Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XJfoe-0006A3-Fg for bitcoin-development@lists.sourceforge.net; Tue, 19 Aug 2014 09:34:56 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of uni.lu designates 158.64.76.33 as permitted sender) client-ip=158.64.76.33; envelope-from=ivan.pustogarov@uni.lu; helo=hercules.uni.lu; Received: from hercules.uni.lu ([158.64.76.33]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XJfod-0007Nx-CK for bitcoin-development@lists.sourceforge.net; Tue, 19 Aug 2014 09:34:56 +0000 X-IronPort-AV: E=Sophos;i="5.01,893,1400018400"; d="scan'208";a="48447560" Date: Tue, 19 Aug 2014 11:34:40 +0200 From: Ivan Pustogarov To: Gregory Maxwell Message-ID: <20140819093425.GA5223@localhost.localdomain> References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Originating-IP: [10.24.1.72] X-Spam-Score: -2.2 (--) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1XJfod-0007Nx-CK Cc: Bitcoin Development Subject: Re: [Bitcoin-development] [bitcoin] Add rotation of outbound connections (#4723) X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Aug 2014 09:34:56 -0000 I agree with this. Some combinatorics shows that 3 persistent connections instead of 8 results in a low success rate of the entry-peers fingerprinting attack. > it should not disconnect any nodes which were addnode, and it should not disconnect whitelisted peers I agree ('Addnodes' are already excluded in the example code from the pull request) On Mon, Aug 18, 2014 at 04:51:34PM -0700, Gregory Maxwell wrote: > It was pointed out to me that my concern wrt partitioning is unclear. Imagine > an attacker starts up a moderate number of sybil nodes. He also connects to > every other available listening peer and fills up their inbound capacity. > > In the current network this kind of activity would only disrupt newly joining > peers. But nodes which were still online would remain connected to each other. > With excessive rotation the entire network could become connected exclusively > via the sybils. > > — > Reply to this email directly or view it on GitHub.* > -- Ivan