Comments (4)
Good. But in the first iteration we will receive these packets and drop them.
from tox.
It seems hardening is going to be removed from c-toxcore
.
So, inserting many fake nodes can attack Tox Network to prevent two valid tox nodes can not connect to each other.
Actually hardening can't provide good protection against sybil attack: it assumes that the attacker will send difference responses to different nodes but he doesn't have to do so to achieve the desired result. The attacker can just stop sending specific node to everyone with the same result, as he doesn't know it.
from tox.
Still we have to parse them to avoid that many error messages in the log.
from tox.
Bittorrent had the same problem, and they solved it by issuing BEP 42 which basically requires that certain bits of your DHT address exactly match the hash certain bits of your public IP address.
Here's a summary:
- If you launch more than one Sybil from the same public IP they will have DHT addresses very close to each other. In order to launch a large Sybil attack you will need large numbers of public IPv4 addresses.
- The "certain bits" part above is chosen carefully so that an attacker in control of a large contiguous block of IP addresses (say, a /24 or even /16) still can't shut down the entire network. A Sybil attack requires not only lots of IP addresses, but also lots of IP addresses which are far away from each other according to the integer-subtraction distance metric on IPv4 space.
Implementing this defense against Sybil attacks requires DHT nodes to opt-in to the defense. One way of rolling it out in a backwards-compatible manner is for clients to decide with some small probability (say 5%) whether or not to only use DHT nodes that have opted in to the Sybil defense. In other words for each DHT query, with 5% probability, the client would ignore all DHT nodes whose DHT address doesn't match its IPv4 address.
This means that an attacker with lots of machines but few IP addresses could slow down the network by a factor of 20x but could not completely shut it down. The probability can be user-configurable so that users can manually increase it in the event of an attack, and the default setting can be gradually increased over time as more and more DHT nodes opt-in to the defense.
from tox.
Related Issues (20)
- Race in toxcore::tcp::client::client::tests::spawn HOT 3
- Replace IpPort::is_global with IpAddr::is_global from std
- Replace Digest with a plain array in OnionAnnounceResponsePayload HOT 2
- Get rid of byteorder
- Return with custom ErrorKind at nom 5.0
- Remove custom GetPayloadError in favor of macro error_kind!
- ssh HOT 2
- ssh or vpn HOT 1
- Update cookie_factory from 0.2 to 0.3
- Move to async/await HOT 1
- Replace blocking Mutex with future Mutex HOT 8
- Failure is deprecated HOT 3
- AWTCY (AreWeToxClientYet)? HOT 8
- [Question] Can I send friend request with a message? HOT 2
- Replace PrecomputedCache's blocking Mutex with future Mutex
- Get rid of libsodium
- Api
- Question: tox-rs vs. c-toxcore - differences when deployed as server node HOT 4
- How to send file? HOT 1
- Build fails when used as a cargo git dependency HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tox.