World's most powerful supercomputer goes online

Brandon Enright bmenrigh at ucsd.edu
Sun Sep 2 17:02:19 EDT 2007


On Sun, 2 Sep 2007 14:48:31 +0200 plus or minus some time Guus Sliepen
<guus at sliepen.eu.org> wrote:

> Experience with tinc (a VPN daemon with peer-to-peer like architecture,
> which replicates certain information to all daemons in a single VPN),
> showed that even in a network with only 20 nodes, it is extremely hard
> to get rid of information.  You either need to shut down all daemons at
> the same time to make sure all state is lost, or modify the software to
> allow explicit deletion of certain information. With more that 1 million
> nodes it will be even harder to delete data.
>   

Actually the stormworm network illustrates this example perfectly.  As with
most DHT based P2P networks, stormworm suffers from latent/stale node data
still in the memory of other nodes.  Asside from the overnet peer bootstrap
files for each stormworm node, the list of nodes in the network is
distributed in memory across all the nodes.

Stormworm is especially bad because the authors didn't take the latent
data problem into account.  There is no built-in mechanism for a botted
host to remove dead peers from their list in memory.  With tens of
thousands of nodes, IPs of machines that were infected and cleaned weeks
ago still occasionally show up.  I suspect this behavior is the primary
source of the ridiculously high (and inaccurate) estimates for the size of
the stormworm botnet.

Brandon

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list