On Jan 31, 2008, at 11:03 AM, Robert Hailey wrote: >> How do you authenticate the routed pings, to prevent an attacker from >> replying on behalf of another node? > > Excellent question. Surely the "true/false" response of present is > woefully inadequate. Since we have a direct connection to the peer > that we are pinging a challange-and-response mechanism is easy, no? > > Consider node "B" who is between "A" & "C" (A-B-C). He tells "C" a UID > & Secret [a randomly generated long?], and "C" stores that secret/uid > as part of our peernode record. Node "B" then sends node "A" a routed > ping with the same UID, and if node "A" returns the pong with the > correct secret it is a success.
I was supposing that these pings would be sent at less-than-max htl (since we are not searching the network but doing a connectivity test), but wouldn't that possibly allow an attacker to learn who your peers are? That is, if an attacker has a node connected to your node and your peers node, he could put together the ping from yours, the reply from your peer, plus the fact that the reply comes from a node of the same location as the ping, and be reasonably sure he is your peer. Whereas with the probabilistic decrement at the real maxHTL, they could not be nearly so sure. -- Robert Hailey -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080201/88402788/attachment.html>
