On Thu, Dec 2, 2010 at 5:28 PM, Matthew Toseland <toad at amphibian.dyndns.org>wrote:
> On Thursday 02 December 2010 19:49:19 xor wrote: > > > For example, we could make 1) more difficult if, any time we see two > peers > > > in the came class-B address range, we disconnect from both of them, or > at > > > least never route anything to either of them. > > > > Restricting the amount of connections from an IP subnet is definitely > something > > which should be implemented. > > > > However this might screw up performance because it might lead to people > being > > only connected to peers which are long-distance in terms of the > Internet.... > > In the worst case you will only have peers from another country because > some > > countries have quasi-monopolistic ISP structures: For example in Germany > there > > is a large variety of ISPs but many of them use the backbones of the > former > > federal phone company which was converted to a private company less than > two > > decades ago and therefore still has the best infrastructure.... > > Well, from a security point of view, connecting mostly to people in other > jurisdictions is probably a good thing. > > > > Therefore, it should probably only be enabled with the "NORMAL" security > > level... > > Right. > > > and it should be investigated how it behaves in practice. > > Yeah... > > > > One useful measurement for that would be obtaining a "IP => Country" map > > Care to find one? > http://www.maxmind.com/app/geoip_country > > > and > > displaying a country flag next to each peer, then even > non-Freenet-engineers > > could figure out whether their node is well connected. > > I don't see what you mean by well-connected here. > > > > Further, I propose an additional and easier to implement improvement > against > > this attack: Provide a configuration option "Do not connect to strangers > from > > my country" which prevents Opennet connections to peers from the same > > country... > > - Attackers are very likely to be from the same country, both federal and > > commercial ones. > > > Interesting possibility, similar to some other networks. I'd be a bit > worried about impact on routing - given the small performance bias in > opennet, isn't it possible that the nearby peers location-wise are all in > your country? > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://freenetproject.org/cgi-bin/mailman/listinfo/devl > -- I may disagree with what you have to say, but I shall defend, to the death, your right to say it. - Voltaire Those who would give up Liberty, to purchase temporary Safety, deserve neither Liberty nor Safety. - Ben Franklin -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20101207/74acc846/attachment.html>
