Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-27 Thread Matthew Toseland 
On Friday 21 August 2009 16:04:28 Alex Pyattaev wrote:
> > He has stated that the network does not allow "P2P applications" running
> > Freenet
> > as pure darknet will technically be "F2F", now we can start arguing whether
> > F2F
> > is a subset of P2P or a distinctly different thing. But if we accept that
> > F2F
> > and P2P are different, then people who haven't enabled Opennet are actually
> > not
> > violating that particular network's guidelines.
> >
> > Actually, darknet peers inside LAN are not violating ToS, because the
> inside-network traffic is not an issue. The actual problem is that a bunch
> of p2p users seeding and leeching from internet can consume every possible
> bit of channel available on the ISP's connection.  That's why they are
> illegal. The traffic for each user is virtually unlimited, but if you do the
> math, you will see that without p2p you just can not consume even 2 mbit/s
> channel, and we provide 10 mbit/s. Thus, when the user is downloading
> something big from time to time - it works just nice. But when he fills up
> at list 5 mbit/s with 24/7 p2p exchange the traffic utilization is much
> bigger than it should be. I have proposed to the managers that we allow p2p
> for extra charge (or with limited QoS), but they have decided that it will
> not work out (all that piracy stuff is still an issue).
> 
> Online gamers are not always client-server. I have stated spring as a
> typical random-server udp-based game (ta-spring.com), the Company Of heroes
> also works similarily - host is a random node, and all nodes are
> interconnected.

Ooh, that is interesting. Added to the stego wiki page.

> Indeed, 24x7 active connections can be suspicious, so I hope you will
> counter this problem so that I don't bother setting up filter. I suggest
> breaking every single connection that lasts for more than 1 hour, if it is
> not unique, and then reconnecting after random delay.

Well, opennet has high enough churn that this isn't a problem. Darknet on the 
other hand is a problem: you have a fixed and probably small set of peers, 
Freenet needs to run 24x7 for good performance, sacrificing even more 
uptime/connectivity is not really viable at the moment. However in future it 
may be, we have some features planned that may help with this (e.g. long-term 
requests).
> 
> PS: fuck bosses, I run freenet node myself=)


signature.asc
Description: This is a digitally signed message part.
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-27 Thread Matthew Toseland 
On Friday 21 August 2009 16:22:22 Evan Daniel wrote:
> On Fri, Aug 21, 2009 at 11:04 AM, Alex Pyattaev 
> wrote:
> >
> >> He has stated that the network does not allow "P2P applications" running
> >> Freenet
> >> as pure darknet will technically be "F2F", now we can start arguing
> >> whether F2F
> >> is a subset of P2P or a distinctly different thing. But if we accept that
> >> F2F
> >> and P2P are different, then people who haven't enabled Opennet are
> >> actually not
> >> violating that particular network's guidelines.
> >>
> > Actually, darknet peers inside LAN are not violating ToS, because the
> > inside-network traffic is not an issue. The actual problem is that a bunch
> > of p2p users seeding and leeching from internet can consume every possible
> > bit of channel available on the ISP's connection.  That's why they are
> > illegal. The traffic for each user is virtually unlimited, but if you do the
> > math, you will see that without p2p you just can not consume even 2 mbit/s
> > channel, and we provide 10 mbit/s. Thus, when the user is downloading
> > something big from time to time - it works just nice. But when he fills up
> > at list 5 mbit/s with 24/7 p2p exchange the traffic utilization is much
> > bigger than it should be. I have proposed to the managers that we allow p2p
> > for extra charge (or with limited QoS), but they have decided that it will
> > not work out (all that piracy stuff is still an issue).
> > Online gamers are not always client-server. I have stated spring as a
> > typical random-server udp-based game (ta-spring.com), the Company Of heroes
> > also works similarily - host is a random node, and all nodes are
> > interconnected.
> > Indeed, 24x7 active connections can be suspicious, so I hope you will
> > counter this problem so that I don't bother setting up filter. I suggest
> > breaking every single connection that lasts for more than 1 hour, if it is
> > not unique, and then reconnecting after random delay.
> > PS: fuck bosses, I run freenet node myself=)
> 
> Last I checked, p2p wasn't "illegal" in any place I know of :)
> 
> This sounds to me like you really just need better QoS for your users,
> not to block P2P.  It's relatively easy to allocate bandwidth such
> that everyone gets their fair share, and those that use it *less* get
> priority over the short term.  That means that p2p users can use up
> any excess bandwidth, but if someone else is just trying to browse the
> web it will go quickly.  Piracy is not the point of Freenet; please
> don't assume anyone running Freenet is a pirate.  You should consult a
> lawyer about your liability for piracy -- I suspect, however, that you
> aren't liable until you are notified of a *specific* problem.
> 
> Also, have you tried just asking your users to set reasonable
> bandwidth limits?  All p2p apps I know of, including Freenet, provide
> bandwidth limiting controls.  Perhaps you should simply inform your
> users of the situation and what you consider a reasonable bw limit for
> p2p apps.

