[freenet-dev] ULPRs and per-node failure tables working in simulation
Michael Rogers
m.rogers at cs.ucl.ac.uk
Fri Feb 8 17:25:59 UTC 2008
On Feb 8 2008, Robert Hailey wrote:
>Even then; it looks like FNPOffers are queued for later retrieval, and
>the FNPGetOffered is properly rejectable... what's the problem?
The problem (which is probably just based on a misunderstanding) is that
someone could use ULPRs and per-node failure tables to exhaustively search
the network for a non-existent key, building up a ULPR web that reaches
every node, then publish the key, causing every node to fetch the data. I'm
not saying that doing that once will destroy the network or anything, just
that it seems to increase the leverage of a DoS attacker: without ULPRs the
only way to affect every node would be to send a lot of requests in a short
time, which would be subject to throttling, but with ULPRs he can
circumvent throttling by sending the requests out slowly, then triggering
the attack with a single insert.
>The key only travels backwards towards nodes which requested it.
I was under the impression that ULPRs create a web, not a tree, to deal
with churn. But in any case, if every node is part of the tree (thanks to
per-node failure tables causing repeated requests to visit increasingly
obscure parts of the network) then every node will still fetch the data.
>As presented in the case of frost KSK they *were* requested, and the data
>(even if spam) is promptly and efficiently delivered, no?
That was before ULPRs.
Cheers,
Michael
More information about the Devl
mailing list