May 09, 2004
Bogus File Flooding
by Nick Morgan
May 9, 2004 03:18 PM
A newly patented countermeasure against P2P file-sharing:
A computer science professor and graduate student have been awarded a patent for a method of thwarting illegal file sharing on peer-to-peer networks by flooding the network with bogus files that look like pirated music.
That's about as specific as the article gets regarding the "method," so it's pretty hard to say how effective this will be. One would like to know, for instance, whether these bogus files would be served from a discernible network source or user. It'd also be nice to know whether counter-software could be developed to spot bogus files quickly.
At any rate, frustrating downloaders like this is a far more cost-effective measure for all involved.
Hmmm. Sounds like a denial of service attack (DoS). Doesn't this highlight the problem with software patents? I doubt it is possible to come up with a truly novel way of conducting this sort of attack. It is as simple as "send dummy requests to server so server can't properly handle legitimate requests".
They would need to go with a Distributed DoS because I doubt that one computer would have the bandwidth to properly flood a P2P network.
I could think of at least one counter measure to combat this off the top of my head. It would involve receiving too much information from particular sources and banning them.
I would be particularly interested to know if the bogus files will be Megabytes large (and therefore genuinely look like pirated music) or just be lots of little files (which will clutter the P2P landscape but be easily discernable).
More complicated solutions to problems have been defeated.
I'm not sure this is a DoS attack: 'flooding' here seems to be a bit of an overstatement. The idea seems (reading the article, which is short on specifics) to be to frustrate users, not to make the servers collapse.
The vulnerability of this kind of system would seem to be the implementation of 'trust'-based systems: a P2P program where you rate a source for a file based on whether it was what it said it was. But how you'd implement that I don't know.
Yeah, this tactic works. It frustrates me regularly. Darn them.