[p2p-hackers] aMule/eMule's solution for Sybil Attack

netbsd netbsd8 at gmail.com
Tue Aug 26 11:57:23 EDT 2008


Thanks for the reply. I just wonder whether Eclipse Attack remains possible
for aMule/eMule, because Eclipse Attack also need to dominate correct node's
neighbor set, and aMule/eMule give a very strict rule for contact adding. it
means firstly the attacker has to master large resources (different IP etc.)
for benefits.

sincerely,

-Yunzhao

On Tue, Aug 26, 2008 at 3:09 AM, Thibault Cholez
<thibault.cholez at loria.fr>wrote:

> netbsd a écrit :
> > Does anyone notices that the current version of eMule/aMule Using
> > Kademlia may mitigate the Sybil Attack!
> > The rules for adding new contacts:
> >
> ===============================================================================
> > ------ From aMule 2.2.1/eMule0.49a
> >
> >     * Kad will now enforce certain limits when adding new contacts to
> >       the routing table: No more than 1 KadNode per IP, 2 similar
> >       KadNodes (same bin) from a /24 network and at a maximum 10
> >       different KadNodes from a /24 network are allowed. This is
> >       supposed to make routing attacks against Kad more difficult and
> >       resource-intensive.
> >
>          - Looking at the code, eMule 0.49a also implements a packet
> tracking and a flood protection mechanism that help mitigate the Sybil
> Attack.
>
> > ------ From aMule 2.2.2/eMule0.49b
> >
> >     * Kad now ignores multiple IDs pointing to one IP in routing
> >       request answer
> >     * Kad contacts will only be able to update themself in others
> >       routing tables if they provide the proper key (supported by
> >       0.49a+ nodes) in order to make it impossible to hijack them
> >     * Kad uses now a three-way-handshake (or for older version a
> >       similar check) for new contacts, making sure they do not use a
> >       spoofed IP
> >     * Unverified contacts are not used for routing table
> >
> >
> =====================================================================================
> >
> > Any ideas?
> >
>
> In fact, I have many ideas on these mechanisms because I am currently
> studying them in my thesis.
>
> My first results show a great improvement of the Sybil Attack defence,
> even if eclipse attacks remain  possible.
>
> I think that this kind of "common-sense" protection is the minimum that
> every P2P network should have, unless being totally unaware of the Sybil
> Attack problem... Before these very last versions, KAD was really
> unprotected and very easily and badly hurt with a Sybil Attack (see the
> very good paper from Steiner: Exploiting KAD: possible uses and misuses
> http://ccr.sigcomm.org/online/files/p65-steiner.pdf ).
>
> Regards,
>
> Thibault
>
> > -Yunzhao
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > p2p-hackers mailing list
> > p2p-hackers at lists.zooko.com
> > http://lists.zooko.com/mailman/listinfo/p2p-hackers
> >
>
> _______________________________________________
> p2p-hackers mailing list
> p2p-hackers at lists.zooko.com
> http://lists.zooko.com/mailman/listinfo/p2p-hackers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.zooko.com/pipermail/p2p-hackers/attachments/20080826/51250f99/attachment.htm 


More information about the p2p-hackers mailing list