plugeth/p2p
Felix Lange de7af720d6 p2p/discover: implement node bonding
This a fix for an attack vector where the discovery protocol could be
used to amplify traffic in a DDOS attack. A malicious actor would send a
findnode request with the IP address and UDP port of the target as the
source address. The recipient of the findnode packet would then send a
neighbors packet (which is 16x the size of findnode) to the victim.

Our solution is to require a 'bond' with the sender of findnode. If no
bond exists, the findnode packet is not processed. A bond between nodes
α and β is created when α replies to a ping from β.

This (initial) version of the bonding implementation might still be
vulnerable against replay attacks during the expiration time window.
We will add stricter source address validation later.
2015-04-01 17:00:12 +02:00
..
discover p2p/discover: implement node bonding 2015-04-01 17:00:12 +02:00
nat p2p/nat: switch to github.com/huin/goupnp 2015-02-17 13:10:11 +01:00
handshake_test.go p2p: make encryption handshake code easier to follow 2015-03-04 12:27:24 +01:00
handshake.go p2p: use package rlp to encode messages 2015-03-19 15:11:02 +01:00
message_test.go p2p: use package rlp to encode messages 2015-03-19 15:11:02 +01:00
message.go Merge branch 'develop' into conversion 2015-03-21 14:52:42 +01:00
peer_error.go p2p: fixes for actual connections 2015-02-07 00:43:52 +01:00
peer_test.go p2p: use package rlp to encode messages 2015-03-19 15:11:02 +01:00
peer.go p2p: log disconnect requests 2015-03-19 15:15:07 +01:00
protocol.go p2p: print Cap as name/version 2015-02-13 23:54:34 +01:00
rlpx_test.go p2p: use package rlp to encode messages 2015-03-19 15:11:02 +01:00
rlpx.go p2p: reject messages that cannot be written as simple RLPx frames 2015-03-04 16:42:01 +01:00
server_test.go p2p: use package rlp to encode messages 2015-03-19 15:11:02 +01:00
server.go p2p: use package rlp to encode messages 2015-03-19 15:11:02 +01:00
testlog_test.go fix p2p/testlog_test 2015-03-23 16:41:41 +00:00