Or give them a quota and charge for usage beyond that. Or throttle them after 
it.


signature.asc
Description: This is a digitally signed message part.
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-22 Thread Alex Pyattaev 
The only problem that I can see here (and it may be kind of serious)
would be: what if your bosses realize that you use resources, work
hours, etc to catch Freenet users, and then you don't actually ban them?
If you don't have a good excuse for that, may be better just forget the
whole idea.

Dude, don't worry.  They are not that good=) and actually i like the idea.
howeverm right now i have to finish the job on torrent and DC tracking.
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-22 Thread Luke771 
Alex Pyattaev wrote:
> You know, I do think that freenet is a good idea. And in fact, until 
> freenet users will consume too much traffic, i'm not going to ban 
> them. Because i don't want to. In fact, right now 100.0% of major 
> traffic consumers are using *other* P2P networks. Mostly torrents, 
> some use mule & DC, but they are much less pain - DC-like protocols 
> never utilize 100% bandwidth due to long periods when noone is 
> leeching from you. So the upload traffic is poorly utilized, and 
> downloads are not so fast due to lack of seeders. So the major problem 
> is torrent, which is extremely easy to detect and ban. And I like the 
> idea. As of freenet, my interest is pure theory right now, since 
> freenet users just don't bother be.

If you like Freenet (cool that you do!) you could help the project: try 
to catch Freenet users on your network and report the results here, so 
developers would get valuable info.
If you do catch someone, you could even (anonymously?) help him set up a 
more secure node, and then try to catch him again.

The only problem that I can see here (and it may be kind of serious) 
would be: what if your bosses realize that you use resources, work 
hours, etc to catch Freenet users, and then you don't actually ban them? 
If you don't have a good excuse for that, may be better just forget the 
whole idea.
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread Alex Pyattaev 
You know, I do think that freenet is a good idea. And in fact, until freenet
users will consume too much traffic, i'm not going to ban them. Because i
don't want to. In fact, right now 100.0% of major traffic consumers are
using *other* P2P networks. Mostly torrents, some use mule & DC, but they
are much less pain - DC-like protocols never utilize 100% bandwidth due to
long periods when noone is leeching from you. So the upload traffic is
poorly utilized, and downloads are not so fast due to lack of seeders. So
the major problem is torrent, which is extremely easy to detect and ban. And
I like the idea. As of freenet, my interest is pure theory right now, since
freenet users just don't bother be.

On Fri, Aug 21, 2009 at 7:11 PM, Artefact2  wrote:

> On Fri, Aug 21, 2009 at 04:57:15PM +0100, VolodyA! V Anarhist wrote:
> > Evan Daniel wrote:
> > > On Fri, Aug 21, 2009 at 9:59 AM, VolodyA! V
> > > Anarhist wrote:
> > >> Luke771 wrote:
> > >>> Alex Pyattaev wrote:
> >  Ok people, I'll try to adopt my own freenode to track the users that
> >  try to connect to freenet. If I come up with solution, I'll indeed
> >  tell you. Hope I'll ban some nasty users before you make a patch, so
> >  that I can sleep well knowing that my bosses will never know about
> the
> >  freenet users in the LAN=)
> > 
> > >>> What you're doing here is catching Opennet users. Pure Darknet users
> > >>> wont be that easy to catch.
> > >> He has stated that the network does not allow "P2P applications"
> running Freenet
> > >> as pure darknet will technically be "F2F", now we can start arguing
> whether F2F
> > >> is a subset of P2P or a distinctly different thing. But if we accept
> that F2F
> > >> and P2P are different, then people who haven't enabled Opennet are
> actually not
> > >> violating that particular network's guidelines.
> > >
> > > Except that it's really, really obvious that friends are a subset of
> > > peers.  See definition of peers.  In a computing context, peers is as
> > > distinct from client/server etc.  This is a silly argument, and any
> > > sysadmin will (rightly) tell you you're an idiot if you try to make
> > > it.
> > >
> > > Evan Daniel
> >
> > The issue with my university was that P2P applications do not let anybody
> > control who connects to your computer. Each person has to be responsible
> for the
> > connections being made to the machine. Clearly F2F network is *not* a
> subset of
> > P2P under that light. So many users will (rightly) call you an idiot
> (since we
> > were not discussing peers and friends, but P2P and F2F).
> >
> > - Volodya
>
> I'm sorry, I have to disagree with you. You control who your node
> connect with, but you *don't* control what goes through your node.
>
> You can control your friends, you cannot control friends of your
> friends.
>
> So we might consider that, _in the case of Freenet_, F2F is P2P, it's
> just extremely more difficult to censor.
>
> ___
> Support mailing list
> Support@freenetproject.org
> http://news.gmane.org/gmane.network.freenet.support
> Unsubscribe at
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
>
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread Artefact2 
On Fri, Aug 21, 2009 at 04:57:15PM +0100, VolodyA! V Anarhist wrote:
> Evan Daniel wrote:
> > On Fri, Aug 21, 2009 at 9:59 AM, VolodyA! V
> > Anarhist wrote:
> >> Luke771 wrote:
> >>> Alex Pyattaev wrote:
>  Ok people, I'll try to adopt my own freenode to track the users that
>  try to connect to freenet. If I come up with solution, I'll indeed
>  tell you. Hope I'll ban some nasty users before you make a patch, so
>  that I can sleep well knowing that my bosses will never know about the
>  freenet users in the LAN=)
> 
> >>> What you're doing here is catching Opennet users. Pure Darknet users
> >>> wont be that easy to catch.
> >> He has stated that the network does not allow "P2P applications" running 
> >> Freenet
> >> as pure darknet will technically be "F2F", now we can start arguing 
> >> whether F2F
> >> is a subset of P2P or a distinctly different thing. But if we accept that 
> >> F2F
> >> and P2P are different, then people who haven't enabled Opennet are 
> >> actually not
> >> violating that particular network's guidelines.
> > 
> > Except that it's really, really obvious that friends are a subset of
> > peers.  See definition of peers.  In a computing context, peers is as
> > distinct from client/server etc.  This is a silly argument, and any
> > sysadmin will (rightly) tell you you're an idiot if you try to make
> > it.
> > 
> > Evan Daniel
> 
> The issue with my university was that P2P applications do not let anybody 
> control who connects to your computer. Each person has to be responsible for 
> the 
> connections being made to the machine. Clearly F2F network is *not* a subset 
> of 
> P2P under that light. So many users will (rightly) call you an idiot (since 
> we 
> were not discussing peers and friends, but P2P and F2F).
> 
> - Volodya

