. You are invited to an expensive lunch by an oily but well-heeled guy who wants to discuss a project with you. After the initial pleasantries, Oily Guy gets to the point.
"I have an idea that's going to make millions, and I need someone to write it," says Oily Guy.
"And that is?" you reply.
"It's a new form of advertising."
"Uh...," you begin to say.
"Hang on, let me finish," Oily Guy insists. "It's not 'spam' like you guys like to call it. It's search-based. The ads are offered in response to legitimate searches from Gnutella clients. So unless the user initiates a search, they don't see anything."
You are dubious, but you remain cordial. "So the ads aren't sent unless the received search terms match ad's subject matter."
"Well, that's certainly a possibility," Oily Guy responds.
"What do you mean?"
"Well, the advertisers needs the ability to be as narrow or as broad as they wish. So they could respond only to detailed searches or, if they have a broad-appeal product, they could respond to everything."
"Everything," you deadpan, eyes fixed on Oily Guy.
"Yeah. Just like TV ads. A lot of times the ads have no bearing on the program, but they're still effective."
"Doesn't that diminish the value of the resource? I mean, if you opened the phone book to the plumbers section and got listings for sex clubs, doesn't that make the phone book useless?"
"This ain't a phone book. It's the Internet. And the real results will still be there; there'll just be a few ads in with them. It's not like this is illegal or anything. C'mon, there's tons of money to be made here. Aren't you interested in getting rich?"
At that moment, the server arrives offering fresh coffee. Do you:
The person(s) who wrote this software needs to be identified and blacklisted from further employment in our community. This kind of ethical bankruptcy must not be supported or allowed to continue.
Schwab
Editor, A1-AAA AmeriCaptions
But the client at the false IP address, even if it's on the Gnutella network, wouldn't have the file "www.flatnet.com blah blah blah", so the verification would fail. I'm thinking that you pass the file name (not just the search string) in the verification request.
Stop by my site where I write about ERP systems & more
Basically, it is a way of ensuring that the server receiving and acting on a request must spend a certain amount of time computing some function of the input in order to be able to send information back. . . The amount of work that needs to be done could be increased to keep up with the growth in speed of computers.
I fear that your entire premise is flawed. A system like this might work for a clearing-house system (e.g. Napster), but fundamentally infeasible for a distributed system such as Gnutella (see title).
In a Napsterish system, this would be an easier task, as you would only have to deal with one server. Gnutella, on the other hand, deals with numerous servers, and source is available allowing any would-be spammers to easily circumvent any safe guards built into it (and they could just tell their server to route to different servers for each request until the time limit is up or whatever).
[We are assuming that spammers have half a brain, but enterprising companies like the makers of Spamzilla, whose server was first slashdotted, and then apparently taken down, would probably be more than happy to create such as system.]
Furthermore, how can "The amount of work that needs to be done . . . [inccrease] to keep up with the growth in speed of computers?" Aside from any problems mentioned above (distributed nature, source availability), how would you ensure that someone would run the "correct" version for their hardware? Hell, Linux can run on a multi-processor Sparc or crawl on a 386. People don't upgrade all of their systems everytime a new top-of-the-line system comes out and it would be impossible to force people to choose the right settings.
Many users of Gnutella wouldn't be completely sure how to set the correct versions, and though an auto-detect feature could be implemented, it still is not perfect. Many people may find an old version and decide to use that.
There are many holes in your argument (and this may not be the most lucid rebuttal) that stem from your attempt to divide Gnutella in to a client/server setup, when it is actually a client+server setup. Moreover, your system would be impractical to see through to completion.
We believed that we've fixed this problem in Freenet. We only send the hash of the key ("filename", "search string", whatever) into the network, but the file is signed with the unhashed key. Results that are not properly signed are automatically rejected. The result is that a node can only return a file (and have it accepted) if it actually has a file inserted under the same key. It can't fake it. Of course, we don't have searching. This only stops spamming when you actually request a file. Searches have to be transmitted in the clear. To make that harder to spam you need a web of trust system with reputations and ratings so that you can find good, valid content.
How do we make it stop?
