On Thursday 03 Jan 2013 17:31:12 Matthew Toseland wrote: > On Wednesday 02 Jan 2013 23:40:08 Matthew Toseland wrote: > > On Wednesday 02 Jan 2013 18:54:45 Matthew Toseland wrote: > > > On Friday 28 Dec 2012 13:34:26 Arne Babenhauserheide wrote: > > > > Am Montag, 24. Dezember 2012, 21:11:55 schrieb Robert Hailey: > > > > > With that being said, the scarce resource (in theory) would be > > > > > location > > > > > (detectable by network address), because an attacker simulating many > > > > > nodes > > > > > would likely have them in a very confined space (like a server closet > > > > > or a > > > > > few buildings here-and-there), and could not spoof a wildly different > > > > > location because it would interfere with routing. > > > > > > > > Except if he just bought some time on one of the million-computer > > > > botnets for > > > > doing the attack. > > > > > > Yes, I'm putting that sort of thing in the "expensive attacks" box. > > > > > > > > But aside that: If we can marry your idea with transport plugins, that > > > > might > > > > be an option to create scarcity at least for some transports. Freenet > > > > could > > > > then prefer scarce transports over abundant transports - if available. > > > > > > Maybe. > > > > > > Even without rewiring the internet, we have several resources we can use > > > that provide at least some level of scarcity that we can maybe throttle > > > by: > > > - CAPTCHAs > > > - IP addresses > > > - ASN lookup of IP addresses. > > > > > I have lots of detailed ideas on this, will post shortly when I can get > > them together in a usable form. The limiting factor is it's hard to > > distinguish between "attacker creates 5000 nodes on a single AS" versus > > "slashdot causes lots of newbies on a single AS". We can still improve a > > lot on the status quo though. > > > MAJOR ATTACKS FOR OPENNET (stuff we could maybe limit by tinkering with > announcement etc) > - Announce to chosen location. Component of many easy attacks, e.g. MAST, > some published stuff. > - Create lots of (malicious) nodes cheaply/quickly. That probably means a > single datacentre/host, i.e. on the same AS. > - Connect to all/many nodes but only with a few connections each. (With > tunnels this is useless) > - Surround targeted nodes. (Not necessarily all nodes) > - DoS attack against announcement. > - Dominate the keyspace/topology and thus control a large proportion of > tunnels etc. > > ESSENTIAL STUFF: > > Threadless announcement. (But keep some limits) https://bugs.freenetproject.org/view.php?id=5588
> Depth first announcement. https://bugs.freenetproject.org/view.php?id=5589 > General debugging of announcement. Announcement remains hideously slow and unreliable. It is quite possible that this is the result of bugs; previous sessions of debugging announcement have often found problems. https://bugs.freenetproject.org/view.php?id=5591 > Automatic seednode collection. https://bugs.freenetproject.org/view.php?id=1910 https://bugs.freenetproject.org/view.php?id=1911 https://bugs.freenetproject.org/view.php?id=1912 Consider the opennet-changes branch. https://bugs.freenetproject.org/view.php?id=5590 > > IMPORTANT STUFF: > > Collection of stats by Autonomous System Number on individual seednodes. https://bugs.freenetproject.org/view.php?id=5592 > ASN limiting of peers on opennet nodes. (Better than country limiting, but > maybe we should offer that too) https://bugs.freenetproject.org/view.php?id=5594 > Basic seednode capture prevention. (TODO I will send another mail / file a > bug with details) https://bugs.freenetproject.org/view.php?id=4374 (Already filed apparently) > > LOAD MANAGEMENT FOR ANNOUNCEMENTS: > > Look into estimating the network's capacity for announcement and then > rejecting announcements over that limit. https://bugs.freenetproject.org/view.php?id=5595 > Consider measures against DoS from a single AS; prefer other AS's if there is > a sudden spike on only one AS, or something. https://bugs.freenetproject.org/view.php?id=5596 > > SUPER-SEED ARCHITECTURE: Created bug for this, but that doesn't necessarily mean we want to use it: https://bugs.freenetproject.org/view.php?id=5587
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
