bajtos
commented
11 months ago Few comments on using IPv4 as a scarce resource:
Folks running the IPFS DHT learned that this approach is not effective against an attacker willing to pay, well, just about anything. Unfortunately, there are quite a few "residential VPN" services that'll let you get as many IP addresses as you want for almost nothing (usually used for spam, crime, etc.).
This is the core diversity logic in the IPFS DHT: go-libp2p-kbucket/peerdiversity/filter.go Instead of just looking at IPs, they map them to known ASNs and try to achieve ASN diversity. But even that fails if an attacker is willing to use a residential VPN and/or a botnet.
Assuming we implement the planned fraud-countering steps (#29, #30, https://github.com/filecoin-station/roadmap/issues/41):
How much would it cost for a single party to launch a Sybil attack on our network, gain control of the majority of the nodes (or results reported) and thus be able to submit fake retrieval measurements that will be considered as real?