Closed MuxZeroNet closed 6 years ago
The request-id is per-connection. I not sure how could anyone inject a fake response packet to a TCP (and encrypted) stream. And if someone could, then I think the random id does not helps as the attacker could also record the request id sent to remote client.
A request packet has its unique request ID. A ZeroNet implementation interprets a response packet with the help of the request ID. If an attacker spoofs the request ID in a malicious response packet, then the implementation cannot properly interpret the response, and may incorrectly abort the previous request. This attack works even when the attacker does not run the Internet infrastructure. Consider the following example.
When sequential request ID works:
When sequential request ID does not work:
There are algorithms that handle request IDs more safely.
Store an
(ip_address, port, request_id)
tuple as the real identifier. Does not work with connectionless sockets, such as datagram. Denies "retry," which may be a problem for the peers that have poor connectivity. This seems too restrictive.Generate random request IDs. Take 4 bytes of random data from
os.urandom
and convert them to an integer.Which algorithm does ZeroNet use?