As far as i can tell this is not the case for current or proposed. And I agree is bad.
And again this is neither current or previous AFAIK and allows a otherwise malicious node to behave until strike timeout period expires then starting doing bad things again. - I don’t like
You would only do that from logs. And in the end we want set and forget so I would understand this will not happen in production versions. But for testing then this could be a good thing, but not for production, fixes should already be done and every standard node work the same, nothing for you to change.
Currently a malicious will only say another node is bad when asked. If it does it without being asked then it shows itself as bad or malicious.
AFAIK or can tell
Current.
- Node A thinks node B is bad
- Node A asks neighbours what it thinks of node B
- Node A gets responses
- Node A factors in those responses into its analysis.
Proposed
- Node A considers Node B as bad
- Node A then tells neighbours that Node B is bad in its opinion and has removed Node B from its RT
- Node C (a neighbour) puts a strike against Node B in its bad node table.
Potential Amplification attack Node M is malicious node. Node N is any one neighbour to Node M
- Node M acts properly
- Node M attacks later on by telling neighbours (20 from update, this is not to be confused with close nodes to a chunk but should include them) that each other node is bad.
- ie tell Node N1 that Node N2 to N20 is bad
- and tell Node N2 that Node N1 & N3-N20 is bad
- and so on
- Node N (any) then adds a strike against all the other neighbour Nodes
Now if another of the malicious nodes has two (or more) of those N1 to N20 nodes as neighbours then we see those common nodes getting 2 strikes against it in the eyes of each other.
Effectiveness of attack of proposed idea. Current system would (or should) see the malicious nodes as bad for sending unrequested messages.
- each of malicious nodes across all machines need to start the attack at around the same time for best effect, either comms via other means or just UTC time
- when the malicious nodes have common neighbours then serious problem with multiple strikes occurring against common neighbours
- time wasting and potentially tipping the balance for a node that has a hiccup being seen as bad by others (by chance really but will happen sometimes)
- If the repeat cycle of stopping the malicious nodes and restarting elsewhere in network is below the timeout period for strikes then double or triple strikes will be happening against some nodes.
- One PC of 50 nodes is unlikely to cause trouble in a million node network. But if machines are running 100 nodes and 50 machines then that is 5000 malicious nodes coordinating their attacks and repeating every so often with restarting nodes with new XOR address.
- 5000 nodes in a million node network is 1 in 200 nodes
- probability of common nodes assuming its 20 neighbours is reasonable when considering the whole 5000 nodes. And likely to see it multiple times.
- as the network grows this attack would more than likely turn into a time waster, but amplified.
Now is the proposed messaging the way I understand it, I am not sure.
I still think the current system is better when a node is considering another node is bad does it request from neighbours what they think.
- with or without this attack stated above
- reduces overall messages running around the network since only when a node sees another as potentially bad will any messages be sent and then to a smaller number like 2 to 5 only to the closest nodes.
- Proposed: if the 20 neighbours think a node is bad then those 20 are sending 20 messages each (400) for one bad node
- current system can be tailored to only ask the 2 to 5 closest nodes to the potentially bad one since the node asking is just after more knowledge and not warning to all 20 neighbours.
- Thus current system will have far fewer messages (4 to 10 if ask 2 to 5 - req&ans) and in worse case where the 20 neighbours all ask then 40 to 200, but the asking is an indication anyhow so the total number would be a lot less than that.