On Thursday 14 February 2008 14:10, Michael Rogers wrote: > Matthew Toseland wrote: > > The datastructure implementing this is limited to 10,000 keys > > on each node (this will take up some RAM). > > Hmm, so how much bandwidth does an attacker need to spend sending ULPRs > for nonexistent keys before subscriptions for real keys start getting > pushed out of the data structure, breaking up the subscription trees for > those keys? > > The attacker needs to make 10,000 requests per hour to overflow a peer's > data structure... less than 3 per second. Assuming ULPRs are 1000 bytes > including overhead, an attacker with a 10 Mbps connection could affect > 450 opennet peers. > > "Ultra-lightweight" could actually be a disadvantage here, because if > the peers can easily handle that number of requests they won't throttle > the attacker.
No, he has to do a real request to get a ULPR subscription. Therefore it is subject to all the normal throttling mechanisms. > > Cheers, > Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080214/c9308a34/attachment.pgp>
