gpg: Signature made Mon Apr 28 18:00:38 2008 UTC using DSA key ID E43DA450
gpg: Good signature from "Matthew John Toseland <toad@amphibian.dyndns.org>"
On Saturday 26 April 2008 02:43, Jim Cook wrote:
> As far as I know, I don't know anyone running Freenet, so I'm running
> in insecure/promiscuous mode. Freenet kindly warns me that others
> can therefore identify my node and attack it. However, although I've
> read the FAQ and googled some, I'm not clear what sorts of attacks
> are possible, other than knowing which sites I've visited.
Lots. Read the wiki, start with the security page:
http://wiki.freenetproject.org/FreenetZeroPointSevenSecurity
>
> Freenet also reminds me to forward UDP ports XXXXX and XXXX because
> I'm behind a NAT, and so other nodes behind symmetrical NATs can't
> connect to my node. However, Freenet seems to be working OK in that
> I'm connected to ca. 13 nodes. I currently don't forward any ports
> through my hardware firewall, and I hesitate to do so without
> understanding the security implications.
The result of forwarding the UDP ports is that Freenet can accept incoming
connections from nodes which it isn't already sending a packet to. This is
necessary for:
- Connecting to any node on a dynamic IP address. (You may still be able to
connect, but only if the node manages to connect to one of its other peers
and ARKs are working).
- Connecting to any node behind a symmetric firewall/NAT.
- Being a seednode.
>
> I'd appreciate suggestions for further reading re both issues.
>
> Thanks again.
