fjl
commented
4 years ago One countermeasure often recommended in literature is proof-of-work. We have a separate issue for that: #122.
Open FrankSzendzielarz opened 5 years ago
fjl
commented
4 years ago One countermeasure often recommended in literature is proof-of-work. We have a separate issue for that: #122.
fjl
commented
4 years ago Just found another very interesting approach, described in this paper (also see slides for an overview.
The idea is simple: during lookup activity, track node ID distribution. Since node IDs are uniformly distributed across the entire ID number space, any deviations from the regular distribution are malicious and those nodes should be ignored.
Found this while browsing gtk-gnutella source code.
fjl
commented
3 years ago I still want to add the above thing to the spec and try it out in implementation.
contrun
commented
9 months ago Just found another very interesting approach, described in this paper (also see slides for an overview.
The idea is simple: during lookup activity, track node ID distribution. Since node IDs are uniformly distributed across the entire ID number space, any deviations from the regular distribution are malicious and those nodes should be ignored.
Found this while browsing gtk-gnutella source code.
I don't think this countermeasure is effective in discv5. This countermeasure is needed because attackers can choose whatever node ID closer to the target in the DHT network like emule, while in discv5 the node ID is actually a hash digest. The attacker has no way to effectively choose node ID closer to the targets.
kdeme
commented
9 months ago The attacker has no way to effectively choose node ID closer to the targets.
While more costly, the attacker can still "mine" for those node IDs.
contrun
commented
9 months ago The attacker has no way to effectively choose node ID closer to the targets.
While more costly, the attacker can still "mine" for those node IDs.
Fair point.
The eclipse attack texts deletes the previous information and references to the "Bound-LogIDforPhyIDSrc" in this paper https://engineering.purdue.edu/~isl/TR-EE-07-13.pdf
Instead, the text now makes a general suggestion to limit /24 subnet IPs by bucket and table.
Both approaches have their limitations. In the former case, it is difficult to establish what the correct weighting of per-learned-from-source should be, and with the latter I feel a determined attacker may still be able to take advantage of delays in the node verification schedule to propagate junk around a target and with self-propagation.
I would prefer if the implementation recommendation was more agnostic about how these attacks should be mitigated, while proposing multiple strategies and referring to the papers.