Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1RsFIo-0007iX-Mk for bitcoin-development@lists.sourceforge.net; Tue, 31 Jan 2012 15:07:22 +0000 X-ACL-Warn: Received: from out3-smtp.messagingengine.com ([66.111.4.27]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1RsFIn-0008MF-Rh for bitcoin-development@lists.sourceforge.net; Tue, 31 Jan 2012 15:07:22 +0000 Received: from compute4.internal (compute4.nyi.mail.srv.osa [10.202.2.44]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 6F94020D33 for ; Tue, 31 Jan 2012 10:07:16 -0500 (EST) Received: from frontend2.nyi.mail.srv.osa ([10.202.2.161]) by compute4.internal (MEProxy); Tue, 31 Jan 2012 10:07:16 -0500 X-Sasl-enc: dcF2m0f5UfjaZSvcqF2+gY8DEOZzw6Xw1Urrr8Z6i+7J 1328022436 Received: from mail-qy0-f175.google.com (mail-qy0-f175.google.com [209.85.216.175]) by mail.messagingengine.com (Postfix) with ESMTPSA id 4078848258D for ; Tue, 31 Jan 2012 10:07:16 -0500 (EST) Received: by qcso7 with SMTP id o7so70760qcs.34 for ; Tue, 31 Jan 2012 07:07:16 -0800 (PST) MIME-Version: 1.0 Received: by 10.229.76.26 with SMTP id a26mr8759094qck.126.1328022436044; Tue, 31 Jan 2012 07:07:16 -0800 (PST) Received: by 10.229.238.147 with HTTP; Tue, 31 Jan 2012 07:06:45 -0800 (PST) In-Reply-To: References: Date: Tue, 31 Jan 2012 08:06:45 -0700 Message-ID: From: Michael Hendricks To: Gregory Maxwell Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1RsFIn-0008MF-Rh Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] CAddrMan: Stochastic IP address manager X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jan 2012 15:07:22 -0000 On Tue, Jan 31, 2012 at 12:17 AM, Gregory Maxwell wrot= e: > On Mon, Jan 30, 2012 at 11:33 PM, Michael Hendricks w= rote: >> address manager point to the attacker. =C2=A0If a client has 8 connectio= ns >> to the network, a Sybil attack would succeed 1.7% of the time. > > Meh, careful not to mixup addrman created issues with preexisting ones > simply related to the number of connections vs the number of nodes. > Even absent addressman someone who can spin up a large multiple of the > current nodes as tcp forwarders to a system they control can capture > all of a nodes outbound connections. I think I've explained myself poorly. On my nodes, the old address database routinely has 120k addresses. With the new address manager, it will have 20k addresses. Filling the former with 60% evil nodes requires 72,000 evil nodes; while the latter requires 12,000. As I mentioned in my first post, I think the new address manager "is a valuable improvement over what we have today". I think it should be included in the next release. I also think we should be aware that we're making it somewhat easier to isolate outbound-only nodes. A single listening node can support 15 non-listening nodes (125/8). The network currently has 5 non-listening nodes for every listening node. That ratio has stayed quite stable, so I think we have wiggle room if we wanted to allow more outbound connections in some circumstances. --=20 Michael