-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/02/2010 10:49 PM, xor wrote:
>> For example, we could make 1) more difficult if, any time we see two peers
>> in the came class-B address range, we disconnect from both of them, or at
>> least never route anything to either of them.
>
> Restricting the amount of connections from an IP subnet is definitely
> something
> which should be implemented.
>
> However this might screw up performance because it might lead to people being
> only connected to peers which are long-distance in terms of the Internet....
> In the worst case you will only have peers from another country because some
> countries have quasi-monopolistic ISP structures: For example in Germany
> there
> is a large variety of ISPs but many of them use the backbones of the former
> federal phone company which was converted to a private company less than two
> decades ago and therefore still has the best infrastructure....
>
> Therefore, it should probably only be enabled with the "NORMAL" security
> level... and it should be investigated how it behaves in practice.
>
> One useful measurement for that would be obtaining a "IP => Country" map and
> displaying a country flag next to each peer, then even non-Freenet-engineers
> could figure out whether their node is well connected.
>
> Further, I propose an additional and easier to implement improvement against
> this attack: Provide a configuration option "Do not connect to strangers from
> my country" which prevents Opennet connections to peers from the same
> country...
> - Attackers are very likely to be from the same country, both federal and
> commercial ones.
While it's true i still hear of some ISPs in different countries which charge
disproportionate amount for the traffic between countries. I had an accointance
from Portugal, and he said that it was only "2-3 am" when he had free traffic
from other countries, and within Portugal it was free 24/7 (well after the
monthly charges).
Also you will slow down the connection in some places (like Ukraine) where
within the country the connection is quite fast, but it's complete rubbish to
the outside world.
So what this feature can lead to is once again people going and looking to
establish darknet connections to *just anybody* in their own country, making the
things worse rather than better.
- Volodya
- --
http://freedom.libsyn.com/ Echo of Freedom, Radical Podcast
"None of us are free until all of us are free." ~ Mihail Bakunin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJM+Jf8AAoJENW9VI+wmYasKmUIALKoAbqdW2SlHJGfa0dFcqP0
/HQ1NlCSn67zgiwWpsAp1oE5c3uVPkGr7mAyGiyDcO7hiOjvqj2S5nPTFgBPpKA1
ZV/HwEdp+WQbxrjabbbQt0hME4i9FyIff8EZqJmbwm4Sob5tVhQhmubu+zd5PUOQ
aBKy/wcaxF3gjG2U+3Krll6fJ86fNE+3t5mKHD+mPLBbeNkAhkDxJPXW44hAxdTu
vAaX9neeC7tNCuSUsOisev7LBDRt1D/82Vw17l5Lcst1mPL4d8DiyS8+HyIvp0Tw
UKTPgbYVMgpDzZV6Z0cCXZzBAXJLOb3ZJb0oJfBbzNhg6F7k3ecB+ljDsLabkp0=
=vKeS
-----END PGP SIGNATURE-----
_______________________________________________
Devl mailing list
[email protected]
http://freenetproject.org/cgi-bin/mailman/listinfo/devl