I don't know. I'd sure like some ideas. But I think the most cost-effective way to do things is the moral equivalent of the yellow pages. If I want a given product, I'll go searching thru an index, and at that point I'm asking to see ads. I *might* be interested in a "what's new" area... anonymously tailored to my interests. Other than that, I prefer my world ad-free... and for damn sure I shouldn't be having to pay the freight for anyone else's content (banner ads, popups, or anything else that wastes my bandwidth). If I'm getting a service for free (radio, broadcast TV) that's one thing, but if I'm paying, real content only, please. Anything else is just going to annoy me, or worse.
--
Do not meddle in the affairs of the BOFH,
for he is subtle and quick to*#![[NO CARRIER
The one bone-dumb idiot in 10 million who responds to "MAKE MONEY FAST" spams and pyramid schemes. And once Mr. Spammer has their credit card number, it's mission accomplished...
It's not so much the what as the how. If someone were doing this with ANY OF THE CATEGORIES you mentioned -- making every search return an exact match to a renamed file which turns out to be child pornography or bomb making instructions every time -- you'd better believe they'd be taking the same heat, and rightly so. But of course, where's the money in doing that?
Legal commercial advertisements are fine, but this delivery method is NOT. They are not being censored. Imagine if you were looking for a book in a library, and you picked a few up and checked them out, only to find that although the cover looked like the book you wanted, ALL OF THE INSIDE PAGES WERE ADS. Imagine that this happened with every book in the library. You can see how this would piss people off no matter what was in the book -- the point was it's not what you requested.
Seth
$5 / month hosted VPS on linux = awesome!
That's probably what's stopping of spam difficult.
Let's think about this. When you spam, you are advertising a product/service. YOu have to leave some sort of legitimate contact info so people can buy YOUR stuff., SO, logical choice would be to call their 1-800 order number and bitch the hell out of them, right? What if the spammer was advertising someone else?
So I guess that would leave it to go directly after the spammers themselves, whether it is a legitimate or a competitor's phone number/mailing addy. Argh.
flatplanet.net wrote a program which spams gnutella. When you perform a search for anything, the flatplanet program returns half a dozen results saying things like F.L.A.T.P.L.A.N.E.T.N.E.T. - [word you searched for here]. They sell the software that they use so that anyone can spam gnutella. Some clients have spam filters and are set to filter out flatplanet by default.
Gnutella users are distributing copyrighted recipes to make their own pink ham based luncheon meat, perhaps you've heard of the Open Sandwich Movement. If not, do a web search on Richard M. Stallham.
Hormel is suing Gnutella, and has a cease and desist order, saying they're losing sales and not recouping the immense amounts of R & D money they've spent creating such delectable ham based foods.
Critics of Hormel say that since SPAM has been around since WWII, they've long recouped their initial investment.
Thank you,
George
Hmmmm, is anyone else seeing the possibility to transmit macroes or virues this way?
This is one of the clearest examples of network abuse I've seen. These people seem to have fewer scruples than the average script kiddie.
It's unfortunate, but people are going to have to start designing applications and protocols with this sort of deliberate abuse and subversion in mind. (Of course, protecting against it is easier said than done...)
Deven
"Simple things should be simple, and complex things should be possible." - Alan Kay
Your rebuttal derives from a misunderstanding of the protocol that I proposed. Every user selects their own threshold for how much work they want others to have to do before their *own* client will choose to display results. In turn any user receiving a request can set a threshold for how much work they choose to do in computing collisions; if the user decides that computing a 19-bit collision would take too long on his/her computer, the program would simply drop the request. The argument that different servers could be routed through is true, but irrelevant: the primary filtering will occur on the client that has sent the query and intervening servers (if any) may choose to ignore the hash cash if they choose (although this would result in slightly lower utilization efficiency, in that if intervening servers *did* check the hash cash to meet *their own* threshold, blatantly obvious spam could be dropped immediately). The scheme is based that if enough proportion of people set reasonable thresholds (that they decide personally is sufficient for imposing a great enough cost of spammers while only causing a reasonable delay for other users), it will develop an immune system of sorts against mass spam, whose senders would find it impossible to do the computations that would meet the general threshold standards. The system is in fact rather easy to implement; I might consider writing the patch myself and submitting it in a week or so.
