Resilience against weird failures and denial of service attacks
In networking theory a network connection could be successful as long as there is at least one operational path between the source and the target. It should not matter how many failed network devices and lines there are and in which way they have failed. This includes failures which have been deliberately caused by a human to harm the network.
However there are some failures which are harder to recover from:
- Addressing conflicts: If a node A failes by duplicating the address of node B, node B may not be reachable any more. This can be solved by using public crypto keys or their hashes as addresses.
- Failures which confuse the route selection: This means that a failed node causes data to be routed in a way that is worse than if that failed node would not exist. This can happen if the failed node announces bugos routes. To avoid this, the node which makes the routing decision must get feedback on whether the decision lead to what was expected. Cor does the routing decision on the client node. For this reason, this feedback is very easy to get and can be fully trusted to be correct.
Gnunet also has a way to solve this.
- Ressource contention: Ressources like bandwidth can be easily used up until importent data cannot be transfered. Cor uses a credit system to limit the amount of ressources a single node can use.
However in some cases failed node can use ressources indirectly. Recovering from bogus routes and unstable/slow connections may require the routing daemon to do expensive trial-and-error route searches.
If multiple hosts are connected to the same network segment, it is usually easy for a single host to dos the segment. There is little cor can do to change this. Switched networks can be partially protected with some hardware support by manually assigning mac addresses to switch ports and filtering invalid mac addresses and excessive broadcast traffic.
However in ad-hoc wlan networks this remains unresolved and so an attacker can dos the network locally.