0

I'm not entirely sure if this is the right place to ask this, and I'm also slightly fuzzy on how the p2p system works, so correct me if I'm wrong.

I've been looking into the practical implications of decentralized P2P networks, and there's a few issues I've noticed, generally relating to the security side of things. First, as stated in this post, I can forsee that problems would arise with MITM and spoofing attacks, so I'm not sure what the best practice is. For instance, let's say a node A sends data to node B, and then B relays that info to C, what is stopping B from spoofing, sniffing or modifying the data? Also, wouldn't it be a huge risk on the part of all nodes to open the ports for a P2P connection in the first place? Is there some possible way for the nodes to communicate directly without opening extra ports? I'm mostly just wrapping my head around how anyone would implement this securely.

Community
  • 1
Dylan Katz
  • 243
  • 1
  • 3
  • 9

1 Answers1

1

You asked quite a lot of different questions here. I'll try answering each.

Spoofing/sniffing:

The cure is encryption. More specifically Public Key Infrastructure. Then B can't modify (or even decrypt) data that it's relaying. The only question here is how you want to implement the key exchange (so that it can't be attacked).

Open ports:

An open port is by itself isn't a vulnerability. This really depends on the software that listens on it.

Communication:

Decentralized means that peers communicate with peers (without a central authority). Thus they need to listen to their peers for input.
(Because you can't really talk to someone who isn't listening to you.)

If you are really interested in this kind of thing check out the Tor project.

Wolfer
  • 298
  • 2
  • 13