A search on Google turned up only two hits to Sharezilla. One was the site mentioned in the article; the other was this comment from a /. article posted last month. Could be helpful.
For more information, click here.
First off, check "Jonathan Byron"'s reply. He summed up many of the points quite nicely.
But I just have to chime in, 'cause I recognise the address.
Knights Krossing is a notoriously shadey apartment complex directly across the street from the UCF campus, at the corner of Alafaya and University. I actually used to live about three miles west of there on University.
The complex caters to the least responsible of all the college students there. You rent a BEDROOM in an otherwise (poorly)furnished apartment. Each unit has four of these bed/bathroom combos, and you get paired up with roommates at random if you don't have a group of four. Utilities are included in the rent, but between the four of you, you still wind up paying about twice what it would cost if you were responsible enough to be able to pass a credit check and rent a house. But then, there's totally insufficent parking there, perhaps being right across the street from campus, mabye you make up for the price by not maintaining a car.
Basiclly Knights Krossing is (for the most part) where you get the 'rents/government to pay for you to live if college is simply 13-16th grade (or 17th or 18th as the case may be). I'm talking party central here. Any given night you can drive in there, park in a guest slot (or you WILL get towed) and find a kegger or five open to anyone who staggers up to the door (drinking age? what's that?). It is also where you go if you want to score weed or ecstacy or acid (or possibly something worse) and you don't want to head over to the bad part of town.
*LOTS* of dubious "business" deals go on there. From chem majors selling their cooked up batches of LSD, MDMA, and GHB, to CompSci majors running spam or porn sites (in at least one instance I know of, the FILMING of said porn was done in a Knights Krossing unit too). It's across the street from UCF, so there's bandwidth aplenty, both cable and dsl), and UCF does have a fairly good CompSci program (graduate, at least... undergrad classes are rathar lackluster).
Also, if you note the "technical" contact, you'll see "adelphia.com" adelphia is a notoriously WRETCHED cable company that, in Florida, just HAPPENS to employ a fair number of UCF grads.
Funny how it's such a small world after all...
john
Resistance is NOT futile!!!
Haiku:
I am not a drone.
Remove the collective if
Imagine all the people...
Forget their money. I want nana's cherry old rust-free low-mileage 1974 Plymouth Scamp.
(Let's face it, Florida's roads will be safer if she takes the bus to bingo instead. Scamp vs. Honda = slightly dented Scamp, completely flattened Honda.)
Fire and Meat. Yummy.
I read recently in 2600 magazine, an article about how to deal with spammers. According to the article the best way to deal with spammers is to waste the only resource of thiers we can, time. What we do is when one of these spams pops up, we goto the website and email the webmaster or thier service provider, complaining that the file they advertised was not available on thier website. Demand they make the file available. If you are really mean, suggest you will file a complaint with thier local Better Business Bureau or Chamber of Commerce. Better yet, do searches on copyrighted MP3's and then turn them in for illegally distributing copyrighted material, this has a special irony to it, turning the two great evils of the Internet against each other.
Jesus died for sombodies sins, but not mine.
"Our products just aren't engineered for security,"
-Brian Valentine,VP in charge of MS Windows Development
... but that summary was incoherent (did CT remove some text somewhere) and I'm left with absolutely know idea of where the spam is or how or why. Can somebody explain the story to me, for those of us without osmosis and who don't know the story?
Free BeOS, runs from a Linux partition
I can't say I like it, but then again, I can't say anything bad about it either. If you want something to be completely anonymous, then you have to deal with everything that comes with that. Sure, you can copy MP3s and warez and whatever else anonymously, but anyone else can use it anonymously to advertise as well. People seem to think that anonymous is great because they can break any law and copy anything they want and can't get touched, well, these people think the same thing. So you get ads with your warez and illegal MP3s, that is something that comes with being completely anonymous. I don't like it particularly, but what they are doing isn't any more wrong than copying software, movies or music on gnutella (which is primarily what it is used for). But that won't stop people from screaming about it because it may inconvience them while they get things they should pay for for free.
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
Kinda like eugenics for distributed file sharing . . .
