Hi David, On Wed, Jun 06, 2001 at 02:00:00AM +1200, David McNab wrote: > While debugging FreeWeb, I wrote a test prog that inserts a random number of > random length files each containing random data. > > From this, a major Freenet vulnerability occurred to me. > Freenet dev probably discussed this back at the time of the ark (please > excuse me if so), but in case no, here goes. > > What defense does Freenet have against orchestrated DOS attack? > > I mean, a total arms race situation. Army of spammers versus Freenet. > > Anyone can write a prog to insert millions of files into Freenet, through > FNP, via nodes harvested from inform.php. This would stop most or all good > data from being visible, and keep everyone's datastore full of spam. > > Imagine a thousand or so spamming nodes, each hitting inform.php, and > intermittently FNP'ing terabytes a day of bulk spam to discovered nodes! > We'd have a Freenet full of white noise :(
Actually, its far worse than that. Far worse than inserting data, requesting data destroys information on freenet. Its a kind of "force multiplier". If (say) it takes on average 6 hops to find something, then for every 1MB you request, you trash 6MB of other data, assuming the requested data are not cached. So, the best way to DOS freenet is to spider over freenet and continuously request data. Then, loop through your list of URLs and make sure to only request an URL again after requesting at least an amount of data equal to the average datastore of each nodes out there. If you really hate a particular URL, make sure to never request it. This will ensure that every node never has what you ask for, and will request the data further away from you, trashing a further 6MB worth of data further out on the network. With time, the average number of hops will increase, and the amount of damage a single request does will increase with it. A coordinated attack would involve multiple nodes building an URL list, then making sure that they only request URLs far enough apart in the shared list to ensure thrashing the nodes nearby. Requests that fail do not destroy data and should eventually be dropped. The end result will be that the total capacity of the freenet will be approximately the size of an average node datastore. The fix for this is trivial, and will be left as an exercise for the reader. :-) Cya, Ray > > This is something the Chinese government would definitely stoop to. > > Ideas for defenses anyone? > > Cheers > David > > > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://lists.freenetproject.org/mailman/listinfo/devl _______________________________________________ Devl mailing list Devl at freenetproject.org http://lists.freenetproject.org/mailman/listinfo/devl
