On Tue, Jan 02, 2001 at 04:25:29PM +0000, Matthew Toseland wrote:
> A cancer node can do the following Bad Things:
> a) return a bad KSK
> b) not find a key and take up excess HTL or clock time
> c) log connections, node addresses, etc
> a) is your own fault for using KSKs; they are necessary to bootstrap the network,
>mostly. Hence a potential DoS
> b) will normally be routed around. a targeted cancer node could behave normally for
>most keys, and drop a few known keys. if the user then tries again immediately, the
>cancer node would still be closest to the target key, so would permanently block the
>request? what attacks are possible here? workarounds include parallel requests after
>a certain time, but that screws scalability and is possibly ungood for anonymity?
> c) is pretty much unavoidable, although a closed trust network may be able to
>minimize this.
Actually, these are just malicious things that a node can do. Only A is
part of a cancer, and you have missed the main point of attack of the
cancer node - it sets the DataSource to itself (or another cancer node) on
every message it passes. This is why I call it a cancer, it literally
eats it's way through the routing tables replacing more and more good node
references with references to the cancer.
There are two different kinds of cancers, dishonest and honest ones (I
would call them malignant and benign, but that is a little too morbid,
and honest cancers do grow). The dishonest cancer is the worse variety -
it sends back random data on every request it gets, destroying both the
validity of Freenet's data and compromising the routing table. The secure
keytypes have more or less solved the dishonest cancer attack - it's still
possible with a dictionary attack against KSKs, but pretty unlikely.
The honest cancer node, on the other hand, will continue the request like
usual, return the valid data, but always reset the DataSource to itself.
Basically the honest cancer is just a very very good member of society,
doing more work then any other node until it controls so much of the
network that it is in an excellent place to start doing all the evil
things that malicious nodes can do.
We have no solution to the problem of the honest cancer (not even Mr.
Bad's "lets break freenet" proposal really helps). In many ways it is a
root hack of everything that Freenet is, because it uses the very
efficiency of the algorithm against the network (think about it - the
better Freenet's self organizing works, the better this attack works).
Reseting the datasource more often would seem to slow the attack - but my
simulations showed that taking an immediate toll on efficiency.
The good news is that such an attack takes a lot of effort, and that for
it to work the cancer operator has to be ready to handle all the data
going through the system. The bad news is that we have enemies with that
sort of capacity...
--
'DeCSS would be fine. Where is it?'
'Here,' Montag touched his head.
'Ah,' Granger smiled and nodded.
Oskar Sandberg
[EMAIL PROTECTED]
_______________________________________________
Freenet-dev mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