Things like this just make my mind boggle. Advertising / spam on the net really drives me nuts. Why do people seem to think that by pissing off thousands of customers simultaneously thay will somehow pick up revenues ? Where do these people keep their clue ??
I really fail to see the point of this sharezilla thing, unless its just designed to be a complete GNUtella spoiler that drives people away from the service.
Or maybe its a gag. Whatever.
Marketeers are worse than lawyers. And adverisers are the worst form of Marketeer , cos they con themselves that they are "creatives". And as for advertisers that work in "new media" they have to be the lowest of all
-- Oh Well
I will be using justinalexander@usa.net for my spam address from now on, since Justin is such a big fan of spam.
I encourage you to join me.
(before you moderate me down, do a whois on flatplanet.net.)
Blacklists are a very good initial approach, but can be thwarted by the use of probabalistic responses. Basically, a SPAMMER would only reply to any given query with some small probability $p$. Then, using the approach of "random query, then real query" will let the SPAMMER through with probability $(1-p)p$. By setting $p=0.5$, the SPAMMER can still get through with probability $0.25$.
Of course, by keeping a cumulative blacklist based on $n$ prior "random queries," the probability of success for a SPAMMER will go down as $p(1-p)^n$. By using $p=1/(n+1)$, the SPAMMER can keep his probability of success above $1/(n+1)^2$. This is bad since practical $n$ is limited by the rate at which the SPAMMER changes his server's identity.
The upshot is that any blacklist-based system is guaranteed to let a lot of SPAM through if the SPAMMERS are adaptive (change identities) and many in number (more than $(n+1)^2$ where $n$ is the effective time constant of adaptation). Collaborative blacklists can increase $n$, but introduce significant trust issues since adversaries can start blacklisting legitimate sites.
Of course, not that the site is semi-/.'ed, I'm having trouble re-reading that page to check ... sigh.
To get around this the way you're suggesting, the spammer would have to dynamically create the bogus filenames on these other IP addresses - something they could possibly do if they had the access on that other machine while running the software. But unless it's an unwitting partner in the process (trojan?), it exposes at least one of the spammer's machines.
Like I mentioned, I'm no IP guru. This is starting to make my head hurt...
Stop by my site where I write about ERP systems & more
Has anyone considered looking for buffer overflows in the ShareZilla code? send a targeted request for '0xFF, 0xFF' or what-have-you and watch the spam factory turn to Jell-o.
Nothing worth doing is worth doing today.
I've been noticing quite a lot of, shall we say, 'unorthodox' activity on Gnutella the last month or so. Someone set up a server to respond to any search with an html page that auto-forwarded the unwary downloader to porn sites (some porn sites pay money for page-views that come from referrals, so probably this was someone doing it to make money). Someone else peridocially puts up a server that responds to searches with "SPAM GNUTELLA!" file references. I've also seen searches that came back with what amounted to spam messages ('make money fast') instead of what was asked for. The wild west lives.
ShareZilla is network abuse and Gnutella itself isn't? That's rich. (I'm one of those annoying gits who think that tcp/80 ought to be used for http and if you're running something other than http over that port, then you're abusing the network. Gnutella shouldn't let users bind below tcp/1024. It's that simple.)
About ShareZilla-- I'm laughing my sorry ass off. All those boneheads who were hyping Gnutella when it first arrived on the scene should have listened to us oldtimers who were telling you that, as an application protocol, it sucks rocks. You're getting what you asked for.
ShareZilla is only the beginning. I'm waiting for the real fun to begin when the blackhats start swinging their malevolent gaze around to it. If you want to prevent network abuse you have to design the network to resist tampering by abusers.
The Gnutella network is a child's toy. (And Jason, if you're reading this, you should read this and give me a call. I may have a hobby project for you.)
jhw
There is a pretty good summary of how it works posted here, but since it's in reply to a low score post I thought it could do with a little more exposure.
<grumble>submitted this story yesterday</grumble>
--
--
E_NOSIG
Deven
"Simple things should be simple, and complex things should be possible." - Alan Kay
It can scramble the IP (return address) so that its users don't get "wacked" in revenge.
They are selling it to other spammers.
They know its "wrong" and that people will fight back, and they don't give a damn.
