📅 Original date posted:2012-01-31
📝 Original message:On Tue, Jan 31, 2012 at 12:17 AM, Gregory Maxwell <gmaxwell at gmail.com> wrote:
> On Mon, Jan 30, 2012 at 11:33 PM, Michael Hendricks <michael at ndrix.org> wrote:
>> address manager point to the attacker. If a client has 8 connections
>> to the network, a Sybil attack would succeed 1.7% of the time.
>
> Meh, careful not to mixup addrman created issues with preexisting ones
> simply related to the number of connections vs the number of nodes.
> Even absent addressman someone who can spin up a large multiple of the
> current nodes as tcp forwarders to a system they control can capture
> all of a nodes outbound connections.
I think I've explained myself poorly. On my nodes, the old address
database routinely has 120k addresses. With the new address manager,
it will have 20k addresses. Filling the former with 60% evil nodes
requires 72,000 evil nodes; while the latter requires 12,000.
As I mentioned in my first post, I think the new address manager "is a
valuable improvement over what we have today". I think it should be
included in the next release.
I also think we should be aware that we're making it somewhat easier
to isolate outbound-only nodes. A single listening node can support
15 non-listening nodes (125/8). The network currently has 5
non-listening nodes for every listening node. That ratio has stayed
quite stable, so I think we have wiggle room if we wanted to allow
more outbound connections in some circumstances.
--
Michael
Michael Hendricks [ARCHIVE] /
npub1xs…c4k9q
2023-06-07 03:00:55
in reply to nevent1q…zgr6
Author Public Key
npub1xs2ujdur5f653rjudvugjgtsaths04mpgl86rtcnrw24w7us8hmszc4k9qPublished at
2023-06-07 03:00:55Event JSON
{
"id": "2c7358d3280bc2bbcb6e56da66a661602d69824df87daf464a03fc3818c3da10",
"pubkey": "3415c93783a275488e5c6b38892170eaef07d76147cfa1af131b95577b903df7",
"created_at": 1686106855,
"kind": 1,
"tags": [
[
"e",
"c8cd18df3a4b91b5c814c19333fbefa9dd94a17bd1f2c1fb3e3d7e42339f0dfd",
"",
"root"
],
[
"e",
"49ed3a624005855017ab5723fa04e70b7a162f0cce6b41ba02ec61d29463e3bc",
"",
"reply"
],
[
"p",
"4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73"
]
],
"content": "📅 Original date posted:2012-01-31\n📝 Original message:On Tue, Jan 31, 2012 at 12:17 AM, Gregory Maxwell \u003cgmaxwell at gmail.com\u003e wrote:\n\u003e On Mon, Jan 30, 2012 at 11:33 PM, Michael Hendricks \u003cmichael at ndrix.org\u003e wrote:\n\u003e\u003e address manager point to the attacker. If a client has 8 connections\n\u003e\u003e to the network, a Sybil attack would succeed 1.7% of the time.\n\u003e\n\u003e Meh, careful not to mixup addrman created issues with preexisting ones\n\u003e simply related to the number of connections vs the number of nodes.\n\u003e Even absent addressman someone who can spin up a large multiple of the\n\u003e current nodes as tcp forwarders to a system they control can capture\n\u003e all of a nodes outbound connections.\n\nI think I've explained myself poorly. On my nodes, the old address\ndatabase routinely has 120k addresses. With the new address manager,\nit will have 20k addresses. Filling the former with 60% evil nodes\nrequires 72,000 evil nodes; while the latter requires 12,000.\n\nAs I mentioned in my first post, I think the new address manager \"is a\nvaluable improvement over what we have today\". I think it should be\nincluded in the next release.\n\nI also think we should be aware that we're making it somewhat easier\nto isolate outbound-only nodes. A single listening node can support\n15 non-listening nodes (125/8). The network currently has 5\nnon-listening nodes for every listening node. That ratio has stayed\nquite stable, so I think we have wiggle room if we wanted to allow\nmore outbound connections in some circumstances.\n\n-- \nMichael",
"sig": "88f987de3724b9cb57f9b36e12a9a81e5a950cc7305a999a8f2b74f71fd64e24767fb102d68f38125a144c32955b7dc6ad76a3dd5c2e0e0b7c611d75b12bf664"
}