I'm sorry, I have to disagree with you. You control who your node
connect with, but you *don't* control what goes through your node.

You can control your friends, you cannot control friends of your
friends.

So we might consider that, _in the case of Freenet_, F2F is P2P, it's
just extremely more difficult to censor.


pgpDEVz813ugV.pgp
Description: PGP signature
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread VolodyA! V Anarhist 
Evan Daniel wrote:
> On Fri, Aug 21, 2009 at 9:59 AM, VolodyA! V
> Anarhist wrote:
>> Luke771 wrote:
>>> Alex Pyattaev wrote:
 Ok people, I'll try to adopt my own freenode to track the users that
 try to connect to freenet. If I come up with solution, I'll indeed
 tell you. Hope I'll ban some nasty users before you make a patch, so
 that I can sleep well knowing that my bosses will never know about the
 freenet users in the LAN=)

>>> What you're doing here is catching Opennet users. Pure Darknet users
>>> wont be that easy to catch.
>> He has stated that the network does not allow "P2P applications" running 
>> Freenet
>> as pure darknet will technically be "F2F", now we can start arguing whether 
>> F2F
>> is a subset of P2P or a distinctly different thing. But if we accept that F2F
>> and P2P are different, then people who haven't enabled Opennet are actually 
>> not
>> violating that particular network's guidelines.
> 
> Except that it's really, really obvious that friends are a subset of
> peers.  See definition of peers.  In a computing context, peers is as
> distinct from client/server etc.  This is a silly argument, and any
> sysadmin will (rightly) tell you you're an idiot if you try to make
> it.
> 
> Evan Daniel

The issue with my university was that P2P applications do not let anybody 
control who connects to your computer. Each person has to be responsible for 
the 
connections being made to the machine. Clearly F2F network is *not* a subset of 
P2P under that light. So many users will (rightly) call you an idiot (since we 
were not discussing peers and friends, but P2P and F2F).

- Volodya

-- 
http://freedom.libsyn.com/ Echo of Freedom, Radical Podcast
http://www.freedomporn.org/Freedom Porn, anarchist and activist smut

  "None of us are free until all of us are free."~ Mihail Bakunin
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread Jim Cook 
At 09:15 AM 8/21/2009, Evan Daniel wrote:

>On Fri, Aug 21, 2009 at 8:54 AM, Victor Denisov wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > Luke771 wrote:
> >> What you're doing here is catching Opennet users. Pure Darknet users
> >> wont be that easy to catch.
> >
> > No, they'll be extremely easy to catch, along with their friends' IP
> > addresses. Detect local darknet nodes via generic traffic analysis (how
> > many people skype or play online games for 20+ hours a day with constant
> > 80+ KB/sec traffic?) -> Check local port used for conversations -> find
> > local nodes' darknet port -> detect its darknet peers. Trivial.
> >
> > On the other hand, moving just one hop further in the darknet chain
> > requires cooperation with the remote ISP, which is something everyone
> > considers to be relatively difficult to achieve.
>
>Right now, the best defense for darknet nodes is that this sort of
>analysis is computationally expensive on a large network.  For a small
>lan, it probably isn't, making even darknet relatively easy to catch.

