On Mon, Sep 22, 2003 at 10:41:04PM +0100, Toad wrote: > From time to time, reimplementing TCP, or using UDP, has been suggested > for Freenet. I will now show that Freenet's future security requires it. > An attacker who can observe the traffic to and from a node, and who can > introduce a tiny amount of traffic, can close any TCP connection between > the node and the rest of the network, with virtually no effort, and > perhaps using spoofed packets. Thus, the ability to surveil a Freenet > node and spoof a tiny number of packets equates to the ability to > destroy the node in question. > > Why is this crazytalk?
Firstly, a DoS attack on a known Freenet node is always going to be possible because a DoS attack on any given IP address, irrespective of what services it is running, is within the capability of the average 12 year old script kiddie. An attacker with the ability to monitor a node's communications will presumably have the ability to just cut off that node's internet connection too - they wouldn't even need to bother with the attack you describe. Ian. -- Ian Clarke [EMAIL PROTECTED] Coordinator, The Freenet Project http://freenetproject.org/ Weblog http://slashdot.org/~sanity/journal _______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
