- 30 4月, 2015 1 次提交
-
-
由 Felix Lange 提交于
This commit changes the discovery protocol to use the new "v4" endpoint format, which allows for separate UDP and TCP ports and makes it possible to discover the UDP address after NAT.
-
- 24 4月, 2015 3 次提交
-
-
由 Péter Szilágyi 提交于
-
由 Péter Szilágyi 提交于
-
由 Péter Szilágyi 提交于
-
- 01 4月, 2015 1 次提交
-
-
由 Felix Lange 提交于
This a fix for an attack vector where the discovery protocol could be used to amplify traffic in a DDOS attack. A malicious actor would send a findnode request with the IP address and UDP port of the target as the source address. The recipient of the findnode packet would then send a neighbors packet (which is 16x the size of findnode) to the victim. Our solution is to require a 'bond' with the sender of findnode. If no bond exists, the findnode packet is not processed. A bond between nodes α and β is created when α replies to a ping from β. This (initial) version of the bonding implementation might still be vulnerable against replay attacks during the expiration time window. We will add stricter source address validation later.
-
- 13 2月, 2015 1 次提交
-
-
由 Felix Lange 提交于
-
- 09 2月, 2015 1 次提交
-
-
由 Felix Lange 提交于
-
- 07 2月, 2015 1 次提交
-
-
由 Felix Lange 提交于
The discovery RPC protocol does not yet distinguish TCP and UDP ports. But it can't hurt to do so in our internal model.
-
- 06 2月, 2015 2 次提交
-
-
由 Felix Lange 提交于
-
由 Felix Lange 提交于
-