MASQ-Project
Quiet and Shy
Suppose Gossip shows up at a clandestine port from a Node we don't already know. This Node could be an attacker trying to A) identify us as a MASQ Node, and B) put our IP address on a government watch list.
Adding this Node to our Neighborhood and sending it CORES packages will absolutely confirm our identity as a MASQ Node, so we don't necessarily want to do that.
Even accepting a connection on a clandestine port, even if we immediately close it, will confirm at least that we have that clandestine port open and may be a Substratum Node. We'd rather not do that either.
Solution: rework the clandestine listeners at a lower level, so that whenever a TCP SYN is received, the Neighborhood is consulted to see if the Node attempting to connect is known by IP address. If so, continue the connection handshake with a SYN-ACK and proceed normally.
If not, ignore the TCP SYN altogether, so that it will look like the clandestine port is not open.
Note: this may require handling 127.0.0.1:80 and 127.0.0.1:443 (loopback ports for the local browser) differently from NIC:80 and NIC:443 (external clandestine ports for CORES traffic).
