On Sunday 17 Jun 2012 05:58:41 Steve Dougherty wrote: > A few updates - some of these were a result of the meeting. Thanks go > to evanbd, TheSeeker, toad_, and zab_ for their insight and > suggestions during the discussion. > > * The release scripts should now package source tarballs such that > they extract into a single directory instead of spewing stuff all > over. [1] > * Probes: (all these changes are reflected in the pull request) [2] > * Add probe type which returns node location. [3] > * Change DoS protection counters to per-peer. [4][5] > * Add random short delay before sending response. [6] > > It seems there's some debate over whether the probabilistic decrement > at HTL = 1 is worth doing, given that directly connected nodes can be > interrogated by flooding them with requests at HTL = 1 and checking > which response or collection of responses makes up 20% (local response > probability) [7] of the total. My thought is that if an adversary is > directly connected it's already game over, and so it's not fruitful to > consider this situation.
Yes. However, DoS protection should be a little stronger than has been discussed: You should limit the average number of probes on a given link per unit time, like we do with swapping. This should probably be an average, and should be generous enough that it isn't going to be violated by accident, but it's preferable to having a limit on in-flight probes, as it will quench any flood more or less at source, and the attacker will be limited by the number of connections he has (at least on darknet, connections are expensive). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20120619/ed24cd21/attachment.pgp>
