On Wednesday 29 October 2003 12:11 pm, Toad wrote: > On Wed, Oct 29, 2003 at 11:43:37AM -0600, Tom Kaitchuck wrote: > > I think the original attack mentioned would not work, because it would be > > distributed across all keyspace, so It would merely decrease the average > > pDNF would decrease with no net effect on routing. However if it were > > targeted at a particular aria of keyspace it would decrease the preserved > > specialization of that aria until in was instead routed somewhere else > > and the decrease that until it were routed somewhere else. So it would > > have the effect of continually trying to reduce the effectiveness of the > > best node to that of the second best node. However at the same time all > > the other nodes are are requesting normally. So assuming that normal > > requests are just as capable of normalizing the estimates as the attacker > > is of skewing it, then this effectively becomes a battle of resorces > > between the rest of the network and the attacker. However the rest of the > > network is not aware that it is compeating, and the attacker's resources > > can be targeted. So it is probably possible for a single attacking node > > to generate the same number of requests to a small aria as the rest of > > the network. Assuming that it has the same bandwidth as the aria it is > > attacking, and the nodes being attacked is normally exactly at capacity, > > then the the attacker will be successful in diverting traffic half the > > time. If they have twice the bandwidth then it will 2/3rds of the time, > > etc. > > Your logic completely escapes me. And it's not about bandwidth. It's > about a large number of queries concentrated into a very tiny space in > terms of keyspace.
I'm assuming the the number of requests that they can make is proportional to their bandwidth. I am also assuming that load balancing works correctly and at any given time the number of requests sent to any given node is exactly the maximum that they can process. > > So to limit this and other flooding biased attacks, I think we should > > create a node blacklist, where your node will simply disconnect from, and > > for a time, ban any node that demonstraights significantly deviant > > behavior. One must also take care that anything that puts a node on a > > black list is not propagated down any single request line so you don't > > end up banned yourself. > > No use. Node identity is free. Web of positive trust is the only way to > make it non-free, and not only is that a big implementation issue, it's > a huge social problem. Humm, perhaps make noderefs contain some sort of complex calculation biased on the IP and then have somesort of system where nodes can insert references of misbehaving nodes and if a sufficient number of nodes voted one as bad nobody could connect to it. Of course all this is fraught with problems. Surely someone can come up with a better solution. _______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
