an idea for mute or other p2p developer

[braingrunt]

I don't know how to contact anyone directly and so will post my idea here.

Mute tries to achieve privacy by avoiding direct connections. I read the "how it works'' doc, and it does seem that mute should successfully keep users safe from lawsuits--however, it does it at the cost of speed and possibly other features.

I'm no network expert, but would it be possible to make an asymmetric connection protocol? In essence, search/download requests would go out on the network, not trying to hide the IP of the person who wants to download. This is because it's relatively safe to download--as I understand it, some place or other even deemed it legal.

When the user finds a download they want, sources initiate a connection to the destination computer, always spoofing/leaving the return IP address blank. In other words, the source can send directly to the destination. But since the destination does not know the IP of the source, it would instead route ACK or other network control signals, Mute-style, through the network. This would greatly ease the burden on the network, since ACK and other network control signals are very lightweight, low bandwidth, especially compared to what mute currently has to route through.

Of course, in order for this to work, spoofing must work correctly. Sadly, as I understand it, most/many types of internet service allow the ISP to know who really sent a packet even if the return address is spoofed or blank. They can theoretically then insert the correct return address before routing the packet on. The question then, is how often they do this in practice--and I don't know the answer to that question. Each host, though, should be able to perform a simple test to see whether they can successfully perform spoofing, maybe through a simple series of pings perhaps.

So, what do you think of this idea?

[Malicious Intent]

It can't be done. You can't just leave your IP address blank or spoof it. The computer receiving the packets always knows exactly who it is from.

[cpugeniusmv]

kinda like sending mail without an address, or addressing a letter to someone expecting it to go to someone else.

[mr.jip]

thats beautiful cp..beautiful

[braingrunt]

Do a google on "IP spoofing".

This has been done before. In the letter analogy, it's like putting on a destination address, but not putting on a return address (or putting a false one). Thus, you could send someone a letter without them knowing who you are or what your home address is. The problem with this is that you can't correspond this way.

This, at least in the past, has been possible on computers as well. Your computer, when it handles network traffic, frames IP packets, TCP packets, UDP packets, etc. It is up to your computer to correctly fill in the entries in these packets including the destination IP address, and indeed, the source address. There is no reason your computer has to put in good values into those fields. Of course, if you put in a bad destination address, at some point the packet will be dropped. But at no point of the routing is it required that a correct source address is found anywhere in any of the packets.

In order to establish a TCP connection, it is true that you need a correct return adress. This is not true of UDP, since it is a stab-in-the dark protocol which does not guarantee delivery, and doesn't ask for ACKnowledgement from the other computer. But in order to make UDP suitable for reliable delivery, the programmer has to build a protocol on top of it, with again the return address being required.

But, in the case I talked about, you could build a protocol directly on top of IP, and you could send ACK packets and other network control signals (which are required for reliable delivery) back through a Mute-like network where they would reach their destinations and do their job even though the sender doesn't know where they are going.

But maybe you are right, and it wouldn't work. Like I said, I'm not an expert by any means.

[Malicious Intent]

But IP spoofing can be detected by your ISP. I belive most cable companies stop it.

[braingrunt]

But IP spoofing can be detected by your ISP. I belive most cable companies stop it.

That's what I was afraid of.

[Sephiroth]

Anonymous P2P i dont think will ever really work that well outside small private networks like WASTE because people will just move to other things like usenet or irc instead. Because they will be just as good and much faster than any proxy or ip spoofing idea.

[Malicious Intent]

So you don't think there is a future in mass p2p? You may well be right, but I hope not!

The question then, is how often they do this in practice--and I don't know the answer to that question.

I wouldn't give up braingrunt. Now I have only heard this from one source, but I think that it is only cable companies that can detect IP spoofing. A/DSL companies can't and I don't know about internet through electricity cables.
Perhaps if the application spoofs the IP unless it can't, then people would be safe. RIAA nodes will not know if it is spoofed or not.
There are questions to answer with this:
Can anyone spoof?
Can you either spoof or not, or do ISPs only sometimes check?
Do you need to change the IP address attached to all outgoing packets? If so this would screw up your internet!

[eivioolla]

But IP spoofing can be detected by your ISP. I belive most cable companies stop it.

Well, actually reports from ES5 PXP users (which does allow source address spoofing) indicate that many big ISPs in fact do not block spoofed source addresses. The biggest problem seems to be home routers and NAT that are not compatible with spoofing. The good side in spoofing compared to proxy-node-network is that it is direct upload thus no speed drop compared to conventional P2P.

[Sephiroth]

So you don't think there is a future in mass p2p? You may well be right, but I hope not!

No i didnt say i think that is the future which i doubt it. My point is that people would just migrate to other places than to use some slow proxy system or "anonymous p2p" that has alot of overhead assuming if it works at all and not one of these systems has been able to stand the test of time and actually proven to work other than in the marketing pitches and on paper.

So im extreemely skeptical of them especially since they seem to like to promote it and get users and hype it up before they release a final and its proven to work.

[Malicious Intent]

Well, actually reports from ES5 PXP users (which does allow source address spoofing) indicate that many big ISPs in fact do not block spoofed source addresses. The biggest problem seems to be home routers and NAT that are not compatible with spoofing. The good side in spoofing compared to proxy-node-network is that it is direct upload thus no speed drop compared to conventional P2P.

I don't think the merits of pxp have ever been discussed hear. Threads have a nasty habit of not lasting long when the implementing program is mentioned.
So without all the propaganda we would face if we went to the source, how is it claimed that it works?

[shellreef]

Do you need to change the IP address attached to all outgoing packets? If so this would screw up your internet!

I've never heard of this, how would it screw up your Internet?

[Malicious Intent]

Well I would push the two opposite corners closer together, reach out with my index finger and drag in one of the stray corners. After turning it 180 degrees, I would squash in the remaining corner and roll the whole lot into a tight ball in the palm of my hands.
Following this, I would throw the newly formed ball in the correct direction and volcity to pass through the toy basketball hoop and into the bin below.
Or is that a piece of paper?
If you are serious, I mean that if you are either spoofing or not, then when spoofing for p2p, you will also be spoofing webpage requests. You therefore wont be able to use the internet when using the p2p program.

[shellreef]

I mean that if you are either spoofing or not, then when spoofing for p2p, you will also be spoofing webpage requests. You therefore wont be able to use the internet when using the p2p program.

Spoofing doesn't affect other programs.