On Thursday 07 August 2003 05:23 pm, Toad wrote: > So how are we going to measure them? 2 simple possibilities: > 1. We reject requests after we have N connections open. > Attack: simple client side snail attack. Request N large files that you > know the node has, and read from them as slowly as possible. You do not > need to know anything special about the node for this as you can insert > those files - in fact, this attack would probably work better as just > inserting N files simultaneously, very slowly. > 2. We reject requests after transfers are using more than some > proportion of our outbound (for example) bandwidth limit. Attack is a > little harder: attacker needs bandwidth greater than or equal to this > proportion of the victim's bwlimit. Insert a single huge file at HTL 0. > When finished, do it again. Repeat indefinitely. > > The former is IMHO not acceptable. The latter, well, maybe we can put up > with, since there are many ways to disable a node if you have more > bandwidth than it has and you know where it is. Especially in the > absence of NIOv2. Either attack will prevent the node from serving any > useful traffic to the rest of the network.
Why not just limit the number of transfers on a per node basis? If the node is transferring slowly, that just means THEY can't get any more files. _______________________________________________ devl mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org:8080/cgi-bin/mailman/listinfo/devl
