Ignore/Avoid bogus advertisements #1771
Labels
Comments
Stebalien
changed the title
|
@Stebalien yes, you're right. We should do this better. We need to treat our transports and links like interfaces properly, and bring the internet into ipfs. We currently don't. But have plans for it. |
|
👍 this is a lot of our 'over dialing' problem. |
|
Closing in favor of the libp2p issues. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
IPFS peer discovery should be interface specific. That is, if I discover a peer via an interface, I should only contact/advertise that peer through that interface. This is actually a security problem because one can currently trick an IPFS daemon into connecting to any private service. While robust services will just ignore such connections, many services written to run on private networks/localhost aren't robust.
Additionally, to prevent the propagation of bogus addresses, IPFS should only advertise non-public peers (loopback, private network) via the interface by which they can be reached.
The text was updated successfully, but these errors were encountered: