RE: Fwd: [DES-ANNOUNCE] New clients and 'spamming'

Joel ARMENGAUD (joe@apsydev.com)
Mon, 5 May 1997 20:13:15 +0100


If the client send, in its answer, a kind of CRC (where you need to
compute the whole block to get the same CRC), the server can, randomly,
check that a given client gives the correct answer.

-Joel Armengaud

> -----Original Message-----
> From: nelson@media.mit.edu [SMTP:nelson@media.mit.edu]
> Sent: lundi, 5. mai 1997 18:49
> To: Ronald Van Iwaarden
> Cc: deschall@gatekeeper.megasoft.com
> Subject: Re: Fwd: [DES-ANNOUNCE] New clients and 'spamming'
>
> concerning this announcmenet from SolNet:
> >As many of you noted some machines in Finland have spammed the
> >server with fake reports.
>
> I'm suprised this hasn't happened earlier. If nothing else, just as a
> reminder that it *can* happen.
>
> >I wanted to know what was preventing this from happening to the
> >DESChal effort?
>
> I'd be curious about that too. I gather there's some hope that in not
> releasing the source code it'll be harder to spoof the server. That's
> not much protection though - reverse engineering is unlikely to be
> difficult.
>
> There are some serious, realistic threat models on a distributed
> attack like deschall. On a discussion on coderpunks a few months ago
> the consensus was that the only really safe solution was a completely
> uncoordinated one - every client pick random blocks. That was
> estimated to be 2-3 times as slow as the completely coordinated attack
> deschall is doing.