Freenet (or whatever) users could just route all of their traffic 
through a proxy via securely-encrypted VPN, such as XeroBank with 
OpenVPN.  Although you'd still know that they were hogging bandwidth, 
you wouldn't have a clue what they were doing with it.

=
Jim Cook  

___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread Evan Daniel 
On Fri, Aug 21, 2009 at 11:04 AM, Alex Pyattaev wrote:
>
>> He has stated that the network does not allow "P2P applications" running
>> Freenet
>> as pure darknet will technically be "F2F", now we can start arguing
>> whether F2F
>> is a subset of P2P or a distinctly different thing. But if we accept that
>> F2F
>> and P2P are different, then people who haven't enabled Opennet are
>> actually not
>> violating that particular network's guidelines.
>>
> Actually, darknet peers inside LAN are not violating ToS, because the
> inside-network traffic is not an issue. The actual problem is that a bunch
> of p2p users seeding and leeching from internet can consume every possible
> bit of channel available on the ISP's connection.  That's why they are
> illegal. The traffic for each user is virtually unlimited, but if you do the
> math, you will see that without p2p you just can not consume even 2 mbit/s
> channel, and we provide 10 mbit/s. Thus, when the user is downloading
> something big from time to time - it works just nice. But when he fills up
> at list 5 mbit/s with 24/7 p2p exchange the traffic utilization is much
> bigger than it should be. I have proposed to the managers that we allow p2p
> for extra charge (or with limited QoS), but they have decided that it will
> not work out (all that piracy stuff is still an issue).
> Online gamers are not always client-server. I have stated spring as a
> typical random-server udp-based game (ta-spring.com), the Company Of heroes
> also works similarily - host is a random node, and all nodes are
> interconnected.
> Indeed, 24x7 active connections can be suspicious, so I hope you will
> counter this problem so that I don't bother setting up filter. I suggest
> breaking every single connection that lasts for more than 1 hour, if it is
> not unique, and then reconnecting after random delay.
> PS: fuck bosses, I run freenet node myself=)

Last I checked, p2p wasn't "illegal" in any place I know of :)

This sounds to me like you really just need better QoS for your users,
not to block P2P.  It's relatively easy to allocate bandwidth such
that everyone gets their fair share, and those that use it *less* get
priority over the short term.  That means that p2p users can use up
any excess bandwidth, but if someone else is just trying to browse the
web it will go quickly.  Piracy is not the point of Freenet; please
don't assume anyone running Freenet is a pirate.  You should consult a
lawyer about your liability for piracy -- I suspect, however, that you
aren't liable until you are notified of a *specific* problem.

Also, have you tried just asking your users to set reasonable
bandwidth limits?  All p2p apps I know of, including Freenet, provide
bandwidth limiting controls.  Perhaps you should simply inform your
users of the situation and what you consider a reasonable bw limit for
p2p apps.

Evan Daniel
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread Alex Pyattaev 
> He has stated that the network does not allow "P2P applications" running
> Freenet
> as pure darknet will technically be "F2F", now we can start arguing whether
> F2F
> is a subset of P2P or a distinctly different thing. But if we accept that
> F2F
> and P2P are different, then people who haven't enabled Opennet are actually
> not
> violating that particular network's guidelines.
>
> Actually, darknet peers inside LAN are not violating ToS, because the
inside-network traffic is not an issue. The actual problem is that a bunch
of p2p users seeding and leeching from internet can consume every possible
bit of channel available on the ISP's connection.  That's why they are
illegal. The traffic for each user is virtually unlimited, but if you do the
math, you will see that without p2p you just can not consume even 2 mbit/s
channel, and we provide 10 mbit/s. Thus, when the user is downloading
something big from time to time - it works just nice. But when he fills up
at list 5 mbit/s with 24/7 p2p exchange the traffic utilization is much
bigger than it should be. I have proposed to the managers that we allow p2p
for extra charge (or with limited QoS), but they have decided that it will
not work out (all that piracy stuff is still an issue).

Online gamers are not always client-server. I have stated spring as a
typical random-server udp-based game (ta-spring.com), the Company Of heroes
also works similarily - host is a random node, and all nodes are
interconnected.
Indeed, 24x7 active connections can be suspicious, so I hope you will
counter this problem so that I don't bother setting up filter. I suggest
breaking every single connection that lasts for more than 1 hour, if it is
not unique, and then reconnecting after random delay.

