On Fri, Sep 23, 2005 at 12:49:51PM +0200, freenetwork at web.de wrote: > >> Then what is the implication of border nodes always resetting Source to t= > >hemselves? > >>=20 > >> I think that would bring to light that they are border-nodes between the = > >open and the closed network. > > > >What alternative do you suggest? > > - conceal infrastructure: make anything look like the border node initiated > the request; reset DataSource to itself and use maxHTL or any other fixed > value for that to cleanly separate the darknet from the opennet and the > opennet from the darknet
Initiated the request? I don't understand. The DataSource is the *node which supplied the data* (or it is a node which has reset it). > - don't interact with data: route but don't store returned data (from > open->dark and dark->open) in the data store of the border node so it's not > possible to probe the store for requests of either net Why is this beneficial? > > >> Analysis could be done because those border nodes often route requests wi= > >th an HTL < maxHTL (because the request went some time through the darknet)= > > although they pretend to be the Source; correlation attacks (border nodes = > >tend to have a higher correlation=20 > > > >We are talking about DataSource here. The node which answered, not the > >one which queried. > > you're right if the request has no RequestSource or anything like that. Of course not, that would be *extremely* unwise. > > >> "randomness" by previous darknet routing steps than nodes requesting the = > >files all by themselves); network harvesting with connection analysis (an h= > >arvested opennet node has X routes to other nodes, analysis would reveal th= > >at this node has X connections to other=20 > >> nodes; border nodes have X to opennet and Y to darknet, a harvesting woul= > >d only find the X links but network analysis would reveal X+Y links -> bord= > >er node, possible entry point into the darknet: now either send Those Guys = > >or disconnect every border node found to=20 > >> separate the smaller darknet from the well-known opennet) > > > >Possibly. Traffic analysis is a threat and always will be; it is easier > >if they know of one node in the first place. The hope is that it is > >expensive and tends to produce false alarms, especially if we use some > >stego. > > yeah, but how to stego high volume, long lasting bi-directional UDP > connections creating a mesh? > Therefore packet-stego won't be sufficient (simulated database-cluster, NFS?, > WebDAV, SOAP-RMI, FTP? or even a P2P protocol?) Doesn't have to be over UDP. We will have pluggable transports. With at least two classes (UDP-like and TCP-like), and some parameters (e.g. packet size). SSH, FTP, VoIP, SSL, WebDAV, possibly some gaming protocols; there are many options, but if our opponent can do (semi-global) traffic flow analysis they may be able to make some headway. Currently traffic flow analysis is rather expensive but possible, but it tends to produce false positives. -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20050923/5d344b04/attachment.pgp>