This may contaminate the gnutella filespace with junk, and "we" don't like that.
Thad
Thad
There is a big difference between ads such as banners and SPAM. Banner ads pay to keep a site running. SPAM is a parasite that chews up resources without providing any value back (except to the SPAM sender). If anything, SPAM is hurting the growth of the Internet.
World Beach List, my latest project.
C'mon, moderators, make the satire complete! Do your duty!
streeetlawya, abusing the +1 bonus since 1999
-- the most controversial site on the Web
OK, I have been using the gnotella 0.73 client for a while now, and I like it's spam protection. While its not great, its akin to first-gen email spam filters. It helps. It currently has options to ignore vbs files, ignore htm and html files, and ignore flatplanet spam. not enough, but a start.
---
FWIW I wrote a gnutella clone in the early days, but I never got around to completing it. Back then, Gnutella itself wasn't too stable (TTL wraparound anyone?), and a lot of clone developers were sticking their creations on the net before they were (how shall I say it) properly debugged.
Anyway, as a consequence of this, I started collecting good/bad host information - I kept notes on the number of good (valid) and bad (invalid) packets coming in on every connection. Once the bad packets accounted for a certain percentage of the total packets, I said "fsck you" to the connection. Now note, it's not the node that you have the connection to that's creating the bad packets, it's just doing it's job in passing them around. What I was saying is "Hey, you're sending me junk - I don't care if it's not yours, I'm dropping you and talking to someone else". I would drop the connection, blacklist it for a few days, and start a new one instead. During the TTL wraparound time, whilst gnutella was totally unusable, my client was merely slow.
To get to the point: If every client allowed the user to say "this reply is spam", the route can be traced back (via MessageID) in the net to the clients that have a direct connection to the spambot. By creating a new (routed, so efficient) spam alert message, a client could be informed that one of it's neighbours was a spambot, and so (voluntarily) agree to both drop the spambot from the net *and* reply with the ip:port pair of the spambot, this could then be used to blacklist the ip:port pair for a limited time (again, voluntarily, per client).
Given that ip address are not yet (cf. ipv6) a dime-a-dozen, FlatPlanet would have to keep finding a new suply ip address blocks from which to attack.
I haven't kept up to date on gnutella development, but there must be a sizeable number of clones (with source!) by now. The major problem would be in moving people from the old unmodifiable Gnutella client, to a "new and improved" clone.
best wishes,
Mike.
Tales from behind the Lagom Curtain
Unless, of course, they are also doing this to point out some of the problems with the distributed system. Helluva way to point them out though.
Bleh!
For a week in July, a pissed-off spammer returned
my email address as every gnutella response...
gnut> find anything
CURRENT RESPONSES
-----------------
1) email matt@steinhoff.net for kiddie porn and anything
216.10.33.21:6345 size:80.854M ref:84279680 speed:10000
I got thousands of email messages looking for
child porn and else
before I nailed the guy.
When the search is distributed, the abuse is
distributed as well.
InitZero
"Child pornography -- INFORMATION MUST BE FREE!!!!"
I have never received any of that.
"Stolen software -- INFORMATION MUST BE FREE!!!!"
I have never received any of that.
"Stolen music -- INFORMATION MUST BE FREE!!!!"
I have never received any of that.
"Stolen movies -- INFORMATION MUST BE FREE!!!!"
I have never received any of that.
"Bomb-making instructions -- INFORMATION MUST BE FREE!!!!"
I have never received any of that.
"but legal commercial advertisements?"
I receive several of those every day.
Anyone see's the difference?
I knew you wouldn't disappoint me.
-- the most controversial site on the Web
Check out what is probably the best gnutella clone out there, with built in spam filtering:
http://gnotella.nerdherd.net/
aren't we already doing this? I mean, the site seems down due to slashdot... Just find something new about them every day or so, post a story, and voila!
---
There's always some inherent weakness, for example, with email spam they have to harvest mail addresses in some way to build a mailing list to send spam.
The addresses they harvest can be poisoned using a spamido technique so that they waste their time sending spam to /dev/null all over the internet. A waste of my bandwidth, but not my time.
