On Tue, Oct 4, 2011 at 10:29 PM, Andres <[email protected]> wrote: > I probably got it wrong. At least I hope I did. But here it goes.
I think you got it right. > What prevents somebody who does not like netsukuku or anybody using it > from causing routing errors using a fake TP like this: Any kind of peer-to-peer mesh network would suffer from such a possible attack. Anyway, I think that the attack would be quite limited to the nearest nodes of the attacker. If an attacker wants to damage a target she has to control nodes very near to him. Consider that if the target is a client user, he would realize quite soon that something is wrong in his neighborhood (MITM attacks should be prevented by the use of SSL as usual) and will take the actions needed to get connected through a different neighbor. If target is a server there are some properties of netsukuku that would complicate the task of the attacker: a. the IP of the server may vary b. the distributed name service is able to associate several IP to a same hostname, with hosts in different parts of the network In conclusion, my message is: 1. The problem of fake TPs is real. We are aware of this. 2. Any kind of decentralized network is prone to problems in presence of misbehaving participants. There are studies on how to handle this, we are aware of this. 3. IMHO these problems are not mining the whole purpose/functioning of the mesh network as much as one could think. 4. In future improvements to the protocol, we'll be trying to minimize the impact of such misbehaving nodes. --Luca _______________________________________________ Netsukuku mailing list [email protected] http://lists.dyne.org/mailman/listinfo/netsukuku
