On Jan 31, 2008, at 11:03 AM, Robert Hailey wrote:
How do you authenticate the routed pings, to prevent an attacker from
replying on behalf of another node?
Excellent question. Surely the "true/false" response of present is
woefully inadequate. Since we have a direct connection to the peer
that we are pinging a challange-and-response mechanism is easy, no?
Consider node "B" who is between "A" & "C" (A-B-C). He tells "C" a UID
& Secret [a randomly generated long?], and "C" stores that secret/uid
as part of our peernode record. Node "B" then sends node "A" a routed
ping with the same UID, and if node "A" returns the pong with the
correct secret it is a success.
I was supposing that these pings would be sent at less-than-max htl
(since we are not searching the network but doing a connectivity
test), but wouldn't that possibly allow an attacker to learn who your
peers are?
That is, if an attacker has a node connected to your node and your
peers node, he could put together the ping from yours, the reply from
your peer, plus the fact that the reply comes from a node of the same
location as the ping, and be reasonably sure he is your peer. Whereas
with the probabilistic decrement at the real maxHTL, they could not be
nearly so sure.
--
Robert Hailey
_______________________________________________
Devl mailing list
[email protected]
http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
