Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1RsFIv-0007jk-P8 for bitcoin-development@lists.sourceforge.net; Tue, 31 Jan 2012 15:07:29 +0000 X-ACL-Warn: Received: from out3-smtp.messagingengine.com ([66.111.4.27]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1RsFIq-0008MO-CO for bitcoin-development@lists.sourceforge.net; Tue, 31 Jan 2012 15:07:29 +0000 Received: from compute6.internal (compute6.nyi.mail.srv.osa [10.202.2.46]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 1D21D221CD for ; Tue, 31 Jan 2012 10:07:19 -0500 (EST) Received: from frontend1.nyi.mail.srv.osa ([10.202.2.160]) by compute6.internal (MEProxy); Tue, 31 Jan 2012 10:07:19 -0500 X-Sasl-enc: N7cZTnimHtq0cTxVV/VnA35eeArGHxSEq+SmKimhxlzC 1328022438 Received: from mail-we0-f175.google.com (mail-we0-f175.google.com [74.125.82.175]) by mail.messagingengine.com (Postfix) with ESMTPSA id C2F088E0082 for ; Tue, 31 Jan 2012 10:07:18 -0500 (EST) Received: by werc1 with SMTP id c1so128281wer.34 for ; Tue, 31 Jan 2012 07:07:18 -0800 (PST) MIME-Version: 1.0 Received: by 10.216.136.155 with SMTP id w27mr11407688wei.8.1328022438090; Tue, 31 Jan 2012 07:07:18 -0800 (PST) Received: by 10.216.180.140 with HTTP; Tue, 31 Jan 2012 07:07:16 -0800 (PST) In-Reply-To: References: Date: Tue, 31 Jan 2012 08:07:16 -0700 Message-ID: From: Michael Hendricks To: Gregory Maxwell Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1RsFIq-0008MO-CO Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] CAddrMan: Stochastic IP address manager X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jan 2012 15:07:29 -0000 On Tue, Jan 31, 2012 at 12:17 AM, Gregory Maxwell wrot= e: > On Mon, Jan 30, 2012 at 11:33 PM, Michael Hendricks w= rote: >> address manager point to the attacker. =C2=A0If a client has 8 connectio= ns >> to the network, a Sybil attack would succeed 1.7% of the time. > > Meh, careful not to mixup addrman created issues with preexisting ones > simply related to the number of connections vs the number of nodes. > Even absent addressman someone who can spin up a large multiple of the > current nodes as tcp forwarders to a system they control can capture > all of a nodes outbound connections. I think I've explained myself poorly. On my nodes, the old address database routinely has 120k addresses. With the new address manager, it will have 20k addresses. Filling the former with 60% evil nodes requires 72,000 evil nodes; while the latter requires 12,000. As I mentioned in my first post, I think the new address manager "is a valuable improvement over what we have today". I think it should be included in the next release. I also think we should be aware that we're making it somewhat easier to isolate outbound-only nodes. A single listening node can support 15 non-listening nodes (125/8). The network currently has 5 non-listening nodes for every listening node. That ratio has stayed quite stable, so I think we have wiggle room if we wanted to allow more outbound connections in some circumstances. --=20 Michael