Node
Node copied to clipboard
Threats
This is meant to be a long-lived (perhaps permanent) epic keeping track of all the threats we perceive as being important to Node, and the progress that has been made in mitigating them.
Severity Definitions
H Makes MASQ Node essentially worthless if not mitigated M Means that MASQ cannot fulfill one or more of its promises, but doesn't completely disable it L Means that attackers can annoy users or steal annoyance amounts of money from them
| Sev | Threat | Description | Mitigation | Associated Cards |
|---|---|---|---|---|
| H | IP Rollup | Obtain a Node Descriptor; note IP address; join; when given an Introduction, create Node Descriptor and repeat | Revamp join process to allow introducee to refuse permission for introduction | |
| L | Data Drop | Attacker joins network and drops all data it should route or exit | Experiment with routes to identify such attackers; raise their undesirability; maybe ban | GH-573 |
| L | Intermittent Data Drop | Attacker drops only most data; lets some data through to fool defense algorithm | ||
| H | Lack of Masqueraders | Node traffic looks like Node traffic | Masqueraders and Selector | |
| H | Clandestine Ports | Clandestine ports are red flags for snoopers | Get ports from masquerader list before dropping privilege | GH-416 |
| L | Muddy Boots | Evil exit Node attaches additional garbage ("mud") to ends of responses, costing originating Node extra money | For protocols with readable lengths in packet headers, identify over-long packets and malefactor-ban the exit Node | GH-574, GH-575 |