[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [other] Re: blocking new version of kazaa
- To: misc@openbsd.org
- Subject: Re: [other] Re: blocking new version of kazaa
- From: jared r r spiegel <jrrs@ice-nine.org>
- Date: Thu, 31 Jul 2003 22:51:18 -0600
- Content-Disposition: inline
- References: <20030730144453.A7FE21A02A4@smtp-1.hotpop.com> <3F27F6AD.D7357F9@holland-consulting.net> <86r847b710.fsf@home.nest.cx> <3F2934EC.9050502@ieee.org>
- User-Agent: Mutt/1.5.4i
On Thu, Jul 31, 2003 at 11:25:32AM -0400, Chris Zakelj wrote:
> Considering that the vast majority of Kazaa/Morpheus/*ster users are
> win32 users, and probably wouldn't recognize (let alone know how to use)
> a HOSTS file
<snip>
> As someone else commented, removing even the casual
> users would really lighten the load, and anybody who's left will require
> more thought and corrective action anyway.
yeah, the 97% of average-joe users who, for example, think that their
music is saved "in" kazaa; HOSTS file is not going to be an issue with them..
but for the rest of them, the ones we're talking about "worrying about",
let's assume the DNS-poison idea ( which i've supported previously ) is
( potentially ) flawed for the following reasons:
- giving the sharp user credit; they will have, either via cygwin or a linux
NAT machine, their own DNS resolver that could be configured to use a
"query-source" port other than 53 ( one does not need to be captain unix
to be able to set this up; merely be acquiainted with the idea of unix and
comfortable at a DOS prompt to be able to make it through the OS install,
follow the gobs of tutorials out there, read like 8 man pages and have their
own caching nameserver sending queries on a nonstandard port sitting at the
top of their own RFC1918 like anyone with an ISP such as adelphia who blocks
some ports, including CPE outgoing udp 53 ), thus circumventing the DNS poison;
- giving the sharp user less credit; one doesn't need to grok fully a HOSTS
file in order to be able to get ahold of a different nameserver ( eg: DSL
customer calls CABLE ISP and says: "just a quick question; what's your DNS
server? i live in <STATENAME>", CABLE ISP tech support says: 1.2.3.4, tx
bye; as that was a short and easy call and helps stats ) and just hardcode
that in their TCP/IP settings.
what is to be done about those 12 ppl? especially as my $1 is on the
idea that those 12 or so ppl are going to be the worst bandwidth eaters
out of the lot of them.
my cousin, while staying at my house, would rack up 2GB of xfer in about
13h with the kazaa and the bittorrent; and he was, while quick to confess
that he didn't know very much about the PC, cognizant of what DNS servers
he had the PC set to at the university and also while at his parents
house on their broadband.
would, then, something like
rdr in on $int_if inet proto udp from $int_if:network to any port 53 -> \
$nameserver_IP
be a good addition to the solution?
if you can redirect to you any DNS queries from the network, rather than
just run authoritative wrong-answers for the 'kazaa.com' zone ( et all )
on the server they only happen to use because their PCs are using
DHCP to pull down what nameserver to use, then you might keep them from
being able to populate their HOSTS file, assuming they find out what it
is.
granted, that doesn't stop them from just having some buddy make a HOSTS
file and send it over the IRC; but i'll aim at one row of ducks at a time.
jared.
--
[ openbsd 3.3 current/GENERIC ( jul 24 ) // i386 ]