-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----- Anonymous ----- 2011.01.29 - 12:36:22GMT -----
I think this board is more appropriate: ==== Board: successful ==== Subject: Re: Webcam - [censored] === - ----- Request: Inglorious Basterds ----- 2011.01.23 - 07:31:01GMT ----- It might actually be possible to determine the ip address of the person inserting the spam. 100,000 messages a week is a lot of messages. You don't need to know the CHK key first just how to determine if the KSK key is broken. Many in this group run 24/7 and if we end all with the same ip as the one inserting the most spam based over a sample of 10 nodes running the patch I would figure that is fairly clear it really is that node. - ----- Anonymous ----- 2011.01.23 - 14:49:59GMT ----- That's a funny message for the spambot to repost ;) - ----- Convict ? 19682?@ODNPfyzW6zsBykdOYM_SItF+oDo ----- 2011.01.28 - 19:38:05GMT ----- A good idea actually. Firstly it would be a good stress test for Freenet to see if that could be done, and then, if it could at least no real person will get hurt, only a bot. - ----- Anonymous ----- 2011.01.28 - 22:34:19GMT ----- Does anybody here have an idea how this could actually be done? - ----- Anonymous ----- 2011.01.29 - 12:30:46GMT ----- Guess, it will require customized node. AFAIK, no ready-to-use tools exists now. Start ULPR request for few expected-to-be-inserted-soon keys, look which node will answer first, connect to her peers, repeat and rinse. This is so called "mobile tracker attack". - ----- Anonymous ----- 2011.01.29 - 18:24:35GMT ----- Hmm, you do realize that if you manage to do that, you've just broken Freenet's security in a pretty fundamental way, right? If such a thing (tracing the source of an insert) were possible or doable, there's no reason why it shouldn't be done right now by a more determined and resourceful attacker (think LEA). Of course, they wouldn't care to go after some spammer, the obvious first (and easier) targets they would hunt down would be the child porn inserters. If you do succeed in pulling that off (which I doubt), at the end of the day, you'll only achieve to scare away Freenet's largest group of users. Freenet node counts would drop by the thousands ;)) - ----- Anonymous ----- 2011.01.29 - 19:43:13GMT ----- So what? If it is broken, it is broken. Better realise this. Ask toad if you doubt (Why do you think devs always talk about dangers of reinserts and publishing key before finishing insert? Exactly because of this attack - you inserting predictable keys, so you can be tracked). - ----- Anonymous ----- 2011.01.29 - 22:16:40GMT ----- +1 for that. - -- http://freedom.libsyn.com/ Echo of Freedom, Radical Podcast "None of us are free until all of us are free." ~ Mihail Bakunin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNRPXQAAoJENW9VI+wmYasU70IAIVSGAfNnxSDn1jgrH2MISTJ 4Hb4FdpvlJTjnGU0WaLyhSxBpEUXwqHpEvMz+YuJOEnZNu2pm8xnnujwURE7Peuc 36Qjp4zvp/FIc9B7IGdOOLFiXUeCRH02Ji10VqF21Oh92J8m6bpxFwBimIO60eBt Qy6g9Ghp3lBin6H0L+VNL2m+US5gaaVtAIfm+RtlcFfxM8+qetj8/iEuPrYdcg8e cBMuBLvCJtmHjOSu4tXfRmDECSv9T/qo1+bTu6fgs39FXRqTmU+j96HxM33Rv8rY GQp0l/CNErGP/w7fQSMbG2gjyH8RiDq/p1sURTGFl3TPePzHmsiz2wbGcsBW2LU= =wsAQ -----END PGP SIGNATURE-----
