Comments (2)
lthibault
commented on June 3, 2024
@aratz-lasa In connection with #17 and the question of adding a namespace to Beacon payloads: what are your thoughts on this?
As it stands, a Beacon will be able to advertise a peer on a namespace without that peer's approval. The procedure for doing so is as follows:
- Obtain a valid
peer.Recordfor the node you're targeting. - Construct beacon payload using that record, and attach an arbitrary namespace.
- Serve the record to incoming crawlers.
At first glance this doesn't seem dramatic because consumers of the beacon payload won't be able to connect to a namespace unless the peer is actually serving it, but it might not be so innocuous because:
- It could potentially be used as a DDoS vector. I can potentially trick a large number of peers into spamming a target with connection requests.
- A peer may have joined a namespace that it does not wish to make public. Although we can't prevent members of the namespace from leaking the identity of the namespace, we can at least signal to peers that the advertised node does not wish to receive connections on that namespace. (More exactly: recipients of the beacon payload should not attempt connections if they cannot assert that the peer wishes to receive connections, i.e. if the beacon payload was not signed by said peer.)
Maybe we should bundle this into your current sprint?
from casm.
lthibault
commented on June 3, 2024
Implemented in #33.
from casm.
Related Issues (20)
- Investigate error when exceeding 30 nodes in testground HOT 1
- Investigate traffic shaping in Testground HOT 1
- Verify context usage in fx.Lifecycle HOT 1
- Add network mapping primitives
- TestRoutingTable_concurrent fails intermittently HOT 1
- Data race in PeX HOT 1
- Silence EOF errors from boot socket when restarting. HOT 1
- Reduce allocations when updating routing table
- Block in Vat.Embargo until host unregisters all stream handlers
- Add support for LZ4-compressed transport to casm.Vat
- Suppress `context cancelled` debug logs in Crawler
- Panic in BenchmarkIterator HOT 1
- Remove go.uber.org/atomic HOT 1
- TestSampler/Abort is flaky
- Switch to prometheus-based metrics
- Update QUIC multiaddrs
- Fix ordering of records when using LowerBound HOT 1
- Set multicast interface based on GOOS
- Add listen addr to casm discover template
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from casm.