May 09, 2004

Bogus File Flooding

by Nick Morgan

A newly patented countermeasure against P2P file-sharing:

    A computer science professor and graduate student have been awarded a patent for a method of thwarting illegal file sharing on peer-to-peer networks by flooding the network with bogus files that look like pirated music.

That's about as specific as the article gets regarding the "method," so it's pretty hard to say how effective this will be. One would like to know, for instance, whether these bogus files would be served from a discernible network source or user. It'd also be nice to know whether counter-software could be developed to spot bogus files quickly.

At any rate, frustrating downloaders like this is a far more cost-effective measure for all involved.

May 9, 2004 03:18 PM | TrackBack

Hmmm. Sounds like a denial of service attack (DoS). Doesn't this highlight the problem with software patents? I doubt it is possible to come up with a truly novel way of conducting this sort of attack. It is as simple as "send dummy requests to server so server can't properly handle legitimate requests".

They would need to go with a Distributed DoS because I doubt that one computer would have the bandwidth to properly flood a P2P network.

I could think of at least one counter measure to combat this off the top of my head. It would involve receiving too much information from particular sources and banning them.

I would be particularly interested to know if the bogus files will be Megabytes large (and therefore genuinely look like pirated music) or just be lots of little files (which will clutter the P2P landscape but be easily discernable).

More complicated solutions to problems have been defeated.

Posted by: Evan Read at May 10, 2004 05:53 AM

I'm not sure this is a DoS attack: 'flooding' here seems to be a bit of an overstatement. The idea seems (reading the article, which is short on specifics) to be to frustrate users, not to make the servers collapse.

The vulnerability of this kind of system would seem to be the implementation of 'trust'-based systems: a P2P program where you rate a source for a file based on whether it was what it said it was. But how you'd implement that I don't know.

Posted by: A. Rickey at May 10, 2004 02:30 PM

Yeah, this tactic works. It frustrates me regularly. Darn them.

Posted by: Neo Tokyo Times at May 10, 2004 04:42 PM
Sitting in Review
Armen (e-mail) #
PG (e-mail) #
Craig Konnoth (e-mail) #
About Us
Senior Status