PS: fuck bosses, I run freenet node myself=)
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread Evan Daniel 
On Fri, Aug 21, 2009 at 9:59 AM, VolodyA! V
Anarhist wrote:
> Luke771 wrote:
>> Alex Pyattaev wrote:
>>> Ok people, I'll try to adopt my own freenode to track the users that
>>> try to connect to freenet. If I come up with solution, I'll indeed
>>> tell you. Hope I'll ban some nasty users before you make a patch, so
>>> that I can sleep well knowing that my bosses will never know about the
>>> freenet users in the LAN=)
>>>
>> What you're doing here is catching Opennet users. Pure Darknet users
>> wont be that easy to catch.
>
> He has stated that the network does not allow "P2P applications" running 
> Freenet
> as pure darknet will technically be "F2F", now we can start arguing whether 
> F2F
> is a subset of P2P or a distinctly different thing. But if we accept that F2F
> and P2P are different, then people who haven't enabled Opennet are actually 
> not
> violating that particular network's guidelines.

Except that it's really, really obvious that friends are a subset of
peers.  See definition of peers.  In a computing context, peers is as
distinct from client/server etc.  This is a silly argument, and any
sysadmin will (rightly) tell you you're an idiot if you try to make
it.

Evan Daniel
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread VolodyA! V Anarhist 
Luke771 wrote:
> Alex Pyattaev wrote:
>> Ok people, I'll try to adopt my own freenode to track the users that 
>> try to connect to freenet. If I come up with solution, I'll indeed 
>> tell you. Hope I'll ban some nasty users before you make a patch, so 
>> that I can sleep well knowing that my bosses will never know about the 
>> freenet users in the LAN=)
>>
> What you're doing here is catching Opennet users. Pure Darknet users 
> wont be that easy to catch.

He has stated that the network does not allow "P2P applications" running 
Freenet 
as pure darknet will technically be "F2F", now we can start arguing whether F2F 
is a subset of P2P or a distinctly different thing. But if we accept that F2F 
and P2P are different, then people who haven't enabled Opennet are actually not 
violating that particular network's guidelines.

   - Volodya




-- 
http://freedom.libsyn.com/ Echo of Freedom, Radical Podcast
http://www.freedomporn.org/Freedom Porn, anarchist and activist smut

  "None of us are free until all of us are free."~ Mihail Bakunin
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread Evan Daniel 
On Fri, Aug 21, 2009 at 8:54 AM, Victor Denisov wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Luke771 wrote:
>> What you're doing here is catching Opennet users. Pure Darknet users
>> wont be that easy to catch.
>
> No, they'll be extremely easy to catch, along with their friends' IP
> addresses. Detect local darknet nodes via generic traffic analysis (how
> many people skype or play online games for 20+ hours a day with constant
> 80+ KB/sec traffic?) -> Check local port used for conversations -> find
> local nodes' darknet port -> detect its darknet peers. Trivial.
>
> On the other hand, moving just one hop further in the darknet chain
> requires cooperation with the remote ISP, which is something everyone
> considers to be relatively difficult to achieve.

Right now, the best defense for darknet nodes is that this sort of
analysis is computationally expensive on a large network.  For a small
lan, it probably isn't, making even darknet relatively easy to catch.

Evan Daniel
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread Victor Denisov 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Luke771 wrote:
> What you're doing here is catching Opennet users. Pure Darknet users 
> wont be that easy to catch.

No, they'll be extremely easy to catch, along with their friends' IP
addresses. Detect local darknet nodes via generic traffic analysis (how
many people skype or play online games for 20+ hours a day with constant
80+ KB/sec traffic?) -> Check local port used for conversations -> find
local nodes' darknet port -> detect its darknet peers. Trivial.

On the other hand, moving just one hop further in the darknet chain
requires cooperation with the remote ISP, which is something everyone
considers to be relatively difficult to achieve.

Regards,
Victor Denisov.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFKjpkHx7AVSvyjsUARAtUaAJ9Um646KQ3G6i7lk6AZXhfcj0whuwCgqfdW
U6vM9fPchCS+MkJ0fO66qe4=
=dWfH
-END PGP SIGNATURE-
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread Victor Denisov 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Luke771 wrote:
> If you do detect any nodes, pleaser tell us because that would mean that 
> Freenet must be fixed.
> thanks for your help.

No, it means no such thing. Freenet is *extremely* vulnerable to local
traffic analysis, as its traffic pattern is *extremely* unusual
(long-lived multi-host random-port UDP conversations). I don't think
there's anything that could be done about it short-term.

Regards,
Victor Denisov.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFKjpemx7AVSvyjsUARAuOyAKDLdQJa73o7vfCd6ZNDE07wMIp4dQCfZDSt
4wy5UJOBJ4ukfPadrj+viWM=
=G3CX
-END PGP SIGNATURE-
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread Victor Denisov 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> Victor, you basically repeat my idea (about the harvester), so i will
> think about implementation. Statistics method is not an option, almost
> the same stats are shown for online games (especially real-time) that
> utilize UDP. almost constant, mostly symmetrical(not always, e.g. spring
> produces asymmetrical bursty traffic). 

