Category: Network

Our method is based on a simple observation. In our model, an observer who is one of g neighbors of the actual requester can expect to receive about 1/g of all requests, due to FOAF routing. Block locations, derived from a hash, are modeled as being evenly distributed on the circle. If the observer is actually two hops away from the original requester, then only about 1/gh of the requests will be received, assuming the requester has h neighbors.

PDF document Levine 2020

Combined with harvesting and adaptive search attacks, this attack explains why opennet is regarded by many core developers as hopelessly insecure. If you want good security you need to connect only to friends.

Freenet help

If somebody collects lot of hashes they can know what files a neighbour node is downloading and they also know the IP address. I thought Freenet was better than that. The friends only thing is not good. Do you have a friend that you want to know what you are downloading. If you collect enough “friends” there will at least one that will report what you are downloading.

The request must do a few hops before it is possible to see what is requested to make this secure.

I have not used Freenet for many years.

https://par.nsf.gov/servlets/purl/10281425

Took me many hours to get Wireguard working in a Windows server 2022 VM. After many hours i understood that large UDP packets disappeared when they should go from the guest to the host. UDP packets over 1000 bytes just disappeared. First i set MTU to 1000 in the Windows guest. That made the network work. When i switch the virtual network adapter to e1000e instead of virt-io the UDP packets stopped disappearing.

You can see the network connections names with

netsh int ipv4 show sub

You can change the MTU in windows with

netsh int ipv4 set sub <Connection name> mtu=<size> store=persistent

example

netsh int ipv4 set sub "Wi-Fi 2" mtu=1492 store=persistent

It worked. I found a script that uses ip2route set up a 6rd tunnel on Linux. If you look at the script you see that the IPv6 address is calculated from the IPv4 address. That is bad. That means if your IPv4 address changes your IPv6 addresses will also change. I will continue to use a Hurricane electric tunnel. Then the IPv6 addresses will always be the same.

#!/bin/sh

## You must have a real routable IPv4 address for IPv6 rapid deployment (6rd)
## tunnels.
## Also make sure you have at least linux kernel 2.6.33 and you have enabled 6rd
## CONFIG_IPV6_SIT_6RD=y

PREFIX="2a02:2b64"                  # 6rd ipv6 prefix
GATEWAY=`dig +short 6rd.on.net.mk`  # 6rd gateway host

modprobe sit

## Try to autodetect the local ipv4 address
MYIPV4=`ip -o route get 8.8.8.8 | sed 's/.* src \([0-9.]*\) .*/\1/'`

## Generate an IPv6-RD address
MYIPV4_nodots=`echo ${MYIPV4} | tr . ' '`
IPV6=`printf "${PREFIX}:%02x%02x:%02x%02x::1" ${MYIPV4_nodots}`

## Setup the tunnel
ip tunnel add 6rd mode sit local ${MYIPV4} ttl 64
ip tunnel 6rd dev 6rd 6rd-prefix ${PREFIX}::/32
ip addr add ${IPV6}/32 dev 6rd
ip link set 6rd up
ip route add ::/0 via ::${GATEWAY} dev 6rd


## IPv6-rd allows you to have IPv6 network in your LAN too. Uncomment the
## following 3 lines on your Linux router and set the correct LAN interface.
## You might also want to run the 'radvd' sevice to enable IPv6 auto-configuration
## on the LAN.

# sysctl -w net.ipv6.conf.all.forwarding=1
# LANIF=eth0
# ip addr add ${IPV6}/64 dev ${LANIF}

I thought the Scale-out fileserver role in Windows server cluster would be good for my file shares. I was wrong. Scale-out file server is for some special cases. It is mostly for Hyper-V and SQL server. If you use it as an ordinary file share it will be slow. Saving files to the cluster shares are much faster now that i have changed them to the older File server.

Today i discovered that the zone was not validating any more. I have now set the valid period to 1 year and generated new signatures. I should not have to do anything for a year. I have to remember that in the end of this year i have resign my zone.