Thanks for the move ;-)
My point was that with untrusted code, only one request is enough to bring a
node to its knees. The code can run in an endless loop.
Without untrusted code, you need a constant flood of requests to force a
node into DOS.
-Stefan
----- Original Message -----
From: "JF" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 11, 2001 7:49 PM
Subject: [freenet-tech] Ideas for a FreeNet Process
> Has there been any discussion as to the possibility of creating a
> FreeNet Process in the protocol.
>
> This Process could have the following properties:
> 1) The executable would exists in the freenet, possibly split amongst many
> nodes.
> 2) The process could be executed by determining its set of keys and would
> return screen info to the executor.
> 3) The process would split its processing time amongst the nodes.*
> 4) The process would use the current freenet as short term memory and long
> term memory.
>
> The third property is the most interesting I think.
>
> The idea here is to set up a freenet webserver, that will run in the nodes
> away from hacking and prying intruders.
> The idea of distributing the process amongst nodes would make it very
> difficult to hack and might even be more efficient.
> The intruders wont even know where to start hacking.
>
> What say all?
>
> HackerKungFu
>
> One reply has been:
> >
> > Anyways... I don't understand how you your idea will work. Where does
the
> > executable code come from? How is it supposed to be executed? If
untrusted
> > code is to be run on nodes, this is clearly a major security risk. Not
> even
> > the Java sandbox is safe enough for this porpuse (it is susceptible to
> > denial of service attacks by consuming all CPU and/or memory, for
> example).
> >
>
> I replied :
>
> If U mean DOS in the sense that tons of useless commands are directd
towards
> a process, then u are right.
> I'm unfamiliar with the Java sandbox, but any computer or process is
> susceptable already to useless comands.
> Of course you could implement pattern recognition proceses that would
> effictively identify repetative type attacks and re-route them to harmless
> NULL space. The point is by distributing the process amonst the nodes, a
> hacker would not be able to break into the particular machine the process
> was running on and affect it that way. This is a much more serious and
> dangerous type of crack than DOS. The code of course is trusted in the
> freenet, but it is encrypted. The security problem arises when u have to
> decrypt the code to execute a nodes portion of the process. A "Cancer"
node
> could screw with you there. But again the cancer node would never know
> which process it was screwing with as it can't determine the node location
> of the process. A Cancer node would therefore have to guess and hope the
> particular target process was in its own node. Of course tons of
Cancerous
> nodes would be able to crack things. But of course as I read, cancer
nodes
> are already a serious problem with the current freenet. Freenet does not
> guarantee anonymity and immunity from atacks, it simply makes it much more
> dificult to implement an attack.
>
> HackerKungFu
>
>
>
> _______________________________________________
> freenet-tech mailing list
> [EMAIL PROTECTED]
> http://lists.freenetproject.org/mailman/listinfo/tech
_______________________________________________
freenet-tech mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/tech
