[Bitcoin-development] CAddrMan: Stochastic IP address manager
Michael Hendricks
michael at ndrix.org
Tue Jan 31 15:07:16 UTC 2012
On Tue, Jan 31, 2012 at 12:17 AM, Gregory Maxwell <gmaxwell at gmail.com> wrote:
> On Mon, Jan 30, 2012 at 11:33 PM, Michael Hendricks <michael at ndrix.org> wrote:
>> address manager point to the attacker. If a client has 8 connections
>> to the network, a Sybil attack would succeed 1.7% of the time.
>
> Meh, careful not to mixup addrman created issues with preexisting ones
> simply related to the number of connections vs the number of nodes.
> Even absent addressman someone who can spin up a large multiple of the
> current nodes as tcp forwarders to a system they control can capture
> all of a nodes outbound connections.
I think I've explained myself poorly. On my nodes, the old address
database routinely has 120k addresses. With the new address manager,
it will have 20k addresses. Filling the former with 60% evil nodes
requires 72,000 evil nodes; while the latter requires 12,000.
As I mentioned in my first post, I think the new address manager "is a
valuable improvement over what we have today". I think it should be
included in the next release.
I also think we should be aware that we're making it somewhat easier
to isolate outbound-only nodes. A single listening node can support
15 non-listening nodes (125/8). The network currently has 5
non-listening nodes for every listening node. That ratio has stayed
quite stable, so I think we have wiggle room if we wanted to allow
more outbound connections in some circumstances.
--
Michael
More information about the bitcoin-dev
mailing list