On Saturday 19 July 2008 11:45, Michael Rogers wrote: > Matthew Toseland wrote: > >> Atm the only limit is the size of the field in the DMT message. We allow > >> a ShortBuffer which is 32kB... A double is 8 bytes meaning that the bad > >> guy can advertise 4000 locations. > > > > This leaves two possible attacks: > > 1) Use swapping to work out our peers' peers, and do the 1-at-each-side > > attack. > > 2) Just advertise tons of locations. > > > > /me notes that if the advertisement packet is over 1kB we may run into severe > > MTU problems on many connections ... so we could limit it to 128 for > > practical reasons. But that would certainly be enough for attack 1 and > > probably enough for attack 2. > > Opennet peers are currently limited to 20 and total peers are limited to > 100, right? So we shouldn't accept more than 19 locations from an > opennet peer or 99 from a darknet peer (who we hopefully trust not to > attack us anyway).
Hmmm... currently, we decrement the opennet peers limit for every connected darknet peer. So if we are connected to a peer via opennet, it should only have 20 peers including us, full stop. Of course, on darknet, it can have as many peers as its owner can obtain. Would this solve the problem, at least on opennet? > > Cheers, > Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080719/260dd54e/attachment.pgp>
