[lugdunummaster]

I own this code 100%, I have no agreement on it, and will have no future agreement on it.

Some companies are now able to target DDOS attacks of about 5 millions packets per second
on the destination they want, letting it last one month if they want.

You'll find no provider in the world willing to let your emule server run if this flood take down
2000 servers in its DataCenter.

[leuk_he]

lugdunummaster, on Jul 19 2008, 11:28 AM, said:

Some companies are now able to target DDOS attacks of about 5 millions packets per second
on the destination they want, letting it last one month if they want.

Which is illegal. Anyway, you can damage any internet service with such a attack. however this problem of dos/ddos attacks has to be solved with legal help, not technical. with 5 million packets per second you can send each kad node a fake packet an damge kad as well.

[Nissenice]

leuk_he, on Jul 19 2008, 12:19 PM, said:

Which is illegal. Anyway, you can damage any internet service with such a attack. however this problem of dos/ddos attacks has to be solved with legal help, not technical. with 5 million packets per second you can send each kad node a fake packet an damge kad as well.

We are maybe 5 million users. How many packets can our clients send in return?

[PacoBell]

Nissenice, on Jul 19 2008, 03:35 AM, said:

We are maybe 5 million users. How many packets can our clients send in return?

If the DDoS is coming from a botnet of 0wn3d machines, that's not going to do very much.

[Nissenice]

Well, Iwasn't really serious anyway.

[leuk_he]

Nissenice, on Jul 19 2008, 01:35 PM, said:

leuk_he, on Jul 19 2008, 12:19 PM, said:

Which is illegal. Anyway, you can damage any internet service with such a attack. however this problem of dos/ddos attacks has to be solved with legal help, not technical. with 5 million packets per second you can send each kad node a fake packet an damge kad as well.

We are maybe 5 million users. How many packets can our clients send in return?

You cannot denial out of service all those 5 million clients. But you can damage the data in kad considerable with a targetted attack with one udp message per second. Not that i am goig to tell how that is that can done...

[Some Support]

leuk_he, on Jul 19 2008, 04:13 PM, said:

You cannot denial out of service all those 5 million clients. But you can damage the data in kad considerable with a targetted attack with one udp message per second. Not that i am goig to tell how that is that can done...

Quite offtopic but nevertheless: I do have my doubts about that, at least considering the latest 0.49b Beta. The only thing which you could do is trying to spam the keywords/sources index, but this has only limited effects. There isn't much point not to discuss it public - if a company has enough ressources for such an attack, it probably also has enough ressources for someone with the same level of knowledge to figure out existing weaknesses (except if you figured out really something new, but then you should tell us devs about it anyway ).

On a sidenote, you also have to consider what kind of packages. 5 Mio empty packages needs ~ 610MBits Upstream and someone who wants to send 5 mio valid Kad publish packets (say 100 bytes) needs 4 GBit upstream.

[fox88]

Requirements would be much lower for a distributed attack.

[Klaus_1250]

Now that almost all servers are gone, isn't it time to notify people that they shouldn't use servers any longer? And to make absolutely sure people start updating to recent version?

And how many eMule clients are connected to untrustworthy / rogue servers? If I take a peek at my connected peers-list, I see almost everyone is connected to dubious servers. If I look at the statistics on the Peerates website, I see that there are more than 3 million people connected to no-source/spamming servers.

That is a situation that is bound to go seriously wrong for the eDonkey network.

[niclights]

The problem is in determining if they really are nearly all gone, or whether it is just that we rely solely on the Peerates list. Kad is not always an option - for some they cannot connect or search or get sources, for whatever reason. So, better to know for sure before telling people they should not use servers. That is why I have started the alternative experiment on servers here.

I don't see it as going horribly wrong though. Things tend to naturally fix themselves, such as upgrading clients. And many users that can connect to Kad, do. Which negates any problem caused by their connection to a fake server.

This post has been edited by niclights: 23 July 2008 - 09:35 PM

[EvolutionCrazy]

Hope some server admins will came public and let us know WHO and HOW is ddosing them (if this is what is happening)... there are many ppl around with available gbit uplinks that might love to return the favor...

[xscarab]

Me, being suspicious of everyone and everything, and seeing conspiracies round every corner, wonders if this (the edonkeyserverNo's saugstube and the serverlists Nr's being taken offline/attacked/whatever is happening to them) might be related in some way to the release of the latest high profile movie?

[Dick_Manitoba]

The Dutch servers dropping off is related to BREIN story I saw on Zeropaid I would guess. Call it a conspiracy if you like, but it's public knowledge.

[xscarab]

Maybe, but the razorbacks went quite a while ago didn't they?, in fact I know what the date says on that report you linked to, but I'm sure I saw that item a couple of WEEKS ago too. (And I thought there was only 1 razorback left anyway, which was always failing, until that one disappeared the other week)

[Dick_Manitoba]

Off-topic again, sorry. Last time in this thread

They're having to go after the servers host by host. So it will take time for all of the ones they are targeting to eventually be taken down. This story is a recent one, covering the newer Razorback servers I presume, and likely covering Saugstab etc. I have no intimate knowledge, so I am only guessing from what I read.

Edit: Nevermind. Another case of speaking too soon. Saugstube is working again, so I must eat crow.

This post has been edited by Dick_Manitoba: 24 July 2008 - 02:37 PM

[eremini]

As a server operator I can say that so far there have not been any noticable DDoS attempts on my server

[CiccioBastardo]

@lugdunummaster
Is there a chance that the code is given to someone that has serious intentions to continue the developing if the Open Source option is not a viable one?

Or it is just going to be lost forever?

[Some Support]

I dont think that server development is currently the problem. Its rather that there aren't enough operators who are willing or able to put up a server (for whatever reason - legal, finincial, moral). This won't be solved by working on server software.

[eremini]

But then that still doesn't mean that current software shouldn't be optimized/imporoved for the sake of those servers that are already online

[vato76]

This is very sad news for me. I cannot use KAD because of modem & isp issues, and it seems i will now be forced to use another P2P program. Its sad because ive gotten very used to Emule and it has been the only p2p that ive been using for several years.

How long would it take for the servers to get back on their feet and for search results to return to normal?