Threats

[dnwiebe]

This is meant to be a long-lived (perhaps permanent) epic keeping track of all the threats we perceive as being important to Node, and the progress that has been made in mitigating them.

Severity Definitions

H Makes MASQ Node essentially worthless if not mitigated
M Means that MASQ cannot fulfill one or more of its promises, but doesn't completely disable it
L Means that attackers can annoy users or steal annoyance amounts of money from them

Sev	Threat	Description	Mitigation	Associated Cards
H	IP Rollup	Obtain a Node Descriptor; note IP address; join; when given an Introduction, create Node Descriptor and repeat	Revamp join process to allow introducee to refuse permission for introduction
L	Data Drop	Attacker joins network and drops all data it should route or exit	Experiment with routes to identify such attackers; raise their undesirability; maybe ban	GH-573
L	Intermittent Data Drop	Attacker drops only most data; lets some data through to fool defense algorithm
H	Lack of Masqueraders	Node traffic looks like Node traffic	Masqueraders and Selector
H	Clandestine Ports	Clandestine ports are red flags for snoopers	Get ports from masquerader list before dropping privilege	GH-416
L	Muddy Boots	Evil exit Node attaches additional garbage ("mud") to ends of responses, costing originating Node extra money	For protocols with readable lengths in packet headers, identify over-long packets and malefactor-ban the exit Node	GH-574, GH-575