On Tue, 20 Aug 2002, Bob Tanner wrote:

>
> Ok, how is a gnutella expert?
>
> How about a tclug-RIAA-honeypot rpm and deb?
>
> Need some backend code to generate fake mp3s with the right names and length,
> and some way to report the hits on the honeypot.
>

I think these are an important first step.  Next couple questions, what
other ISP's in the country are looking at this as a possible service to
their customers, and can a database similar to the sendmail dnsbl be setup
that would allow ISP's to share info between themselves on IPs that are
running attacks.  This could grow into a much larger protection
environment than just RIAA ( but stopping the RIAA would be the most fun)

other tech issues that come to mind, the RIAA isn't the only people that
scan for hosts via gnutella, and then come looking for exploits,
(see firewall log while running any gnutella client)
an automated system like this would quickly have the dhcp addresses from most
ISPs in the blacklist.  these ranges would need to be exempt. ( or only
blocked for a period of time)


if this doesn't make sense, it's cause it's 5:00 AM.  whaddayado?

http://www.linuxsnob.com