Mallicous Peers spamming corrupted data

I read the ifps white paper. And I had a question around an attack that the MPAA/RIAA used against the bitcoin network.

Say I own 10% of all IFPS nodes, which is storing 10% of all IFPS data. Now let’s say that my nodes will only transmit corrupted trash. This would mean that ~1/10 user IFPS requests would end up wasting their bandwidth. Overall slowing down the IFPS network.

Am I wrong in this assumption? Or does the IFPS network have a node ranking system that lets you know how often a node transmits bad data chunks, or if a node has slow upload speed?

To Add. What if my 10% of all ifps nodes which claim to store 10% of all IFPS data are actually not storing anything.

Let’s also assume that I Have access to lots of ipv4 ip addresses. Which allows me to make 1000s of nodes on a given Virtual Machine. Making it cheap for me to start spamming the network with lots of malicious nodes.

This would enable a Denial of Service attack for relatively cheap…no?

Not 100% sure, but if a node is seeding corrupted data, these spam files will have a different IPFS hash, so nobody would ask for those files anyway, and the nodes would sit around idle. To corrupt the network you would have to hack IPFS itself, make the network think that your nodes are offering certain files with a certain hash, but with different corrupted files behind those hashes that are then downloaded by accessing nodes. And unless there are some grave security flaws in ipfs, I don’t think that would be possible.

So let’s say I really hate johnny. And Johnny has a sole file in IFPS. I could DDOS him by spinning up 1000 nodes that start to access said file. Now those 1000 nodes would start seeding the file, however whever anyone asks for the data my nodes would send over corrupted data. The client would quickly find out that my data is bad and would move on to the next node. In this case I’d own such a high percentage of the nodes sharing Johnny’s file that I’d effectively make it that much harder to use IPFS.

attack #1.1, simply adding lots of nodes to IPFS which received the initial data in an honest way, but seed only corrupted data.

In this case every malicious node would need to download the original file at least once, which makes attacking a single file cheap, but the network expensive.

I have Node A download a file F from a peer. From there Node A claims that it gave File F to 1000 of my fake nodes. Those Fake nodes now advertise they have File F and transmit corrupted data. Those fake nodes never needed to download the data, and IPFS tokens only changed within my hands. Now I’m able to add lots of fake nodes without incurring as much of a cost.

attack #1.2: Lots of nodes that show they have the file in the IPFS chain, but actually do not have any bits of the file, and instead transmit random bits.

Now lets say i dont want to simply spam IFPS, but I want to make it incredibly slow. In this case my fake nodes would stream actual data but at incredibly slow speeds.

Attack #1.3: Lots of nodes that show they have the file in the IPFS, and simply transmit at super slow speeds (think 1kbit/s). Making it unusable for you to download a large file.

All of these scenarios can be prevented with some ranking of each node’s past transaction performance. Think something similar to how ebay ranks it sellers (# of past sales, average rating by users,…etc).

I would recommend reading this:

Thanks for the link. Not seeing anything in the Quick Summary that shows how IFPS clients choose what nodes to grab a file from. Mind pointing me to the right direction?

i’d imagine that you are probably using the golang implementation, if so, my golang skills arent very good, so you could probably start here:

I am not using golang, this is a discussion on the protocol of ifps itself.

are you using javascript?

not using any language. I’m talking about the ifps protocol itself and how ifps clients choose which ifps node to grab files from.

And how ifps would prevent some mallicous actor from creating a botnet army to perform ddos attacks.

this may be a useful link:

Sadly did not find anything there that elaborates on how IFPS clients choose what nodes to connect to.

I have seen threads around a reputation based system that is in development. E.g:

However I’ve yet to find a doc which goes over the design of this reputation based system.

1 Like

you should create the doc and issue a pull request against their documentation.