I don't really think so. First, most online games are client-server, so
at each particular moment in time, it's not very likely that a
particular IP will be conversing with 15+ different game servers. Next,
Freenet nodes have random UDP ports, which is also not very typical for
online games.

Regards,
Victor Denisov.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFKjpYRx7AVSvyjsUARArRzAJ9s9s7c6QpB3yXX4laPHxFGa9ITUACg8B0P
FC2PF6wN2RcpJNxnOP7qh0M=
=pivm
-END PGP SIGNATURE-
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread Luke771 
Alex Pyattaev wrote:
> Ok people, I'll try to adopt my own freenode to track the users that 
> try to connect to freenet. If I come up with solution, I'll indeed 
> tell you. Hope I'll ban some nasty users before you make a patch, so 
> that I can sleep well knowing that my bosses will never know about the 
> freenet users in the LAN=)
>
What you're doing here is catching Opennet users. Pure Darknet users 
wont be that easy to catch.
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread Luke771 
Alex Pyattaev wrote:
> I'm a system administrator of a private home network, providing 
> internet to subscribers via ethernet. The corporate policy prohibits 
> the use of ANY p2p network by subscribers. The question is - is it 
> possible to detect freenet nodes on my LAN? I could indeed use 
> connection statistics, but this is not too useful. AFAIK, it is much 
> harder to detect those who contact friends only, but what about 
> others? I suppose the only real way is to have my own client and use 
> it to get IP's to ban...
> However, the boss does not care about technical issues. 
> Thanks for your help. 

If you do detect any nodes, pleaser tell us because that would mean that 
Freenet must be fixed.
thanks for your help.

___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread Alex Pyattaev 
Victor, you basically repeat my idea (about the harvester), so i will think
about implementation. Statistics method is not an option, almost the same
stats are shown for online games (especially real-time) that utilize UDP.
almost constant, mostly symmetrical(not always, e.g. spring produces
asymmetrical bursty traffic).
Alex.
On Fri, Aug 21, 2009 at 1:30 PM, Victor Denisov  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I'd suggest detecting Freenet nodes by their UDP traffic usage. No
> amount of VoIP or gaming activity will generate a near-constant UDP
> stream to ~20 external nodes. If your firewall/billing/traffic logging
> software provides for this, I think it'll be the simplest way.
>
> If you're proficient with Java, another way would be to create a simple
> opennet harvester (which constantly gets connections to new nodes,
> discovers more nodes, then blocks their IP addresses).
>
> With best regards,
> Victor Denisov.
>
> Alex Pyattaev wrote:
> > Ok people, I'll try to adopt my own freenode to track the users that try
> > to connect to freenet. If I come up with solution, I'll indeed tell you.
> > Hope I'll ban some nasty users before you make a patch, so that I can
> > sleep well knowing that my bosses will never know about the freenet
> > users in the LAN=)
> >
> > On Fri, Aug 21, 2009 at 1:07 PM, Søren Bredlund Caspersen
> > mailto:soeren@gmail.com>> wrote:
> >
> > Hopefully the answer to Alex's question is: It can't be done.
> >
> > If he can detect freenet nodes on his network, you must assume that
> > governments and the like can as well. I would rather we help Alex try
> > (and hopefully fail) in detecting nodes on his private home network,
> > than just ignore the fact that there are people out there
> (government,
> > corporate or private) who will in fact try.
> >
> > And if we help Alex come up with a certain way of identifying nodes
> on
> > his home network, hopefully Freenet can be improved, to fight this
> > vulnerability.
> >
> > Cheers
> > Søren
> >
> >
> > On Fri, Aug 21, 2009 at 11:16 AM, bimbek > > wrote:
> > > I don't know about others, but I would not will to help you.
> > >
> > > 2009/8/21 Alex Pyattaev  > >
> > >>
> > >> I'm a system administrator of a private home network, providing
> > internet
> > >> to subscribers via ethernet. The corporate policy prohibits the
> > use of ANY
> > >> p2p network by subscribers. The question is - is it possible to
> > detect
> > >> freenet nodes on my LAN? I could indeed use connection
> > statistics, but this
> > >> is not too useful. AFAIK, it is much harder to detect those who
> > contact
> > >> friends only, but what about others? I suppose the only real way
> > is to have
> > >> my own client and use it to get IP's to ban...
> > >> However, the boss does not care about technical issues.
> > >> Thanks for your help.
> > >>
> > >> ___
> > >> Support mailing list
> > >> Support@freenetproject.org 
> > >> http://news.gmane.org/gmane.network.freenet.support
> > >> Unsubscribe at
> > >> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> > >> Or mailto:support-requ...@freenetproject.org
> > ?subject=unsubscribe
> > >
> > >
> > > ___
> > > Support mailing list
> > > Support@freenetproject.org 
> > > http://news.gmane.org/gmane.network.freenet.support
> > > Unsubscribe at
> > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> > > Or mailto:support-requ...@freenetproject.org
> > ?subject=unsubscribe
> > >
> > ___
> > Support mailing list
> > Support@freenetproject.org 
> > http://news.gmane.org/gmane.network.freenet.support
> > Unsubscribe at
> > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> > Or mailto:support-requ...@freenetproject.org
> > ?subject=unsubscribe
> >
> >
> >
> > 
> >
> > ___
> > Support mailing list
> > Support@freenetproject.org
> > http://news.gmane.org/gmane.network.freenet.support
> > Unsubscribe at
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> > Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.5 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iD8DBQFKjndNx7AVS

