On Tuesday 28 October 2003 05:22 pm, Toad wrote: > I have a better attack. You are targetting a particular area of the > keyspace. Request a long stream of random keys very close to the target > key. They will all DNF, and reduce the pDNF in that area of each node > the node routes the request to, until the estimator is so low that it > tries a different node. Keep on requesting and you can effectively > eliminate the node's ability to route requests in that region... I have > no idea how to fight this attack :(. Anyone have any reason why it > wouldn't work?
I think the original attack mentioned would not work, because it would be distributed across all keyspace, so It would merely decrease the average pDNF would decrease with no net effect on routing. However if it were targeted at a particular aria of keyspace it would decrease the preserved specialization of that aria until in was instead routed somewhere else and the decrease that until it were routed somewhere else. So it would have the effect of continually trying to reduce the effectiveness of the best node to that of the second best node. However at the same time all the other nodes are are requesting normally. So assuming that normal requests are just as capable of normalizing the estimates as the attacker is of skewing it, then this effectively becomes a battle of resorces between the rest of the network and the attacker. However the rest of the network is not aware that it is compeating, and the attacker's resources can be targeted. So it is probably possible for a single attacking node to generate the same number of requests to a small aria as the rest of the network. Assuming that it has the same bandwidth as the aria it is attacking, and the nodes being attacked is normally exactly at capacity, then the the attacker will be successful in diverting traffic half the time. If they have twice the bandwidth then it will 2/3rds of the time, etc. So to limit this and other flooding biased attacks, I think we should create a node blacklist, where your node will simply disconnect from, and for a time, ban any node that demonstraights significantly deviant behavior. One must also take care that anything that puts a node on a black list is not propagated down any single request line so you don't end up banned yourself. _______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl