On Friday 03 December 2010 07:11:04 Volodya wrote: > On 12/02/2010 10:49 PM, xor wrote: > >> For example, we could make 1) more difficult if, any time we see two peers > >> in the came class-B address range, we disconnect from both of them, or at > >> least never route anything to either of them. > > > > Restricting the amount of connections from an IP subnet is definitely > > something > > which should be implemented. > > > > However this might screw up performance because it might lead to people > > being > > only connected to peers which are long-distance in terms of the Internet.... > > In the worst case you will only have peers from another country because some > > countries have quasi-monopolistic ISP structures: For example in Germany > > there > > is a large variety of ISPs but many of them use the backbones of the former > > federal phone company which was converted to a private company less than two > > decades ago and therefore still has the best infrastructure.... > > > > Therefore, it should probably only be enabled with the "NORMAL" security > > level... and it should be investigated how it behaves in practice. > > > > One useful measurement for that would be obtaining a "IP => Country" map and > > displaying a country flag next to each peer, then even non-Freenet-engineers > > could figure out whether their node is well connected. > > > > Further, I propose an additional and easier to implement improvement against > > this attack: Provide a configuration option "Do not connect to strangers > > from > > my country" which prevents Opennet connections to peers from the same > > country... > > - Attackers are very likely to be from the same country, both federal and > > commercial ones. > > While it's true i still hear of some ISPs in different countries which charge > disproportionate amount for the traffic between countries. I had an > accointance > from Portugal, and he said that it was only "2-3 am" when he had free traffic > from other countries, and within Portugal it was free 24/7 (well after the > monthly charges). > > Also you will slow down the connection in some places (like Ukraine) where > within the country the connection is quite fast, but it's complete rubbish to > the outside world. > > So what this feature can lead to is once again people going and looking to > establish darknet connections to *just anybody* in their own country, making > the > things worse rather than better.
Only if it's easy to do that. As I have explained countless times, ANYONE you know personally, whether online or offline, is a good darknet peer. The only case where they are not a good darknet peer (compared to the alternative of running opennet) is if you used a matchmaking service specifically for getting Freenet peers, e.g. an IRC channel. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20101203/616360c7/attachment.pgp>