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread Victor Denisov 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I'd suggest detecting Freenet nodes by their UDP traffic usage. No
amount of VoIP or gaming activity will generate a near-constant UDP
stream to ~20 external nodes. If your firewall/billing/traffic logging
software provides for this, I think it'll be the simplest way.

If you're proficient with Java, another way would be to create a simple
opennet harvester (which constantly gets connections to new nodes,
discovers more nodes, then blocks their IP addresses).

With best regards,
Victor Denisov.

Alex Pyattaev wrote:
> Ok people, I'll try to adopt my own freenode to track the users that try
> to connect to freenet. If I come up with solution, I'll indeed tell you.
> Hope I'll ban some nasty users before you make a patch, so that I can
> sleep well knowing that my bosses will never know about the freenet
> users in the LAN=)
> 
> On Fri, Aug 21, 2009 at 1:07 PM, Søren Bredlund Caspersen
> mailto:soeren@gmail.com>> wrote:
> 
> Hopefully the answer to Alex's question is: It can't be done.
> 
> If he can detect freenet nodes on his network, you must assume that
> governments and the like can as well. I would rather we help Alex try
> (and hopefully fail) in detecting nodes on his private home network,
> than just ignore the fact that there are people out there (government,
> corporate or private) who will in fact try.
> 
> And if we help Alex come up with a certain way of identifying nodes on
> his home network, hopefully Freenet can be improved, to fight this
> vulnerability.
> 
> Cheers
> Søren
> 
> 
> On Fri, Aug 21, 2009 at 11:16 AM, bimbek > wrote:
> > I don't know about others, but I would not will to help you.
> >
> > 2009/8/21 Alex Pyattaev  >
> >>
> >> I'm a system administrator of a private home network, providing
> internet
> >> to subscribers via ethernet. The corporate policy prohibits the
> use of ANY
> >> p2p network by subscribers. The question is - is it possible to
> detect
> >> freenet nodes on my LAN? I could indeed use connection
> statistics, but this
> >> is not too useful. AFAIK, it is much harder to detect those who
> contact
> >> friends only, but what about others? I suppose the only real way
> is to have
> >> my own client and use it to get IP's to ban...
> >> However, the boss does not care about technical issues.
> >> Thanks for your help.
> >>
> >> ___
> >> Support mailing list
> >> Support@freenetproject.org 
> >> http://news.gmane.org/gmane.network.freenet.support
> >> Unsubscribe at
> >> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> >> Or mailto:support-requ...@freenetproject.org
> ?subject=unsubscribe
> >
> >
> > ___
> > Support mailing list
> > Support@freenetproject.org 
> > http://news.gmane.org/gmane.network.freenet.support
> > Unsubscribe at
> > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> > Or mailto:support-requ...@freenetproject.org
> ?subject=unsubscribe
> >
> ___
> Support mailing list
> Support@freenetproject.org 
> http://news.gmane.org/gmane.network.freenet.support
> Unsubscribe at
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> Or mailto:support-requ...@freenetproject.org
> ?subject=unsubscribe
> 
> 
> 
> 
> 
> ___
> Support mailing list
> Support@freenetproject.org
> http://news.gmane.org/gmane.network.freenet.support
> Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFKjndNx7AVSvyjsUARAtT0AKCAAz0j/0oXPYvfsM5w3VWms6eR3gCeKPwP
JZxBMV5E/FnO0lyUpvpf09U=
=UQm7
-END PGP SIGNATURE-
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread Alex Pyattaev 
Ok people, I'll try to adopt my own freenode to track the users that try to
connect to freenet. If I come up with solution, I'll indeed tell you. Hope
I'll ban some nasty users before you make a patch, so that I can sleep well
knowing that my bosses will never know about the freenet users in the LAN=)

On Fri, Aug 21, 2009 at 1:07 PM, Søren Bredlund Caspersen <
soeren@gmail.com> wrote:

