Anonymous message reposted from Frost... the attack based on reconstructing the unique ID from an exposed ref sounds plausible. Should the identifiers used in swap requests be random instead?
--- Forwarded message --- It all starts with harvesting refs. On IRC thats doable by just listening to completly public exchanges or (to get a few more) by activly querying them from other bots. On Frost it can be done by doing a few bogus exchanges or exchange requests in this board. Do that continually and you get a nice set of refs. You won't get all but thats not needed, its enough if you get a decent number. Next thing is spying on swap requests. Each swap exchange contains the locations of the exchanging nodes and their peers. It also contains a unique identifier for each of them. This identifier was added by the devs for debugging reasons: They wanted to be able to map the network topology, reconstructing it from the information gathered by the swap requests but there is nothing stopping other people from doing it too. After the reconstruction you have the reconstructed network and know the identifier, location and number of peers for each node. The only thing missing is the IP address. "Luckily" that identifier gets constructed out of parts of the nodes refs and the last time I read anything about it, it was planned to create it only out of not changing parts. If that was implemented that way and reading IRC logs suggests that, you can check for a given identifier if it was constructed out of a certain ref. That way you can map your harvested refs to your nodes in your reconstructed network topology and thus get IPs for them. Afterwards you have a really nice playground to do statistical attacks, with much needed info for each node. This whole attack is only suited to attack random people because if you want to target a certain person but don't have his ref: bad luck or at least it will get a whole lot harder. Still, its enough to possibly cause trouble to random targets and there are enough people who don't care who they hit, as long as they can cause trouble. See the spambot operator for (a rather harmless) example.
