dchub-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Dchub-dev] [Bug #3096] strange search-messages

From: nobody
Subject: [Dchub-dev] [Bug #3096] strange search-messages
Date: Sun, 06 Apr 2003 04:50:01 -0400 
=================== BUG #3096: LATEST MODIFICATIONS ==================
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=3096&group_id=3963

Changes by: Eric PREVOTEAU <address@hidden>
Date: Sun 04/06/2003 at 10:50 (Europe/Paris)

            What     | Removed                   | Added
---------------------------------------------------------------------------
         Assigned to | None                      | ericprev
              Status | Open                      | Closed


------------------ Additional Follow-up Comments ----------------------------
Search queries are now analysed more carefully. In fact, it is a bug because it 
is possible to make a DDoS on a computer by giving its IP in the query. All 
other clients will send their reply to this IP. Now, any client sending 
malformed search query is kicked.



=================== BUG #3096: FULL BUG SNAPSHOT ===================


Submitted by: hhgoth                  Project: DcHub:  Hub software for Direct 
Connect
Submitted on: Thu 04/03/2003 at 21:47
Category:  None                       Severity:  5 - Major                  
Bug Group:  None                      Resolution:  None                     
Assigned to:  ericprev                Status:  Closed                       
Release:  0.4.1_CVS                   Platform Version:  Any                
Planned Release:  None                Fixed Release:                        

Summary:  strange search-messages

Original Submission:  it's not a bug it's a feature ;)

...the hub is delivering strange searchrequests
e.g. active-search with localhost-ip 127.0.0.1
or searchrequests without ip-address or hub just the ':port'

as well maybe a hub-var could be helpful to block private-address-space 
search-requests. It should be only needed for testing enviorments of special 
purposes...
...should be blocked I think

Follow-up Comments
*******************

-------------------------------------------------------
Date: Sun 04/06/2003 at 10:50       By: ericprev
Search queries are now analysed more carefully. In fact, it is a bug because it 
is possible to make a DDoS on a computer by giving its IP in the query. All 
other clients will send their reply to this IP. Now, any client sending 
malformed search query is kicked.


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=3096&group_id=3963
reply via email to
[Prev in Thread] Current Thread [Next in Thread]