Thursday, Jul 24, 2008
The file-trading network's developers are discovering that even their wide-open, free-for-all technology might need a little policing.
Aug 8, 2002 | Last September, the loose affiliation of programmers who monitor the Gnutella file-trading network noticed something strange. The network, a popular hub for MP3 traders, seemed to be suffering a kind of denial-of-service attack, with some people reporting that their machines were inundated with requests for content. Though the attack seemed small, the particular design of Gnutella -- a "decentralized peer-to-peer network," in which each computer routes network traffic -- amplified its effects, causing the whole network to clog.
But when the developers got to the bottom of the problem, it turned out that there was no malicious attack -- it was just selfish code. A new Gnutella client called Xolox had recently come onto the network, and in an effort to give Xolox users faster downloads, its programmers had configured the program to frequently "re-query" the network to check for desired files. Such automated requests aren't unusual -- many programmers use the technique to improve their software's performance on Gnutella; but Xolox re-queried at dizzying speeds, causing headaches for everyone else, while possibly improving downloads for its own users.
"Will the Xolox developers please step forward?" asked one developer in the Gnutella Developer Forum (GDF), the discussion site where Gnutella developers discuss the technical aspects of the network. "If they are not present," he added, "they should be invited to the group and educated on the damage which this feature causes, especially to modem users."
The Xolox programmers were invited, but they did not come to the GDF. Some developers approached them privately to let them know of the problem, though, and Xolox responded well. "We convinced them that everyone is affected by the overall level of network performance," says Adam Fisk, a coder at LimeWire, one of the most popular Gnutella clients. "They eventually changed the re-querying algorithms."
Although the Xolox incident was cleared up, it portended greater troubles with "bad actors" on the network, some of whom aren't responding as agreeably as Xolox did. Recently, these selfish, damaging clients have so frustrated the developers who run the most successful Gnutella programs -- and who, consequently, have a lot of say in what becomes of the network -- that they're now contemplating ways to police behavior on Gnutella. That would be an ironic change for a technology born out of an act of anti-corporate defiance and which has long embraced a standard of anarchy.
This spring, a client called Qtraxmax appeared on Gnutella, and it, too, launched search requests like mad. Developers at Limewire e-mailed programmers at Qtraxmax, and though they seemed receptive to concerns, "I don't think they quite realize the scope of the problem," Fisk says. Qtraxmax accounts for only a tiny portion of clients on the Gnutella network -- according to CNet Download.com, only about 860,000 people have downloaded the program, a tiny number compared to the other Gnutella programs (LimeWire has been downloaded 13 million times, BearShare 17 million, and Morpheus 98 million).
But Qtraxmax doesn't need a huge user base to cause big problems. Gnutella is quite vulnerable to being flooded with excessive automated queries, Fisk says. If Gnutella didn't entirely collapse, he adds, "you would definitely just slow the network down to a crawl."
Salon's e-mail requests to Qtraxmax bounced back, and since its developers don't participate in any of the online discussion boards devoted to Gnutella, it's unclear if the company -- which is apparently based in Hong Kong -- is addressing the problem.
Get Salon in your mailbox!