-
Notifications
You must be signed in to change notification settings - Fork 11
Is the idea of IPFS rendering DDoS attacks impossible hyperbole ? #171
Comments
You can reference content without domain names. And you can use ipns names
|
thanks @jbenet , can you point me to a document describing mechanics of referencing content without domain name ? |
OK so I have a pretty weak understanding in this area. As in, I'm not sure why a site is fundamentally vulnerable to a DDoS attack because it exposes its name. but here's an example doc on how to use IPFS's naming system: https://ipfs.io/ipfs/QmTkzDwWqPbnAh5YiV5VwcTLnGdwSNsNTn2aDxdXBFca7D/example#/ipfs/QmQwAP9vFjbCtKvD8RkJdCvPHqLQjZfW7Mqbbqx18zd8j7/ipns/readme.md you can find examples like this indexed here: https://ipfs.io/docs/examples/ |
Not sure I understand why it's theoretically impossible here @jbenet and I find the mind experiment interesting. Let's say Alice is in the same LAN as Bob and Alice tries to access some files over ipfs, if Bob actually floods the bandwidth with requests to the same content it should make Alice calls fail no ? (Assuming no one in this LAN ever accessed this content before... meaning you have to reach other nodes to get it, that makes a significant difference from the current Dos attacks). I mean I don't see why you can't deny the actual content access based on IO saturation.. Even if the content blocks are spread across multiple nodes, as long as you can flood all the paths to all the blocks... I only have a limited understanding of ipfs which I am currently trying to improve (by reading stuff), so please tell me any (obvious or complex) flaw I didn't catch in my thought process.
|
@theobat generally, local attacks on specific clients are not considered in the DDoS threat model. Traditional DDoS attacks focus on one or a few data centers hosting a web service. One of the obvious differences with IPFS is that there may be many nodes hosting a piece of content distributed over a large area, so flooding all of them is more difficult. Also, by default many web servers will do a lot of work for each HTTP request that reaches them, so you don't have to send too many to pin a server's CPU or disk or outgoing bandwidth. By contrast, IPFS protects against these high-level attacks the same way it protects against leechers; by refusing to share blocks with nodes that aren't being helpful. Attackers can still conduct lower-level attacks, which are generally focused on saturating a node's inbound network connection. There are only a few ways to protect against this: (1) ask your upstream provider (ISP) to pretty please block the offending IP addresses, so they can't fill up your network connection, and two (2) get a bigger pipe. It is typically very hard to convince an ISP to go with 1. In the standard web ecosystem, you can simulate (2) by using a CDN service like CloudFlare which has some very large pipes and can effectively block even an extremely large attack. In IPFS, all you can really do is try to convince other nodes to pin your files. If there are enough nodes, you can collectively have a higher bandwidth than the attacker. |
thanks for the thorough explanation @raptortech-js, still many things to learn |
IPFS is vulnerable to content attacks because it uses protocols that are. It uses s/kademlia which associates ip addresses with hashes in order to make attacks on the network difficult, but an adversary which can perform DDOS has access to many ip addresses, so can still freely attack the DHT and remove content. It uses bittorrent which publicizes all peers holding the content, so they can be attacked individually to make the content inaccessible. The attack model is different, but the issue is still there. |
This issue has been moved to https://discuss.ipfs.io/t/is-the-idea-of-ipfs-rendering-ddos-attacks-impossible-hyperbole/434. |
Reading this techcrunch article : https://techcrunch.com/2015/10/04/why-the-internet-needs-ipfs-before-its-too-late/ it states
The statement "making DDoS attacks impossible seems implausible ? Every site is fundamentally vulnerable to a DDoS attack as it exposes it's domain name. How does IPFS fix this ? Is it somehow related to if a node becomes offline due to DDoS an alternative node replaces the offline node to serve content, but in this scenario the domain name of the node is changed ?
The text was updated successfully, but these errors were encountered: