spam
Poisoning a distributed system
Submitted by vlado on Tue, 2007-07-17 13:45.net | networks | p2p | poison | population based methods | rdf | semantic web | spam
The last few months I've been silently working on some 'population based' or 'social' methods. It is a long story, so I will revisit that part some day later. But the question I ask today is
what are the effects of poisoning a network
Or alternatively - how do different network topologies differ in their resistance to cancer cells? Disinformation? Spam? ???
There was and there is still a lot of research ongoing in the Semantic Web community, but it looks like they live in the ideal world, the don't consider either failure or deliberate sabotage. But these effects are known, for example p2p poisoning by the big four, spamming google, poisoning spam-word indexes, etc... Poison pills are one of the most used and useful weapons in the so called cyber-warfare.
I'm struggling to find useful research on the effects of poison. Any help is welcome. Can you post or help with references. I'll compile them and post them back here and on delicious, or wherever you fancy.
update 1
The guys down at freenet project have done some research on p2p network attacks. A few groups are working on collaborative filtering. So here follows the first instalment of (semi-relevant) links
- The Index Poisoning Attack in P2P File Sharing Systems
- Attacking P2P Networks
- Distributed Routing in Small Worlds - Background
- Searching in a Small World
- RecTree: An Efficient Collaborative Filtering Method
- Eigentaste: A Constant Time Collaborative Filtering Algorithm
- Low-Resource Routing Attacks Against Anonymous Systems
Quick and dirty httpbl and drupal. An attempt to weed out evil bots, a bit
Lately I was looking into how to reduce the spam traffic to this website. Not just comment spam, but various harvesters and other nasties. They steal too much http bandwidth.
.htaccess methods are tempting, but they have a huge disadvantage - they are static. DNS blacklists can be used to dynamically query 'is this ip a known threat?'. One such list is provided by project honepot. They have an apache module in beta implementing it. If you don't have the option, or want a bit more dynamism, you can do the checks from your own php script.
In drupal there is already an httpbl module, but I decided not to use it. It looked easier to just insert the checks in index.php. The other benefit is that I can interfere before the drupal bootstrap has even started. The downside - none of the goodies provided by the module. I used a modified version of the script provided by planet ozh.
