naiyoma
This is an update on the Addr fingerprinting attack and potential mitigation strategies. It’s still a work in progress, so if you see any blind spots or have ideas on how to test these approaches, please let us know.
Tldr: Nodes that are reachable over multiple networks (e.g., IPv4 and Tor) can be fingerprinted by comparing ADDR responses across different connections. A correlation between addresses is created and further strengthened using shared timestamps.
Since the previous post, we’ve eliminated some solutions and identified others for consideration. We’ve gained deeper insights into the network topology and identified new factors to consider.
One key factor is that AddrMan has a 30-day horizon for addresses; that is, how old an address can be before it is considered stale. A stale address is one whose timestamp hasn’t been updated recently, meaning it hasn’t been seen through a direct connection, received from a peer, or self-announced. Such an address is likely offline and no longer part of the network.
...read more at delvingbitcoin.org
pull down to refresh
related posts
It sounds like they are investigating a solution that would involve all nodes returning the same timestamp updated on a regular basis:
With approach 3 (unidirectional aging) wouldn't the rapid eviction problem compound in a network where most nodes are behind Tor? If addresses age out in 2 hops and Tor connections are already slower to propagate, you could end up with nodes that can barely discover each other. Seems like approach 2 might hold up better in practice since it at least preserves real timestamps within the same network type. Have you tested what the address table looks like after a few hours with each approach?