-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/23/2012 10:47 PM, Zlatin Balevsky wrote: > On a global scale, the if the rate of new probe requests is higher > than the rate at which existing ones expire the number of active > probes at any moment will not reach balance. Higher HTL makes a > ddos against the probe mechanism easier; in this scenario the > internal limit of 5 simultaneous probes ends up assisting the > attacker.
Good point. I'm not sure what to do to improve that behavior though. I can add some rate limiting if that looks like it'll be necessary. > Would it be possible to simulate a single-digit HTL network? My > intuition suggests the graph of effectiveness of probes vs. HTL has > a logarithmic shape. Indeed it is possible to simulate, and that was the subject of my second update on this project. [1] My main findings are here, [2] where one can see that it's true that an HTL of 5 or 10 or so could provide pretty good distribution already. evanbd, my mentor for this project, suggested the maximum HTL of 50. Here's some of his reasoning from the #freenet logs: 2012-05-09: "So it looks to me from the graphs like HTL 20 is plenty for the new probes. Which I take to mean we should set the default HTL as at least 30, possibly 40. Because your nice simulated graphs don't have problematic behaviors like clustering or partitioning or whatever :) Basically, I think we should have a fairly high *maximum* HTL (at least 50), and have the actual HTL be a user-specified parameter." 2012-05-19: "And the plan is to send the requests at < max HTL, assuming that we don't need the full 50. It looked from graphs like 20 was sufficient, so I want to send at 30." Thanks, operhiem1 [1] https://emu.freenetproject.org/pipermail/devl/2012-May/036373.html [2] http://imgur.com/a/Z8SBS#2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPvkPRAAoJECLJP19KqmFubrYQAIhYpXGr/vKjwjVGKHMdyKD4 O+ZQUlrabCBojO6aKAxFNMiTPNlnJTijcylzYcTvtTp/K3jx8IgAC/rIlNDUFBXJ mmM/9DoIVHKdLAtG6MEqFnMZO7xU3UnCijL557gp3beMLNvvJ0akP75xXM6vDJhr dFtxA7yysSgydFk4v+aUYm/JntpRuCEAKgR5XyKOo/KeiXIyv4L0zOhoTc5pbf+N bTqfz2Udx1x/liPNcxaznNhB7oxcAwEZFcTacDc44AJ475T2ta4JUnRwoCbNM+Lb VAXl8ArO1oBqrpy1+2GSivyz4pKNKvU7ItJR6/ok/TX3rePjUNkbYrx92NfidDZ5 vjkc8BR1C2NiGa5gC0PySK40tJYwNnOAnTSYusnSaEIIXE0YrDuM3WXJsyQE2i/v +V88os8J8rIdygzQDsukjD7krCuR0WCJDDalF19NkI+fiCdMF15KbJlWaGYBwtl+ rBeWSdHd9QrtTyZR/721YWOWj9tMUirK0xXKFe1LZh+tIG61xkSBYXZlqbpvbnJv A9UGcvPBIw3tFTel+VR0NsjVhmsbmdyZdxCI8je3lc6y0iDE1IsgvdTWxpK8Ix1R jjIEUcGK+ft7zFKXZx6UGFfezLaDvjX7VrNbCMSReAbz0Go0IuVDv3vY17LTtR2k 4jcYo5sZxYWlDZYPX1Cx =kWS1 -----END PGP SIGNATURE-----
