Exlain more about DoS and spam prevention in documentation

[iskradelta]

Hi,

What does ZeroNet do to prevent bad peer actors, for example, a (modified) peer which only holds connection open and never sends any data thus increasing time for others who asked it for data which it doesnt send. Does zeronet have any mechanism to avoid such a peer in the future? What if I would join zeronet with 100s (meh even 1000) of such peers, the network would slow down to a halt. Or even worse, a peer which sends the pieces very slowly at 1-4kb/s range.

On the other side of the coin, what would prevent 1000s of (modified) peers all to request same site from the owner, but never share any pieces with the rest of the swarm? That would effectively suck the bandwidth of the site owner for no purpose other than to prevent others from getting the zite. How is a peer identified, is it local only to the zite/peer, or is there a public/global system of accounting of bad peers?

Does Zeronet prevent such attacks? Does zeronet keep any accounting on ratio of peers in the bittorrent swarm? If not is there plans to do that.

[HelloZeroNet]

• There is some protection against connection flooding or rapid requests. (it will slow down the reponse time if X cpu time is used by peer)
• The client start downloading the files from random peers and keep trying until it's finishes

It's really hard to protect these kind of attacks (especially on Tor network where every request come from 127.0.0.1), but the result of this attacks are much less spectacular, than attacking a normal web site, since it's served from your computer so you will still able to access pages and only delays the updates

[iskradelta]

Thanks for quick response.

Yes, it is difficult attacks to defend from. Have any ideas on how to defend in the future?

Can we add "peer you already asked for that piece stop asking/Ill stopping serving you".

Another issue: how difficult would it be for me to generate 1 million zeroIds and use them to spam advertisements across all the sites in all the comments? As the zeroid generation seems to be centralized that could work, and it seems to take a few seconds and not require any proof-of-work? Simpler attack, if I found a user spamming/harassing my zeroblog, can I block that zeroId in the future?

Also, is there a place where these questions can be asked and discussed on ZeroNet? The ZeroTalk ZeroBoard dont seem to be very active.

[HelloZeroNet]

On clearnet it could be possible, to not serve the same file to the same client, but the Tor network does not provide any information about the request sender and it's still would not work against attacks that involves 100s of computers.

The zeroid is generation is limited by the cert issuer. Currently it's only a simple js check but later captcha/facebook/email/crypto-burning etc. verification could be added. I think proof of work not suitable to solve this problem, because the attacker could use highend-cpu/gpu to solve it and still generate 1000s users/hour.

You can block users by id, look for banexample in data/users/content.json

Here, Github, ZeroTalk is the best places to ask questions

[iskradelta]

because the attacker could use highend-cpu/gpu to solve it and still generate 1000s users/hour.

Yes, but then that at least costs money, and together with banexample/blocking spammers, there is little incentive to actually do it then. Isnt there a very difficult proof-of-work which would take a normal computer 30min or so to generate, and still be not-worth-it when using a high-end gpu? To be memory-intensive?

[HelloZeroNet]

I don't know any cryptocurrency that is CPU-only. 30 minute is already too much for most of the users to wait to be able to post new comment, but it's nothing for a spammer (you can rent a VPS for 1EUR/month)

[iskradelta]

I see!

On the same topic, have you considered using Triblers "multichain" (not the multichain company with proprietary software), which is supposed to keep a tamper-proof swarm-level (not global) reputation/score for every peer? That would avoid some attacks and reward good nodes. Maybe not really needed as most content between peers is small. Tribler does have faster anon connections than Tor though, there has been experiments with 5mb/s downloads and acceptable CPU usage for 18 circuits. Something to pick up from there? The code is all in python too.

On another topic, in a another discussion, ZeroNet seems to be using TLS for peer-to-peer communication, which is MITMable because there is no Central Authority (of course). (Maybe wrong information?) Blockcerts and maybe storing certificates in namecoin would solve that problem, so p2p connections would be really TLS with mitm prevention? See https://wiki.namecoin.info/index.php?title=Domain_Name_Specification#TLS_support

[HelloZeroNet]

from their page: "Do not put yourself in danger. Our anonymity is not yet mature.", so i think it would be a bad idea to use it, and even if they solution is technologically right less user/node means less anonymous/secure.

yes, zeronet using self-signed certs, so mitm is possible on non-tor connections, i dont think blockchain is a good place to store this information (and also requires to every client run full node) .onion connections are mitm safe, so adding a .onion only mode would be easier

[iskradelta]

Right, just now read a review about Triblers onions, they are indeed very badly implemented, at least was in 2014.

I should try the patch for zeronet-over-i2p which was in here somewhere. But that much anonymity is not really required for me, or shouldnt be for anyone, if we cant trust our ISPs, we should disconnect them and make our own new internet with mesh nets and blackjack.

Have you considered FairTorrents algorithm?

[MuxZeroNet]

Tribler's notorious weak crypto implementation was caught by Yawning Angel from Tor Project. Tribler has hard-seeded random number generators, and a piece of code, I guess written in a bad way on purpose, containing an obvious security issue:

   try:
     raise ImportError()
     # Dead code, this would be slightly less horrific, maybe.
     from Crypto.Random.random import StrongRandom
   except ImportError:
     # ... Words can not describe how sad I am.
     from random import Random as StrongRandom

[MuxZeroNet]

@iskradelta There is an issue and a pull request discussing I2P support. Someone on ZeroNet recently asked me how to make ZeroNet use I2P (by applying a patch), but I frankly don't know...

[JeremyRand]

@iskradelta:

On another topic, in a another discussion, ZeroNet seems to be using TLS for peer-to-peer communication, which is MITMable because there is no Central Authority (of course). (Maybe wrong information?) Blockcerts and maybe storing certificates in namecoin would solve that problem, so p2p connections would be really TLS with mitm prevention?

TLS with self-signed certificates is already secure against passive attackers. CA's and Namecoin are designed to protect against active attackers in cases where you are trying to connect to a specific identity; this is not the case with most P2P networks. Trying to protect against MITM attacks when you don't know who your TLS peer is, is AFAIK an impossible problem (and also one that Tor onion services don't attempt to solve).