On Mon, Jul 19, 2004 at 10:33:09AM +0200, Arnold Weizendrescher wrote:
Hello,
yesterday, there was a post on the Frost-board
freenet where the anonymous poster claims to have
found a severe freenet exploit. He explains that he
could determine anyones IP address, no matter how many
hops the person is away from his own node. (for
details see the attached message).
Take him up on it. There ARE possibilities to fake it (harvest all nodes,
insert on each node Your IP address is this node's IP address, fool!
Tremble before me!... but with some collaboration we can probably defeat
such an attack i.e. just publish the IP here and see if other Frost
users get the same.
I personally think that this is just an attempt to
spread FUD (Fear, Uncertainty, Doubt) among the
people using freenet.
Very likely.
The poster (or the governmental
organisation behind him) can't get any hold of the
freenet users and thus tries to make them not to use
freenet in the first place.
Well, he can get hold of Freenet node operators, fairly easily. That's
not what you're talking about of course.
However, it would really
put my mind at rest, if one of the developers could
confirm that this claim has no substance.
I'll have a look.
I attach the message from the Frost-board below:
start of attached message
Have I found an exploit in freenet?!?
With a modified freenet java client I'm able to trace
IPs and hop count of posts.
example: bebe's post in CHK_Dragon
- [EMAIL PROTECTED] -
2004.07.09 - 21:16:35GMT -
sage auch mal wieder hallo und gr??sse alle
neuzug??nge !!
bis die tage
bebe
- [EMAIL PROTECTED] -
2004.07.10 - 11:12:57GMT -
baba bebe :)
--
[EMAIL PROTECTED],yVzuyL1y1y7LbMG4OH7KoQ/naphtala.asc
[EMAIL PROTECTED]
IP 80.134.xxx.xx (german DSL dial-in)
8 hops away from me (on posting time 9/7/2004)
naphtala resides in Germany too.
I'll not go into details here but some technical
background: I 'mark' the IP headers and request a
retransmit of this packet from hop next to me.
Why bother? You know full well where the node that relayed the message
is.
If it's
not the originator of the packet the generation of his
answer causes (due the corrupted IP packet header I
send for retransmit request) an exploit and forces a
retransmit to _its_ packet source hop.
Uh, I have no idea what you are talking about here. Freenet does not
deal with IP packets directly. It uses sockets. If there is an exploit
in the operating system or the JVM, then OF COURSE you can trace packets
back to source. That's one of the more depressing things about the
prevalance of insecure OSs, and the current dependance on a proprietary
JVM. :( Now, if he means an exploit in Freenet, then I'd love to see it,
but it seems unlikely as as I said we don't deal with IP anyway.
This answer is
routed to me and now I have the IP of the freenet
client 2(!!!) hops away from me.
For THAT request? Doubtful. Possible, but unlikely especially when
framed as he has.
I do this recursively for all other hops up to the
originator. The originator doesn't have a hop to
request retransmit and the exploit does nothing (no
return packet). The only condition I need is the hop
chain (IP connections) must be still in connect state.
So the trace must be done in a very short interval
after receiving the original post. It's very hard to
catch a intact IP connection cain.
This seems unlikely, our connection flux isn't _THAT_ bad.
In my current
implementation there is a success rate of about 0.5%.
LOL.
Due low level nature of the expliot it is not
neccesary to crack any encryption.
If the exploit is that low level, I don't really see how it could work,
except perhaps by exploiting a remote execution hole in the host
operating system (or JVM).
!!! I'll never ever compromize all of your anonymity
!!!
But is someone willing to support me? Please make a
post subject called 'freenet exploit #1' and let me
try to catch posters IP address. I'll anwser the IP so
the original poster can say yes/no.
Thanks for your support
130303
--
Matthew J Toseland - [EMAIL PROTECTED]
Freenet Project Official Codemonkey - http://freenetproject.org/
ICTHUS - Nothing is impossible. Our Boss says so.
signature.asc
Description: Digital signature
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]
