DHT Security / by Your Name

There is an interesting thread on the p2p-hackers mailing list about DHT Security Issues and it reminded me of some of the cool stuff we did back in the days at LimeWire when we were working on the Mojito DHT (now Gnutella DHT).

One problem we were facing was that an attacker could spawn a bunch of malicious Nodes and pick their IDs strategically (due to lack of central control) so that they would take over a certain key-space and make the affected section of the DHT essentially unusable or let's say not trustworthy.

The simple idea I had to address this problem was to limit the number of hosts coming from the same Class-C Network per bucket. Once a certain threshold was reached the routing table would refuse to add a new host from the affected subnet and an attacker would have to spread among many subnets to pull this off.

It's great to see that this simple idea is living on in gtk-gnutella and I've generalized it since then and implemented it as a standalone class in my ardverk-base library.