On Friday 08 February 2008 00:24, Michael Rogers wrote: > Matthew Toseland wrote: > > There is no request quenching at the moment: if there are > > bazillions of requests for a specific key, these will be rerouted according > > to failures to produce an exhaustive network search, and when it is found, > > the data will be rapidly propagated to all requestors/subscribers. > > This is very cool stuff and I'm sorry to be a dick and immediately look > for problems, but could ULPRs be used to launch a sort of "flash flood" > where the attacker trickles out requests for an unavailable key until > the key's ULPR web fills the whole network, then releases the key, > flooding it through the network?
IMHO this is a weakness in per-node failure tables. We should have some limit on the degree to which one node can cause the entire network to be searched for a specific key. Having said that, there are *some* limits already e.g. the number of requests he can make and have accepted. > > I realise the data wouldn't travel across every link because of the > offer/accept mechanism, but it would still visit every node once, which > is a decent multiplier for a DoS attack. Only if he can get requests through every node. As he can by for example flooding a Frost KSK queue right now. > > Cheers, > Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080208/06402145/attachment.pgp>
