[freenet-dev] ULPRs and per-node failure tables working in simulation
Matthew Toseland
toad at amphibian.dyndns.org
Fri Feb 8 11:16:36 UTC 2008
On Friday 08 February 2008 00:24, Michael Rogers wrote:
> Matthew Toseland wrote:
> > There is no request quenching at the moment: if there are
> > bazillions of requests for a specific key, these will be rerouted
according
> > to failures to produce an exhaustive network search, and when it is found,
> > the data will be rapidly propagated to all requestors/subscribers.
>
> This is very cool stuff and I'm sorry to be a dick and immediately look
> for problems, but could ULPRs be used to launch a sort of "flash flood"
> where the attacker trickles out requests for an unavailable key until
> the key's ULPR web fills the whole network, then releases the key,
> flooding it through the network?
IMHO this is a weakness in per-node failure tables. We should have some limit
on the degree to which one node can cause the entire network to be searched
for a specific key. Having said that, there are *some* limits already e.g.
the number of requests he can make and have accepted.
>
> I realise the data wouldn't travel across every link because of the
> offer/accept mechanism, but it would still visit every node once, which
> is a decent multiplier for a DoS attack.
Only if he can get requests through every node. As he can by for example
flooding a Frost KSK queue right now.
>
> Cheers,
> Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://emu.freenetproject.org/pipermail/devl/attachments/20080208/06402145/attachment.pgp
More information about the Devl
mailing list