* Michael Rogers <m.rogers at cs.ucl.ac.uk> [2008-07-19 11:45:17]: > Matthew Toseland wrote: > >> Atm the only limit is the size of the field in the DMT message. We allow > >> a ShortBuffer which is 32kB... A double is 8 bytes meaning that the bad > >> guy can advertise 4000 locations. > > > > This leaves two possible attacks: > > 1) Use swapping to work out our peers' peers, and do the 1-at-each-side > > attack. > > 2) Just advertise tons of locations. > > > > /me notes that if the advertisement packet is over 1kB we may run into > > severe > > MTU problems on many connections ... so we could limit it to 128 for > > practical reasons. But that would certainly be enough for attack 1 and > > probably enough for attack 2. > > Opennet peers are currently limited to 20 and total peers are limited to > 100, right? So we shouldn't accept more than 19 locations from an > opennet peer or 99 from a darknet peer (who we hopefully trust not to > attack us anyway).
As far as I know there is no hard limit on darknet... A warning is displayed if we have over 30 peers but that's all. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080719/e4844d4b/attachment.pgp>
