On 1/9/07, Elias Athanasopoulos <[EMAIL PROTECTED]> wrote:
Well, DHTs can be also abused. A node can still lie in its entrance. See a similar paper that (mis)uses Overnet for example: http://portal.acm.org/citation.cfm?id=1146894&dl=acm&coll=&CFID=15151515&CFTOKEN=6184618
Another very interesting paper! And, yeah, DHTs certainly still have a lot of open issues. Even when you shore them up against known weaknesses, it's still easy to be a bit apprehensive about their relative youth. A couple of caveats with the Polytecnic paper (which is quite a good read, btw -- thanks for the ref): - the index poisoning attack is very Overnet specific, or at least very filesharing specific. That doesn't make it invalid, and certainly there can be similar avenues of attack in non-filesharing p2p systems, but its hard to see how this attack is generally applicable across the board. - the route poisoning attack can be prevented by a) following the suggestion in the Non-transitivity paper [1] to eliminate blind trust by only adding valid peers to the routing table and b) using self-certifying node identifiers. It doesn't seem that self-certifying IDs occurred to the authors. The closest they come is their mention of using "encryption and closed-source software, so that nodes can only be announced by themselves. But those techniques can often be reverse-engineered and circumvented." True, but self-certifying IDs don't rely on closed-source software, and circumventing the encryption is, well... if you can do that you've probably got more valuable targets than p2p networks. Using strong, unforgeable IDs goes a long way towards not allowing nodes to inject any perceptible damage into the routing overlay. A massive sybil attack could still cause routing corruption, but there are countermeasures against that as well, even though they are not 100% effective. The question of how to deal with NATs and specifically the mechanisms used in FastTrack to get around NATs is not so easy, and may be incompatible with the above suggestions. NATs are a mess. Dealing with strong IDs when you want supernodes to service requests on behalf of other nodes is definitely problematic (which goes back to my statement about the badness of introducing zombies into your protocols in the first place). Alen [1] Non-transitive Connectivity and DHTs - http://srhea.net/papers/ntr-worlds05.pdf _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
