RF - Referrer notification

From ADCPortal Wiki

(Redirected from REF)
Jump to: navigation, search

Proposed by Jan Vidar Krey

Introduction

Buggy hubs can be exploited, or malicious hub admins can initiate connection DDoS of servers by sending CTM messages to many users at a high rate. This problem has been ongoing for the past couple of years, and it is hard to deal with, since it is hard to figure out who is initiating the attack.[1][2][3][4][5][6][7][8][9]

When a client connects to another client it will send the address of the hub adc[s]://host:port . The address should be the same address as the client used to connect to the hub initially, so it does not have to be resolved to IP (hostname is fine).

Because of the ADC abstract, this can be done as simple protocol extension which should not break backwards compatibility for any sane client in any way. It is imperative that this information is among the first bytes send, and do not require the receiving host to reply in some specific way to obtain the information. For this reason this should be sent as part of the SUP message for the connecting client.

The purpose of this extension is to identify the hub source of a CTM attack (it doesn't have to be the actual DNS used by the hub or the most used port, just to point a way of connecting to the hub ).

How it works

Extends the RF field of the INF to STA, allowing a client to notify clients and hubs upon SUP-negotiation from where the C-C or C-H originated from.

RF URL of referrer

Example

Client 1 Client 2
CSUP ADBASE (...) CSTA 000 referrer RFadc://example.com:1234

Conclusion

References

  1. Preventing CTM attacks by Dj_Offset (Jan 05, 2009)
  2. DC++ CTM Proof by Pietry (Jan 14, 2009)
  3. Are centralized networks doomed from the start ? by Pietry (Dec 30, 2008)
  4. Press coverage regarding DC being used as a DDoS tool by Fredrik Ullner (Jan 17, 2008)
  5. ADC hub referrer by Fredrik Ullner (Jan 17, 2008)
  6. Part 2: CTM Review and the errors of past by Toast (Jan 27, 2009)
  7. Re: Part 1: Old Software and the impact of it by Catalin (Jan 25, 2009)
  8. Peer-to-peer networks co-opted for DOS attacks by Robert Lemos, SecurityFocus (May 28, 2007)
  9. DC++ pointing out the corrupted by Pietry (Feb 11, 2009)

See Also

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox