DHT Request hardening human doc. about tox HOT 4 OPEN

Good. But in the first iteration we will receive these packets and drop them.

from tox.

It seems hardening is going to be removed from c-toxcore.

So, inserting many fake nodes can attack Tox Network to prevent two valid tox nodes can not connect to each other.

Actually hardening can't provide good protection against sybil attack: it assumes that the attacker will send difference responses to different nodes but he doesn't have to do so to achieve the desired result. The attacker can just stop sending specific node to everyone with the same result, as he doesn't know it.

from tox.

Still we have to parse them to avoid that many error messages in the log.

from tox.

Bittorrent had the same problem, and they solved it by issuing BEP 42 which basically requires that certain bits of your DHT address exactly match the hash certain bits of your public IP address.

Here's a summary:

• If you launch more than one Sybil from the same public IP they will have DHT addresses very close to each other. In order to launch a large Sybil attack you will need large numbers of public IPv4 addresses.
• The "certain bits" part above is chosen carefully so that an attacker in control of a large contiguous block of IP addresses (say, a /24 or even /16) still can't shut down the entire network. A Sybil attack requires not only lots of IP addresses, but also lots of IP addresses which are far away from each other according to the integer-subtraction distance metric on IPv4 space.

Implementing this defense against Sybil attacks requires DHT nodes to opt-in to the defense. One way of rolling it out in a backwards-compatible manner is for clients to decide with some small probability (say 5%) whether or not to only use DHT nodes that have opted in to the Sybil defense. In other words for each DHT query, with 5% probability, the client would ignore all DHT nodes whose DHT address doesn't match its IPv4 address.

This means that an attacker with lots of machines but few IP addresses could slow down the network by a factor of 20x but could not completely shut it down. The probability can be user-configurable so that users can manually increase it in the event of an attack, and the default setting can be gradually increased over time as more and more DHT nodes opt-in to the defense.

from tox.