Slyck.com
 
Slyck Chatbox - And More

How to prevent network fakes

A place for developers and programmers of file-sharing software to discuss issues.
Forum rules
PLEASE READ BEFORE POSTING: Slyck Forum Rules

How to prevent network fakes

Postby _eAgLe_ » Tue Jan 25, 2005 6:43 am

Hey all, i hope this hasn't been discussed to much already. But i was thinking that maybe i might create a C++ P2P program eventually. I MIGHT do it, still throwing ideas around. Well even if i don'tmake this program it will be interesting to see what ideas people have. I was just wandering if anyone had any ideas on how to prevent fake files on a network (Like kazaa, exeem etc, you know what i mean).

So if anyone has any ideas i would appreciate it. PS, i probably wont even make this program, but still it will be interesting to see what ideas come up.

So, any ideas??
TIA.
User avatar
_eAgLe_
 
Posts: 1190
Joined: Wed Dec 22, 2004 2:06 am

Postby poullos » Tue Jan 25, 2005 7:20 am

I thnik you know my idea IlL-eAgLe as expressed for exeem.
To check the scene releases in accordance to the infos in nforce.nl
Maybe you can create a site to save this infos instead of using nforce's to check each unique client individually. Its not illegal as far as I know(do i know?:? )
The rating system don't quite work for exeem, since there is no preview(at least for video files) and an option to download first-last chunk like in emule. By the time there is a complete download to rate it besides the seeder the rest of the users connected will have an average % of completion 50% and above.
Exeem uses a central server to connect to the nodes as mentioned. Admins could check the validity of the files but that would make the eligible for the illegal material used. Dead end here...
These so far.
¯\(º_o)/¯
User avatar
poullos
 
Posts: 1087
Joined: Fri Mar 19, 2004 9:29 am
Location: Mobile Server

Postby _eAgLe_ » Tue Jan 25, 2005 7:32 am

No doubt i wont forget yours poullos, its a very good idea. I would use that if i make the program, hasnt been done yet.
User avatar
_eAgLe_
 
Posts: 1190
Joined: Wed Dec 22, 2004 2:06 am

Postby imnothere » Tue Jan 25, 2005 8:10 am

if the .nfo issued with the release contained the MD5 hash of the realease then the search could be done on that hash, and you'd be guaranteed the scene release....

Just a thought...
imnothere
 
Posts: 11
Joined: Tue Jan 25, 2005 8:03 am

Postby poullos » Tue Jan 25, 2005 8:23 am

imnothere wrote:if the .nfo issued with the release contained the MD5 hash of the realease then the search could be done on that hash, and you'd be guaranteed the scene release....

Just a thought...


Hmmm...each file must have an info file(scene releases) and a separate mechanism will be used to match the infos...But anyone can attach an info file and say its a scene release. I think there is something we are missing here.
¯\(º_o)/¯
User avatar
poullos
 
Posts: 1087
Joined: Fri Mar 19, 2004 9:29 am
Location: Mobile Server

Postby imnothere » Tue Jan 25, 2005 10:25 am

I thought the original suggestion was to check the .nfo on nforce.nl and use the file name/size as a way of stopping the fakes. Using that system people could still flood the system with fakes and rate them highly. I was under the impression that nforce.nl was a monitored site for official scene releases and people wouldn't be able to post fakes there. So if the .nfo contained the MD5 hash (or a hash for your network) it would effectivly be like a magnet link, when you clicked on it it would search the network for that exact hash, and not just for a file with that name/size. So you know that you would be getting the real file. People could flood the network with as much Sh*t as they liked, but you would always be able to get the real release as you would never search by name.

There is nothing stopping this being done now on networks like emule (and I assume others)
imnothere
 
Posts: 11
Joined: Tue Jan 25, 2005 8:03 am

Postby poullos » Tue Jan 25, 2005 7:01 pm

Makes me wonder how suprnova used to verify the files were the correct ones since they didn't download them to know.

imnothere you are right about the first thought. I was only thinking the info to be used as a hash verification mechanism. But keep in mind that nforce nukesfake releases.
¯\(º_o)/¯
User avatar
poullos
 
Posts: 1087
Joined: Fri Mar 19, 2004 9:29 am
Location: Mobile Server

Postby no_dammagE » Mon Apr 11, 2005 2:52 pm

the problem about hashes in nfos is about making the nfocite into a hash site and the DMCA letters could come ... I doubt that NFOrce will accept such a policy.
Windows? Blah. Linux? Blah. BSD? Blah.
Just make sure you have a computer licence and I can open your fsckin files.
Vorbis | Theora | LaTeX | OpenDocument
User avatar
no_dammagE
 
Posts: 652
Joined: Sat Jul 05, 2003 9:37 am

Postby larytet » Tue Apr 12, 2005 12:56 pm

publisher (seed) generates a pair of keys
publisher distributes public key
publisher signs all outgoing packets with private key and nickname
leacher adds public key of the publisher to the list of trusted peers
leacher downloads data using hashes provided by the publisher. If everythign is allrigth leacher continues to use public key of the publisher.

from Rodi User Manual (General discussion) http://larytet.sourceforge.net/userManual.shtml
originally posted of P2PForums (http://www.p2pforums.com/viewtopic.php?t=11246)


In Rodi i use innovative approach to the problem of trusted networks. i do not trust Certificate server, but i trust to the publisher with nickname TM and 48 bytes public key, because once in the past i downloaded data from this publisher server. i do not care where pair nickname/public key comes from - there is no doubt or let's say there is fair amount of doubt that identification server is compromised.

i do not care. i am an oiptimist (life is full of reasons to be optimistic, right ?). i feel lucky today - i give a shot. i send LOOK request and get table of hashes. I start download and get the file. Let's put aside for a moment executable files. Let's say that this is HTML file - last letter of dying in RIAA's prison leacher. I read the file and it looks allright. From now on i know this guy - TM, that is, this guy is all right. next time i see his nickname in the end of the properly signed packet i trust him.

do you trust SF when you download binary files from their servers ? i guess the answer is generally yes. Even though they use multiple mirror servers and each and every one of them can be compromised. why do you trust them when you download Ants application ? and Ants application writes/reads to/from disk, sends packets to the Internet and does many things which are typical for the spyware/virus. Then why do we trust this s**t ? Because we tried it once and it worked. i downloaded Firefox first time and i have seen that this is good. I decided that their upgrade is going to be even better.

Rodi is different from Amazon. Rodi does not make an attempt to establish authorized certifcate server. not even close. everybody can run Rodi key server - everybody and everywhere. If you tried key server of the Rodi Hunters (there is no such server in reality, but i hope there will be in the future) and found that it's good you will probably try it once again and you will probably even trust all publishers belong to this house.
larytet
 
Posts: 73
Joined: Mon Jan 03, 2005 8:45 pm


Return to Developers Forum

Who is online

Users browsing this forum: No registered users and 1 guest

© 2001-2008 Slyck.com