Any thing a pen tester can help out with?

I’m new to the SAFE project. I was wondering if their was any need for pen-testers within the community. And if so, who do contact to get started ?.

5 Likes

Welcome to the forum :thumbsup:. I guess all testers and hackers are welcome to try to find weak spots in the project. @lightyear is the person to ask.

1 Like

Great Thanks !. I’m assuming he will reply on here then ?

1 Like

Hello @ifindproblems,

I suppose the starting point would to be do setup the current Alpha release and dig around? I am not sure how pen testing usually works/what kind of setup is done. I am happy to assist with specific questions though!

Hope that helps.
Ben

Ok great. just didn’t expect to get a “Do what ever you want” reply haha

7 Likes

I’m guessing that the client is basically a tunnel into the network. Are there any filters on what data can be sent through it as i don’t want any leaks into the public internet.

Hey @ifindproblems Break it! Keep breaking it! Keep breaking it till you cant!

5 Likes

roger that…

5 Likes

Ok, so data is routed through the clients of users. Which can be a mix off different operating systems ?

You should check out David Irvine’s blog at https://metaquestions.me/ It’s filled full of important information on the SAFE Network and explained by the creator himself. :slight_smile:

3 Likes

Yup. There is MS and Linux. (Not sure about mac)

Also, there was couple other posters that manage to install on android tablet.

Welcome to the forums!

Is there any way i can get a detailed description of how the clients talk to each other ?

Maybe this helps…

https://github.com/maidsafe

2 Likes

So what SAFE is at the moment:

  • Vaults. This is the stuff that makes the network and routes encrypted chunks. I guess this is where you want to poke the system as well. At the moment the Vaults all run on 200 Maidsafe droplet servers, next week we’ll have TEST 8 where we run Vaults from home again.
  • The Launcher is the main entry to the network. It uses the Vault (your own or someone else) as a proxy to the network. In the launcher you create your account with log in.
  • Demo App. This connects with the Launcher but it won’t ever see you log in details. You have to give permission to connect to the network using the Launcher.

Hope that helps.

4 Likes

Bring’s me back to my first question. I do think someone should lay out rules of engagement for people looking to attack these severs. Having a free for all wouldn’t be good for the project.

These servers are temporarily. The idea is to make things 100% P2P. We already ran several tests with Vaults from home. You can run simple local networks as well. Or try to test/attack the TEST 8 network in the coming week.

2 Likes

Yes, it is good. Because that is the real world the network must work in.

2 Likes

Having a free for all wouldn’t be good for the project.

Don’t be a white hat, be a black or gray hat. :stuck_out_tongue:

Wouldnt it make more sense to attack the Test 8 vault network?? Also a caveat, data chains and disjoint groups (in routing) are not yet implemented which will enable the banning of misbehaving nodes. Which will make attacks harder yet again. I don’t know if it makes sense attacking the alpha that are on digital ocean as this is not real world i.e. Behind different home routers and running on different OS plus versions etc.

4 Likes

While there is rather good high-level abstract documentation, we don’t have much on the way things actually work other than the code an the internal documentation itself. One important thing to note is that this isn’t the usual project as it doesn’t have classic “server” you can attack. Internally, it is a little more like a p2p-network and you’d probably have to engage more in the way you’d attack that. And as @polpolrene already said, the project isn’t even running in the state/setup it is supposed to do in reality.

Therefore, what I meant to communicate earlier is that we can’t yet give a good “rule for engagement” – we just aren’t there yet. If you want to poke around and play with stuff, you are very welcome to do so and we love to have any results or tips on how to write documentation for that, but we can’t give much help on that at the moment.

6 Likes