Gnutella Security

[x-sb-x]

Hey

I came across some Gnutella security loopholes recently. One of these loopholes which I found interesting, was a worm which replies positively to most of the queries it get. Suppose someone searches for itunes and it will reply with itunes.exe (basically building answers through the search string). If a user gets tricked into downloading this file and he executes it, the worm will take control of his application say limewire and this application will also start exhibiting worm behavior.

How big a problem do you think this loop hole can pose to Gnutella.

Lapsy

 

[Six Samurai]

Well Lapsy I hate to tell you this but this is Old news. The MAFIAA aka the (RIAA & MPAA) actually hire organizations to Flood the Network with Fake Files, Viruses, Worms, and Spam in an Attempt to discourage the use of P2P. I would suggest Downloading ONLY Audio, Video, and Books from the Gnutella Network. If you are interested in Games or Programs DON'T use this Network. Here is a list of File Extensions to Filter OUT to help you stay semi safe amd other suggestions and Info.


Try these suggestions.

What I have done that works really well is to go to Tools > Options > Filter > Keywords and then add these file extensions: .wma, .exe, .rar, .html, .com, .zip, .mov. Be sure to tick apply and O.K. There are a ton of fake and corrupt files with these extensions. I will only download mp3 files that are larger than 2000kb - 3000kb. Also make sure thay have a bitrate.

Sticky: How to find music ( 1 2 3 ... Last Page)

LOTR explains where the Fake Files are coming from and why.

Fake files showing up in search results

Hope this Helps.

 

[Steven]

that is true, but you must appreciate the fact that most of the users of Gnutella would be naive users. They are probably not taking such precautions and thus it becomes important to protect users against such kind of worm attacks

 

[leaping_walrus]

Right you are my friend, but LW has no way to Police the Network as there are no Central Servers. They have absolutly no control over what is being Shared on the Network.
For all of the "Naive" members that you speak of, Research, Read and just become aware of the Dangers of File Sharing. It is also Very Illegal.

 

[Kelley87]

No central servers, that would be quite wrong i guess.. there are GWebCaches which to some extent are central servers and there are companies which are maintaining these central servers. So, why can't they have central servers to monitor the traffic.

 

[Sun devil]

Lapsy, Sorry I left so abruptly this morning, (was morning for me anyway)I Had to go to work . To continue, Correct me if I'm wrong, but GWebCaches are used for Connecting Peers to other Peers, NOT sorting or monitoring Millions of files to determine what's safe or not.

 

[jerrod02_99]

I have just recently heard of a p2p program that has a built in scan prior to downloading files and it is a reliable source for programs the whole thing is set up as a protest to the software companies charging so much for their software you can app still get mus and vids to but it is more focused on programs when I find out more I wil post.

 

[Marty McFly]

Many people use Peer Guardian when on P2P networks. It is available for free from download.com. I've used it for years.

You can read user reviews and download it from:

PeerGuardian - Free software downloads and reviews - CNET Download.com

 

[Della H]

Hey Remoc
That is correct but my point is if they can maintain GWebCache server then why not to have some servers just to monitor the network for malicious activities by peers!

 

[noiket]

Well thats up to LW. If you want to pose that question to them, Go Here
LimeWire Forums. Some of the Developers hang out over there sometimes.

 

[Mr Hex Vision]

Thanks a lot for your suggestion.. will definetely do that