| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 |
- Filename: 107-uptime-sanity-checking.txt
- Title: Uptime Sanity Checking
- Version:
- Last-Modified:
- Author: Kevin Buaer and Damon McCoy
- Created: 8-March-2007
- Status: Open
- Overview:
- This document describes how to cap the uptime that is used when computing
- which routers are maked as stable such that highly stable routers cannot
- be displaced by malicious routers that report extremely high uptime
- values.
- This is similar to how bandwidth is capped at 1.5MB/s.
- Motivation:
- It has been pointed out that an attacker can displace all stable nodes and
- entry guard nodes by reporting high uptimes. This is an easy fix that will
- prevent highly stable nodes from being displaced.
- Security implications:
- It should decrease the effectiveness of routing attacks that report high
- uptimes while not impacting the normal routing algorithms.
- Specification:
- We propose that uptime be capped at two months. Currently there are
- approximetly 50 nodes with this amount of uptime, and the average uptime
- is around 9 days. This cap would prevent these 50 nodes from being
- displaced by an attacker.
- Compatibility:
- There should be no compatiblity issues due to uptime capping.
- Implementation:
- #define MAX_BELIEVABLE_UPTIME 60*24*60*60
- dirserv.c
- 1448: *up = (uint32_t) real_uptime(ri, now);
- if(*up > MAX_BELIEVABLE_UPTIME) {
- *up = MAX_BELIEVABLE_UPTIME;
- }
|
