I'm not sure what we can do about this. If we are to include UIDs for our peers then we must know them. Is it necessary that we only know them if we've actually connected to them rather than deriving them from the (fixed) identity in the noderef? The attack is viable - if you have all the noderefs, then watching the swaps you can reconstruct which node is connecting to which. What can you do with that? Probably some fun things - but details would be nice.
On Saturday 21 July 2007 20:51, Michael Rogers wrote: > Anonymous message reposted from Frost... the attack based on > reconstructing the unique ID from an exposed ref sounds plausible. > Should the identifiers used in swap requests be random instead? > > --- Forwarded message --- > > It all starts with harvesting refs. On IRC thats doable by just > listening to completly public exchanges or (to get a few more) by > activly querying them from other bots. On Frost it can be done by doing > a few bogus exchanges or exchange requests in this board. Do that > continually and you get a nice set of refs. You won't get all but thats > not needed, its enough if you get a decent number. > Next thing is spying on swap requests. Each swap exchange contains the > locations of the exchanging nodes and their peers. It also contains a > unique identifier for each of them. This identifier was added by the > devs for debugging reasons: They wanted to be able to map the network > topology, reconstructing it from the information gathered by the swap > requests but there is nothing stopping other people from doing it too. > After the reconstruction you have the reconstructed network and know the > identifier, location and number of peers for each node. The only thing > missing is the IP address. > "Luckily" that identifier gets constructed out of parts of the nodes > refs and the last time I read anything about it, it was planned to > create it only out of not changing parts. If that was implemented that > way and reading IRC logs suggests that, you can check for a given > identifier if it was constructed out of a certain ref. That way you can > map your harvested refs to your nodes in your reconstructed network > topology and thus get IPs for them. > Afterwards you have a really nice playground to do statistical attacks, > with much needed info for each node. > This whole attack is only suited to attack random people because if you > want to target a certain person but don't have his ref: bad luck or at > least it will get a whole lot harder. Still, its enough to possibly > cause trouble to random targets and there are enough people who don't > care who they hit, as long as they can cause trouble. See the spambot > operator for (a rather harmless) example. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20070725/2e807417/attachment.pgp>
