> You really want to put a port scanner into the reference client? > Uh, take it up with Stephen, but the concept makes me nervous. I > got the impression that sysadmins really take it personally when > someone rattles each door on their house to see if they're all > locked. I'd much rather just tell users to go find the right addy > and port in the first place. Those who want to port scan can use > the source, luke.
Yes, obviously a "real" portscanner would be a serious problem. However, it seems at the moment that, lacking a central freenet server, the solution appears to be word of mouth. ie, "psst, I have a freenet server up on 192.168.0.53, go connect to it".. and the network is setup by lots of these people just peering with others and communicating by word of mouth. A portscanner would be necessary if the ports were randomized, as in many cases, people would likely only provide the hostname. Considering how many people are behind firewalls as well (most ISPs now block ports 137-139 for windows filesharing), this may be a necessity! > Yes, yes, I know about all that. I just meant that trying to > "plausibly deny" that you accessed illegal material depends in > part on the assertion that there is frequent and routine usage > of Freenet for legal purposes. True, in the strictest meaning. The US has gone downhill substantially - it used to be that as long as a tool could be used for legitimate purposes, you could not go into court and presume it was not used for legitimate purposes. Case in point - Joe Average is caught with a pipe and is prosecuted as having drug paraphenalia(sp?). Joe Average's defense could very well be that he smokes tobacco. Joe Average has a plausible reason to counter the accusation, so the legal system shouldn't convict him. That isn't to say they won't... in the US apparently civil liberties are for the rich.. but it does raise the bar. In other words, it is not an imperative that freenet maintain full deniability. It is impossible in an anonymous network anyway as there's no way to verify that the client or server is trustworthy. > Yes, have Freenet use random ports by default. My own motivation > is that it would be helpful to future stego nodes. I hadn't > thought about the "good against DoS attacks" angle, but I'm glad > you mentioned it. :^) I try to think in terms of "If I had to, how would I kill freenet?" and then get as creative as possible. Some ideas are discounted as useless.. for example - if I really wanted to stop freenet, I would grab a pair of scissors and break into my local US West CO. Not very practical though, and it is a felony in addition. OTOH, as a simple example, if I created a client that injected worthless data into the network and then requested it over and over again, after awhile the signal-to-noise ratio would cause freenet to collapse. A counter-defense? At the current stage of development, incorporate trust links into the servers using PKI and only trust queries from servers that have been signed by you, or by people you trust (such as a group of freenet developers?). This mostly maintains the anonymity, but cuts down on the possiblity of bogus traffic to some extent. For more extensive control, some way of identifying the source node(s) for each "key" would be necessary as a minimum. This would ensure that if a node started injecting lots of bogus data, a server operator could catch it and invalidate that node.. and pass the word on via the trust network (perhaps a signed an authenticated "kill" command?) to have the offending node delinked. This would be similar to how IRC works. ~ Signal 11 _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
