Browse Source
Bitcoin will not make an outbound connection to a network group (/16 for IPv4) that it is already connected to. This means that if an attacker wants good odds of capturing all a nodes outbound connections he must have hosts on a a large number of distinct groups. Previously both inbound and outbound connections were used to feed this exclusion. The use of inbound connections, which can be controlled by the attacker, actually has the potential of making sibyl attacks _easier_: An attacker can start up hosts in groups which house many honest nodes and make outbound connections to the victim to exclude big swaths of honest nodes. Because the attacker chooses to make the outbound connection he can always beat out honest nodes for the consumption of inbound slots. At _best_ the old behavior increases attacker costs by a single group (e.g. one distinct group to use to fill up all your inbound slots), but at worst it allows the attacker to select whole networks you won't connect to. This commit makes the nodes use only outbound links to exclude network groups for outbound connections. Fancier things could be done, like weaker exclusion for inbound groups... but simplicity is good and I don't believe more complexity is currently needed.0.8
Gregory Maxwell
13 years ago
1 changed files with 4 additions and 3 deletions
Loading…
Reference in new issue