Comment by infogulch
7 hours ago
That's an interesting stress test for I2P. They should try to fix that, the protocol should be resilient to such an event. Even if there are 10x more bad nodes than good nodes (assuming they were noncompliant I2P actors based on that thread) the good nodes should still be able to find each other and continue working. To be fair spam will always be a thorny problem in completely decentralized protocols.
> Even if there are 10x more bad nodes than good nodes [...] the good nodes should still be able to find each other
What network, distributed or decentralized, can survive such an event? Most of the protocols break down once you hit some N% threshold of the network being bad nodes, asking it to survive 1000%+ bad nodes when others usually is something like "When at least half the nodes are good". Are there existing decentralized/distributed protocols that would survive a 1000% attack of bad nodes?
Finding good nodes is a thorny problem for human friendship, too!
Funny and excellent comment!
That's why the Web of Trust, or classic GNUPG key signing parties are a forgotten/ignored must have. Anyone can change and go rouge of course, but it's statistically less likely.
If I understand gp correctly, the web of trust comes after finding these human nodes, and will not help you in the process.
1 reply →
No. They should not try to survive such attacks. The best defense to a temporary attack is often to pull the plug. Better than than potentially expose users. When there are 10x as many bad nodes as good, the base protection of any anonymity network is likely compromised. Shut down, survive, and return once the attacker has moved on.
This is why Tor is centralized, so that they can take action like cutting out malicious nodes if needed. It’s decentralized in the sense that anyone can participate by default.
> so that they can take action like cutting out malicious nodes if needed
How does that work?
2 replies →
Why would an attacker move on if it can maintain a successful DoS attack forever?
Because botnets are mostly there to make money nowadays. Or owned by state actors.
Either way, it’s opportunity cost.
The mentioned botnet didn't intentionally take down I2P. It's run by bunch of kids who don't know what they're doing.