diff options
| author | irungentoo <irungentoo@gmail.com> | 2013-10-10 20:47:06 -0400 |
|---|---|---|
| committer | irungentoo <irungentoo@gmail.com> | 2013-10-10 20:47:06 -0400 |
| commit | 77ec51085828c8dbe764030cbae7242994e590de (patch) | |
| tree | bba667e7766c558898ebdefb93f15bc37359aa82 /docs/Hardening.txt | |
| parent | 5344413e0b702f24154affc5210cb16094ac5ed8 (diff) | |
Hardening the Tox network, document writing in progress.
Diffstat (limited to 'docs/Hardening.txt')
| -rw-r--r-- | docs/Hardening.txt | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/docs/Hardening.txt b/docs/Hardening.txt new file mode 100644 index 00000000..838b3566 --- /dev/null +++ b/docs/Hardening.txt | |||
| @@ -0,0 +1,48 @@ | |||
| 1 | Currently an attacker with sufficient resources could launch a large scale | ||
| 2 | denial of service type attack by flooding the Tox network with a bunch of nodes | ||
| 3 | that do not act like real nodes to prevent people from finding each other. | ||
| 4 | |||
| 5 | Due to the design of Tox, this is the worst thing an attacker can do to disrupt | ||
| 6 | the network. | ||
| 7 | |||
| 8 | This solution's goal is to make these denial of service attack very very hard | ||
| 9 | to accomplish. | ||
| 10 | |||
| 11 | For the network to work every Tox node must: | ||
| 12 | 1. Respond to ping requests. | ||
| 13 | 2. Respond to get node requests with the ids of nodes closest to a queried id | ||
| 14 | (It is assumed each nodes know at least the 32 nodes closest to them.) | ||
| 15 | 3. Properly send crypto request packets to their intended destination. | ||
| 16 | |||
| 17 | Currently the only thing a node needs to do to be part of the network is | ||
| 18 | respond correctly to ping requests. | ||
| 19 | |||
| 20 | The only people we really trust on the network are the nodes in our friends | ||
| 21 | list. | ||
| 22 | |||
| 23 | |||
| 24 | The behavior of each Tox node is easily predictable this means that it possible | ||
| 25 | for Tox nodes to test the nodes that they are connected to to see if they | ||
| 26 | behave like normal Tox nodes and only send nodes that are confirmed to behave | ||
| 27 | like real Tox nodes as part of send node replies when other nodes query them. | ||
| 28 | |||
| 29 | If correctly done, this means that to poison the network an attacker can only | ||
| 30 | infiltrate the network if his "fake" nodes behave exactly like real nodes | ||
| 31 | completely defeating the purpose of the attack. Of course nodes must be | ||
| 32 | rechecked regularly to defeat an attack where someone floods the network with | ||
| 33 | many good nodes then suddenly turns them all bad. | ||
| 34 | |||
| 35 | This also prevents someone from accidentally killing the tox network with a bad | ||
| 36 | implementation of the protocol. | ||
| 37 | |||
| 38 | Implementation ideas (In Progress): | ||
| 39 | |||
| 40 | 1. Use our friends to check if the nodes in our close list are good. | ||
| 41 | |||
| 42 | EX: If our friend queries a node close to us and it correctly returns our | ||
| 43 | ip/port and then sends a crypto request packet to it and it routes it correctly | ||
| 44 | to us then it is good. | ||
| 45 | |||
| 46 | Problems with this: People don't always have at least one online friend. | ||
| 47 | |||
| 48 | 2. ... | ||