go-spacemesh icon indicating copy to clipboard operation
go-spacemesh copied to clipboard

Published 20 hours ago verified publisher icon spacemeshos

Possible issues with routing discovery mechanism

Open ivan4th opened this issue 1 year ago • 0 comments

Description

Currently, we're using a single DHT for both LAN and WAN. This means that libp2p-kad-dht's IP diversity filter is not being used for the peers participating in the DHT, leaving possibilities to some kinds of eclipse attacks. We should switch to dual DHT (LAN and WAN) like what's used in Kubo. See here for more info on built-in DHT eclipse attack protection. Besides IP diversity filters, switching to Dual DHT is going to fix the issues with peers that have private IPs: #5510

A related problem is random peer selection during routing discovery. In theory, it is possible to poison DHT in a way so that a predictable set of peers is found via FindProviders mechanism used by routing discovery. But applying IP diversity filters for WAN IPs is also going to make this kind of attack substantially harder and likely too expensive too implement.

ivan4th avatar May 24 '24 08:05 ivan4th