It's the spammers underlying weakness that should be exploited. A spammers strength and weakness are the same thing grasshopper.
I don't know anything about Gnutella but I'll bet that there are certain characteristics that can be used to make spam a waste of time.
Government of the people, by corporate executives, for corporate profits.
Yes, it would, but unfortunately, life's not like that. The reason spam is so common, is that it works. It costs so little that you only need a tiny response rate to be making profit. There will always be clueless newbies with the "oh, that's an interesting offer, I'll go and have a look" attitude. From what I've heard, email spam currently gets around a 2% response rate. That's about the same as traditional bulk postal mail, but the costs are so much less that the profit margins are significantly higher. You or I wouldn't buy anything from a spammer, but enough people do that it's not going to go away any time soon.
"The invisible and the non-existent look very much alike." -- Delos B. McKown
Registrant:
Flat Planet, Inc. (FLATPLANET2-DOM)
1214 Knights Krossing Cir. Apt 105b
Orlando, FL 32817
US
Domain Name: FLATPLANET.NET
Administrative Contact, Billing Contact:
Alexander, Justin (JA7080) justinalexander@USA.NET
N/A
12124 Knights Krossing Cir. Apt 105b
Orlando, FL 32817
(407)362-2212 (FAX) (561)795-6548
Technical Contact, Zone Contact:
Howell, Scott (SH1012) showell@ADELPHIA.NET
Wallace Technology
9944 Gardens East Drive
Palm Beach Gardens, FL 33410
561-691-4410
Record last updated on 13-Jul-2000.
Record expires on 08-Nov-2000.
Record created on 08-Nov-1998.
Database last updated on 8-Aug-2000 19:41:10 EDT.
Domain servers in listed order:
MIA.WALTECH.COM 208.204.251.45
NS3.SUPERB.NET 207.228.226.5
No relation to Happy Monkey
It would be valid to say that advertising exists on the internet because of its increased use. Not the other way around.
Internet advertising doesn't really work. People aren't clicking on those banners, and they plain don't like them. A text sponsorship link is going to get more click-thru's than the annoying animated banner that's pissing me off now.
Site that MUST survive off of advertising aren't going to make a profit. If you launch a site and expect advertising to pay the bills, think again. The site must be established before it can even come close to being supported by advertising.
Right now the majority of advertising on the 'net is being done by morons that have no clue what they're doing, like this ShareZilla thing. Advertising is an art, and it can't be successful unless it's well planned and executed.
Think about it, when you get a spam mail, see a banner, or download a dummy file, you're annoyed. Rarely do you want to annoy your customers. When you're watching TV and you see a good commercial, you aren't going to be annoyed. Hell, there's even sites like AdCritic that have commercials you can watch anytime, and people DO. You don't see anything (and you won't) with banner ads or spam mail.
Basically what I'm saying is there is not any real advertising being done on the internet. Right now it's just hacks spamming people, and saying that this made the internet big is just insulting. If anything it is hindering it's evolution.
The problem lies in the deceptive motives of people who come up with these types of programs. If whatever service they sell is not interesting enough to attract customers based on its own merits, they attempt instead to trick customers into reading about their service, with the hopes that a few of these accidental readers will be interested in what they have to offer. Trying to stick an ad in front of someone is fine with me; it's been done for a long time, but trying to disguise your ad as something entirely different? I think we have to draw a line between advertising and fraud at some point...
I remember reading in the Publius white paper something about hashcash. Seems like it was a system in which a certain amount of CPU work was requred calculating some primes or somesuch in order to limit the amount of material that can be published. With something like hashcash in place, spammers would be required to have vast amounts of CPU power available in order to get the reach they wanted, thus neatly raising the price of entry. Gnutella has flaws, but they are avoidable in newer sharing protocols.
>;)
/.? That should keep them down for at least a week. ^_^
Why don't we just post a headline with a link to their site every day on
I think that anybody that subverts stuff like this to force unwanted advertising down peoples throats deserve whatever anybody does to them. Not that I'm suggesting that anyone should :) but if the script kiddies need to practice their DoS attacks, flatplanet.net would be a good place to start.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
Loads of people have commented along the lines of "well nobody in their right mind buys something because of a spam advert, so surely spamming will die off?".
