devp2p icon indicating copy to clipboard operation
devp2p copied to clipboard
verified publisher icon ethereum

discv5: collect more eclipse attack countermeasures

Open FrankSzendzielarz opened this issue 6 years ago • 6 comments

The eclipse attack texts deletes the previous information and references to the "Bound-LogIDforPhyIDSrc" in this paper https://engineering.purdue.edu/~isl/TR-EE-07-13.pdf

Instead, the text now makes a general suggestion to limit /24 subnet IPs by bucket and table.

Both approaches have their limitations. In the former case, it is difficult to establish what the correct weighting of per-learned-from-source should be, and with the latter I feel a determined attacker may still be able to take advantage of delays in the node verification schedule to propagate junk around a target and with self-propagation.

I would prefer if the implementation recommendation was more agnostic about how these attacks should be mitigated, while proposing multiple strategies and referring to the papers.

FrankSzendzielarz avatar Aug 06 '19 10:08 FrankSzendzielarz

One countermeasure often recommended in literature is proof-of-work. We have a separate issue for that: #122.

fjl avatar Feb 10 '20 12:02 fjl

Just found another very interesting approach, described in this paper (also see slides for an overview.

The idea is simple: during lookup activity, track node ID distribution. Since node IDs are uniformly distributed across the entire ID number space, any deviations from the regular distribution are malicious and those nodes should be ignored.

Found this while browsing gtk-gnutella source code.

fjl avatar Feb 10 '20 13:02 fjl

I still want to add the above thing to the spec and try it out in implementation.

fjl avatar Oct 07 '20 19:10 fjl

Just found another very interesting approach, described in this paper (also see slides for an overview.

The idea is simple: during lookup activity, track node ID distribution. Since node IDs are uniformly distributed across the entire ID number space, any deviations from the regular distribution are malicious and those nodes should be ignored.

Found this while browsing gtk-gnutella source code.

I don't think this countermeasure is effective in discv5. This countermeasure is needed because attackers can choose whatever node ID closer to the target in the DHT network like emule, while in discv5 the node ID is actually a hash digest. The attacker has no way to effectively choose node ID closer to the targets.

contrun avatar Nov 20 '23 09:11 contrun

The attacker has no way to effectively choose node ID closer to the targets.

While more costly, the attacker can still "mine" for those node IDs.

kdeme avatar Nov 20 '23 10:11 kdeme

The attacker has no way to effectively choose node ID closer to the targets.

While more costly, the attacker can still "mine" for those node IDs.

Fair point.

contrun avatar Nov 20 '23 10:11 contrun