Do not consider inbound peers for outbound network group exclusion. #1546

pull gmaxwell wants to merge 1 commits into bitcoin:master from gmaxwell:allowsamenetinbound changing 1 files +4 −3
  1. gmaxwell commented at 12:45 AM on July 2, 2012: contributor

    Bitcoin will not make an outbound connection to a network group (/16 for IPv4) that it is already connected to. This means that if an attacker wants good odds of capturing all a nodes outbound connections he must have hosts on a a large number of distinct groups.

    Previously both inbound and outbound connections were used to feed this exclusion. The use of inbound connections, which can be controlled by the attacker, actually has the potential of making sibyl attacks easier: An attacker can start up hosts in groups which house many honest nodes and make outbound connections to the victim to exclude big swaths of honest nodes. Because the attacker chooses to make the outbound connection he can always beat out honest nodes for the consumption of inbound slots.

    At best the old behavior increases attacker costs by a single group (e.g. one distinct group to use to fill up all your inbound slots), but at worst it allows the attacker to select whole networks you won't connect to.

    This commit makes the nodes use only outbound links to exclude network groups for outbound connections. Fancier things could be done, like weaker exclusion for inbound groups... but simplicity is good and I don't believe more complexity is currently needed.

  2. Do not consider inbound peers for outbound network group exclusion.
    Bitcoin will not make an outbound connection to a network group
(/16 for IPv4) that it is already connected to. This means that
if an attacker wants good odds of capturing all a nodes outbound
connections he must have hosts on a a large number of distinct
groups.

Previously both inbound and outbound connections were used to
feed this exclusion. The use of inbound connections, which can be
controlled by the attacker, actually has the potential of making
sibyl attacks _easier_: An attacker can start up hosts in groups
which house many honest nodes and make outbound connections to
the victim to exclude big swaths of honest nodes. Because the
attacker chooses to make the outbound connection he can always
beat out honest nodes for the consumption of inbound slots.

At _best_ the old behavior increases attacker costs by a single
group (e.g. one distinct group to use to fill up all your inbound
slots), but at worst it allows the attacker to select whole
networks you won't connect to.

This commit makes the nodes use only outbound links to exclude
network groups for outbound connections. Fancier things could
be done, like weaker exclusion for inbound groups... but
simplicity is good and I don't believe more complexity is
currently needed.
    19521acfa4
  3. gmaxwell commented at 4:38 AM on July 2, 2012: contributor

    FindNode() ensures we don't outbound connect to the same address we have inbound even without the group limitation.

  4. sipa commented at 2:15 PM on July 2, 2012: member

    ACK

  5. gavinandresen commented at 2:38 PM on July 2, 2012: contributor

    ACK

  6. jgarzik commented at 2:52 PM on July 2, 2012: contributor

    ACK

  7. jgarzik referenced this in commit 3898609304 on Jul 4, 2012
  8. jgarzik merged this on Jul 4, 2012
  9. jgarzik closed this on Jul 4, 2012
  10. nifgraup referenced this in commit c5b06fe6e9 on Mar 30, 2014
  11. suprnurd referenced this in commit 304b886d08 on Dec 5, 2017
  12. DrahtBot locked this on Sep 8, 2021
Contributors
gmaxwellsipagavinandresenjgarzik
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-18 21:16 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me