They're missing the point.
Spam is frequently used by companies who put their COMPETITOR'S names and products on the spam adverts. Thereby their competitors get all the abuse and the original company looks holier-than-thou.
For some people, the bad customer reaction to spam is the whole damn point of spam. Bad press for your competitors is good press for yourself. If you can wind your competitor up in trouble by faking some spam- particularly if the originator is difficult to trace as per gnutella- then you win.
--
Andrew Oakley - www.aoakley.com
Much as i'm opposed to this product and company (flatplanet that is) I cant see why anyone would part with their cash for it.
The gnutella protocol is open now, and given the limited implementation I wrote of it (only search & download) in about 6 hours it's beyond me why anyone would actually purchase a product to deliberately destroy their brand name.
What I can see however is someone like [insertmonopolisticsoftwarecompanyofyourchoice] planting virus riddled versions of [insertmicrosoftofficeversionofyourchoice] to try and back their point that pirated software is of a lower standard than their own.
I've been thinking about this one for a little while. (They've been doing this sort of crap ever since I started playing with gnuttella). I think the thing to do is have the client send out a random search string when it first starts off. Any responses to it should then be filtered out. Problem solved
Will someone please explain to me what it is about Floridians especially that attracts them to shady business models?
I don't get it. But I do know that clearly half of my spam comes from Florida. (40% of it is from the other 49 states, especially southern states; the other 10% is from gross third-world nations.)
Geez, all I thought there was down there was blue-haired little old ladies from Binghamton who weren't strong enough to start the snowblower anymore.
I've got a nice pair of wire cutters. If someone tells me where the fiber is routed, I'll happily take 'em out at their borders.
Fire and Meat. Yummy.
Interesting. By equating unrelated transactions you have exposed a contradiction.
.mp3 files in their mailbox when they didn't ask for it? Yes? No?
I have a few questions:
I receive junk mail in my mailbox. Since the USPS believes that "Information must be free". By extension, I conclude that the US government does so to. By the same logic, can people download music and movies and whatever they damn well please? Yes? No?
I like to listen to music. Can my neighbor play his stereo at deafening volume levels throughout the day?Yes? No?
People download music from web sites. Should people tolerate receiving
The point is this-
People don't want PUSH technology. They're tired of PUSH media such as television, radio, magazines and newspapers. The web is different. People like the freedom it provides. That's why they won't tolerate spam and banner ads. PUSH is anathema to the web. The sooner the PUSHers realize it, the better.
Finally- Nobody said these spammers can't put up their stuff on their web pages. They're free to do so.
-rao
Am I the only one who remembers what an incredible pain in the ass cancelbots, blackholes, crossposting filters, etc. are? It's a tremendous inconvenience, even more so on a completely distributed system where you have not just each site but each individual *user* to worry about. Does anyone really think that Gnutella spam filtering will be more effective than email spam filtering? ISP's have an incentive to block spam since it clogs up their bandiwdth and mail servers. Do they have any real reason to bother with Gnutella? Why would they care if a bunch of their file-stealing customers get bad results? I bet their bandwidth costs for the average Gnutella user are 10x that of their average customer. If people stopped using Gnutella, they'd be happy!
Walt
What if Gnutella had a built-in query verification step, something wherein each search result gets re-queried, as in "do you really have this file?"
Step 1: The query goes out
Step 2: A result comes back from IP address x.x.x.x
Step 3: A verification transmission is sent to x.x.x.x to confirm the presence of the file
Step 4: Upon successful verification, the file is displayed in the search return window.
Would this add to much new traffic to the network? I'd hope not...
Stop by my site where I write about ERP systems & more
Nobody wants to censor advertisers - they are welcome to put up a web page with their advertisements for those who are interested. However, they aren't welcome to use my network to send me their content without my request (and neither are the publishers of those other types of content). Also, they shouldn't be sending me ads when I really requested music, for instance.
As a separate issue, I don't feel that the information necessarily wants to be free if it is copyrighted. It is a caricature to say that all /.ers feel that way - they are just the most vocal about their opinions.
Your right to not believe: Americans United for Separation of Church and