blob: 57ec841903bf44af745d76594c747351783cf228 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
Filename: 107-uptime-sanity-checking.txt
Title: Uptime Sanity Checking
Version:
Last-Modified:
Author: Kevin Buaer and Damon McCoy
Created: 8-March-2007
Status: Open
Overview:
This document describes how to cap the uptime that is used when computing
which routers are maked as stable such that highly stable routers cannot
be displaced by malicious routers that report extremely high uptime
values.
This is similar to how bandwidth is capped at 1.5MB/s.
Motivation:
It has been pointed out that an attacker can displace all stable nodes and
entry guard nodes by reporting high uptimes. This is an easy fix that will
prevent highly stable nodes from being displaced.
Security implications:
It should decrease the effectiveness of routing attacks that report high
uptimes while not impacting the normal routing algorithms.
Specification:
We propose that uptime be capped at two months. Currently there are
approximetly 50 nodes with this amount of uptime, and the average uptime
is around 9 days. This cap would prevent these 50 nodes from being
displaced by an attacker.
Compatibility:
There should be no compatiblity issues due to uptime capping.
Implementation:
#define MAX_BELIEVABLE_UPTIME 60*24*60*60
dirserv.c
1448: *up = (uint32_t) real_uptime(ri, now);
if(*up > MAX_BELIEVABLE_UPTIME) {
*up = MAX_BELIEVABLE_UPTIME;
}
|
