schmittlauch/Hash2Pub
1
0
Fork 1
Code Issues 47 Pull requests Releases Wiki Activity

protect against UDP spoofig and amplification attacks #81

New issue
Open
opened 2020-11-10 00:34:20 +01:00 by schmittlauch · 0 comments
schmittlauch commented 2020-11-10 00:34:20 +01:00
Owner
Copy link

The DHT protocol might be vulnerable to amplification attacks as responses are sent without the need for a successful handshake, allowing responses to spoofed requests to be sent.
Validating the node ID by recalculation does not help as both IP and domain can be spoofed in the request.

Example: Spoofed queryID request asks for lookup of an ID, requests 10 closest nodes as answer -> amplification factor ~ 10

  • limiting number of results returned to queries limits the amplification factor
The DHT protocol might be vulnerable to amplification attacks as responses are sent without the need for a successful handshake, allowing responses to spoofed requests to be sent. Validating the node ID by recalculation does not help as both IP and domain can be spoofed in the request. **Example**: Spoofed queryID request asks for lookup of an ID, requests 10 closest nodes as answer -> amplification factor ~ 10 - limiting number of results returned to queries limits the amplification factor
schmittlauch added the
security
 label 2020-11-10 00:34:20 +01:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
mainline
k-choices
measurement_logging
instrumentation
fix_networking
data_migration
refactorRingMap
instrumentation_prototype
Labels
Clear labels   
ActivityPub

   
advanced features

   
basic functionality

   
bug

   
DHT

   
evaluation

   
refactoring

   
security

   
test case

an edge case or usage pattern that needs a test

No labels
ActivityPub
advanced features
basic functionality
bug
DHT
evaluation
refactoring
security
test case
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: schmittlauch/Hash2Pub#81
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?