> Hopefully the answer to Alex's question is: It can't be done.
>
> If he can detect freenet nodes on his network, you must assume that
> governments and the like can as well. I would rather we help Alex try
> (and hopefully fail) in detecting nodes on his private home network,
> than just ignore the fact that there are people out there (government,
> corporate or private) who will in fact try.
>
> And if we help Alex come up with a certain way of identifying nodes on
> his home network, hopefully Freenet can be improved, to fight this
> vulnerability.
>
> Cheers
> Søren
>
>
> On Fri, Aug 21, 2009 at 11:16 AM, bimbek wrote:
> > I don't know about others, but I would not will to help you.
> >
> > 2009/8/21 Alex Pyattaev 
> >>
> >> I'm a system administrator of a private home network, providing internet
> >> to subscribers via ethernet. The corporate policy prohibits the use of
> ANY
> >> p2p network by subscribers. The question is - is it possible to detect
> >> freenet nodes on my LAN? I could indeed use connection statistics, but
> this
> >> is not too useful. AFAIK, it is much harder to detect those who contact
> >> friends only, but what about others? I suppose the only real way is to
> have
> >> my own client and use it to get IP's to ban...
> >> However, the boss does not care about technical issues.
> >> Thanks for your help.
> >>
> >> ___
> >> Support mailing list
> >> Support@freenetproject.org
> >> http://news.gmane.org/gmane.network.freenet.support
> >> Unsubscribe at
> >> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> >> Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
> >
> >
> > ___
> > Support mailing list
> > Support@freenetproject.org
> > http://news.gmane.org/gmane.network.freenet.support
> > Unsubscribe at
> > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> > Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
> >
> ___
> Support mailing list
> Support@freenetproject.org
> http://news.gmane.org/gmane.network.freenet.support
> Unsubscribe at
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
>
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread Søren Bredlund Caspersen 
Hopefully the answer to Alex's question is: It can't be done.

If he can detect freenet nodes on his network, you must assume that
governments and the like can as well. I would rather we help Alex try
(and hopefully fail) in detecting nodes on his private home network,
than just ignore the fact that there are people out there (government,
corporate or private) who will in fact try.

And if we help Alex come up with a certain way of identifying nodes on
his home network, hopefully Freenet can be improved, to fight this
vulnerability.

Cheers
Søren


On Fri, Aug 21, 2009 at 11:16 AM, bimbek wrote:
> I don't know about others, but I would not will to help you.
>
> 2009/8/21 Alex Pyattaev 
>>
>> I'm a system administrator of a private home network, providing internet
>> to subscribers via ethernet. The corporate policy prohibits the use of ANY
>> p2p network by subscribers. The question is - is it possible to detect
>> freenet nodes on my LAN? I could indeed use connection statistics, but this
>> is not too useful. AFAIK, it is much harder to detect those who contact
>> friends only, but what about others? I suppose the only real way is to have
>> my own client and use it to get IP's to ban...
>> However, the boss does not care about technical issues.
>> Thanks for your help.
>>
>> ___
>> Support mailing list
>> Support@freenetproject.org
>> http://news.gmane.org/gmane.network.freenet.support
>> Unsubscribe at
>> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
>> Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
>
>
> ___
> Support mailing list
> Support@freenetproject.org
> http://news.gmane.org/gmane.network.freenet.support
> Unsubscribe at
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
>
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread Ermanno Baschiera 
Portscanning? I tried nmap on my node, but it can't identify the
application. I don't know if other tools are able to.

-ermanno

2009/8/21 Alex Pyattaev :
> I'm a system administrator of a private home network, providing internet to
> subscribers via ethernet. The corporate policy prohibits the use of ANY p2p
> network by subscribers. The question is - is it possible to detect freenet
> nodes on my LAN? I could indeed use connection statistics, but this is not
> too useful. AFAIK, it is much harder to detect those who contact friends
> only, but what about others? I suppose the only real way is to have my own
> client and use it to get IP's to ban...
> However, the boss does not care about technical issues.
> Thanks for your help.
>
> ___
> Support mailing list
> Support@freenetproject.org
> http://news.gmane.org/gmane.network.freenet.support
> Unsubscribe at
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
>
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] How can a system administrator detect active freenodes?

2009-08-21 Thread bimbek 
I don't know about others, but I would not will to help you.

2009/8/21 Alex Pyattaev 

> I'm a system administrator of a private home network, providing internet to
> subscribers via ethernet. The corporate policy prohibits the use of ANY p2p
> network by subscribers. The question is - is it possible to detect freenet
> nodes on my LAN? I could indeed use connection statistics, but this is not
> too useful. AFAIK, it is much harder to detect those who contact friends
> only, but what about others? I suppose the only real way is to have my own
> client and use it to get IP's to ban...
> However, the boss does not care about technical issues.
> Thanks for your help.
>
> ___
> Support mailing list
> Support@freenetproject.org
> http://news.gmane.org/gmane.network.freenet.support
> Unsubscribe at
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
>
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe