[p2p-hackers] P2P Authentication
Alen Peacock
alenlpeacock at gmail.com
Thu Oct 27 15:45:19 UTC 2005
On 10/27/05, Kerry Bonin <kerry at vscape.com> wrote:
>
> There is also a simple way to harden against this - never publish the CA
> IPs to the network, only publish (D[s]HT) a list of current proxies that can
> access the CAs. Attacking the CAs then means attacking the proxies, and any
> known CA addresses. During an attack, it is possible to republish the proxy
> list. If your attackers are following the CA proxy list then you have a
> larger problem, but that can also be mitigated by exponentially increasing
> the active proxy list, which is simple if this proxy service is part of the
> peer protocol suite. This may expose more CA IPs via compromised nodes, but
> using a second layer of proxies selected by uptime or other trust metrics
> can further limit. It is also possible to use "honey pot" strategies to
> identify which proxies are leaking CA IPs. This approach, plus using a
> connect protocol that includes DDOS resistance like client puzzles, the
> attacker has quite a hard time taking down the CA's. There are more tricks,
> these are just some of my favorite...
Who controls the CA proxies in this scheme? If the "proxy service
is part of the peer protocol suite" (I interpret this to mean that the
proxies are just as untrusted as regular peers, or /are/ the regular
peers), then you now have to worry about malicious and misbehaving
proxies, which could provide an even bigger avenue of attack than the
original set of CAs, no? I'm sure you've thought about this and
probably have some countermeasures to mitigate these effects too, but
I wonder if it doesn't start to look like a rabbit hole?...
Alen
More information about the P2p-hackers
mailing list