Yes, you are right. The eclipse attack is far more difficult with the new version of the clients and now has to be "distributed" (involving several public IP addresses). Unfortunately, the eclipse attack does not need much resource (something like 10 IP addresses is sufficient) as long as the KADID can be chosen freely and the malicious nodes placed very close to the target. May be a correction for a future version, they are in the right way :-) .
regards, Thibault netbsd a écrit : > Thanks for the reply. I just wonder whether Eclipse Attack remains > possible for aMule/eMule, because Eclipse Attack also need to dominate > correct node's neighbor set, and aMule/eMule give a very strict rule > for contact adding. it means firstly the attacker has to master large > resources (different IP etc.) for benefits. > > sincerely, > > -Yunzhao > > On Tue, Aug 26, 2008 at 3:09 AM, Thibault Cholez > <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: > > netbsd a écrit : > > Does anyone notices that the current version of eMule/aMule Using > > Kademlia may mitigate the Sybil Attack! > > The rules for adding new contacts: > > > > =============================================================================== > > ------ From aMule 2.2.1/eMule0.49a > > > > * Kad will now enforce certain limits when adding new > contacts to > > the routing table: No more than 1 KadNode per IP, 2 similar > > KadNodes (same bin) from a /24 network and at a maximum 10 > > different KadNodes from a /24 network are allowed. This is > > supposed to make routing attacks against Kad more > difficult and > > resource-intensive. > > > - Looking at the code, eMule 0.49a also implements a packet > tracking and a flood protection mechanism that help mitigate the Sybil > Attack. > > > ------ From aMule 2.2.2/eMule0.49b > > > > * Kad now ignores multiple IDs pointing to one IP in routing > > request answer > > * Kad contacts will only be able to update themself in others > > routing tables if they provide the proper key (supported by > > 0.49a+ nodes) in order to make it impossible to hijack them > > * Kad uses now a three-way-handshake (or for older version a > > similar check) for new contacts, making sure they do not use a > > spoofed IP > > * Unverified contacts are not used for routing table > > > > > > ===================================================================================== > > > > Any ideas? > > > > In fact, I have many ideas on these mechanisms because I am currently > studying them in my thesis. > > My first results show a great improvement of the Sybil Attack defence, > even if eclipse attacks remain possible. > > I think that this kind of "common-sense" protection is the minimum > that > every P2P network should have, unless being totally unaware of the > Sybil > Attack problem... Before these very last versions, KAD was really > unprotected and very easily and badly hurt with a Sybil Attack > (see the > very good paper from Steiner: Exploiting KAD: possible uses and > misuses > http://ccr.sigcomm.org/online/files/p65-steiner.pdf ). > > Regards, > > Thibault > > > -Yunzhao > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > p2p-hackers mailing list > > [email protected] <mailto:[email protected]> > > http://lists.zooko.com/mailman/listinfo/p2p-hackers > > > > _______________________________________________ > p2p-hackers mailing list > [email protected] <mailto:[email protected]> > http://lists.zooko.com/mailman/listinfo/p2p-hackers > > > ------------------------------------------------------------------------ > > _______________________________________________ > p2p-hackers mailing list > [email protected] > http://lists.zooko.com/mailman/listinfo/p2p-hackers > _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
