Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | cmd/bootnode, eth, p2p, p2p/discover: use a fancier db design | Péter Szilágyi | 2015-04-24 | 1 | -3/+3 |
| | |||||
* | cmd/bootnode, eth, p2p, p2p/discover: clean up the seeder and mesh into eth. | Péter Szilágyi | 2015-04-24 | 1 | -3/+3 |
| | |||||
* | p2p/discovery: fix broken tests due to API update | Péter Szilágyi | 2015-04-24 | 1 | -3/+3 |
| | |||||
* | p2p/discover: fix off by one error causing buckets to contain duplicates | Felix Lange | 2015-04-01 | 1 | -0/+42 |
| | |||||
* | p2p/discover: implement node bonding | Felix Lange | 2015-04-01 | 1 | -100/+70 |
| | | | | | | | | | | | | | | | | This a fix for an attack vector where the discovery protocol could be used to amplify traffic in a DDOS attack. A malicious actor would send a findnode request with the IP address and UDP port of the target as the source address. The recipient of the findnode packet would then send a neighbors packet (which is 16x the size of findnode) to the victim. Our solution is to require a 'bond' with the sender of findnode. If no bond exists, the findnode packet is not processed. A bond between nodes α and β is created when α replies to a ping from β. This (initial) version of the bonding implementation might still be vulnerable against replay attacks during the expiration time window. We will add stricter source address validation later. | ||||
* | p2p/discover: deflake UDP tests | Felix Lange | 2015-02-09 | 1 | -0/+12 |
| | |||||
* | p2p/discover: add node URL functions, distinguish TCP/UDP ports | Felix Lange | 2015-02-07 | 1 | -110/+6 |
| | | | | | The discovery RPC protocol does not yet distinguish TCP and UDP ports. But it can't hurt to do so in our internal model. | ||||
* | p2p/discover: add some helper functions | Felix Lange | 2015-02-06 | 1 | -3/+3 |
| | |||||
* | p2p/discover: new package implementing the Node Discovery Protocol | Felix Lange | 2015-02-06 | 1 | -0/+403 |