Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security: Limit the number of outbound peer connections when dialing new peers #1850

Closed
Tracked by #2867
teor2345 opened this issue Mar 5, 2021 · 1 comment · Fixed by #2944
Closed
Tracked by #2867

Security: Limit the number of outbound peer connections when dialing new peers #1850

teor2345 opened this issue Mar 5, 2021 · 1 comment · Fixed by #2944
Assignees
Labels
A-network Area: Network protocol updates or fixes C-security Category: Security issues I-remote-node-overload Zebra can overload other nodes on the network

Comments

@teor2345
Copy link
Contributor

teor2345 commented Mar 5, 2021

Motivation

Zebra has no limit on the number of open outbound connections. This is a remote distributed denial of service risk.

We're not currently seeing this attack on the network, but it might be easy for malicious nodes to trigger. So we should fix it soon.

Suggested Design

In crawl_and_dial, limit the number of outbound connections.

peerset_initial_target_size is an existing zebra-network config. It's used to initialise the CandidateSet's outbound peer connection demand.

Edge Cases

Zebra should check and increase the connection limit as early as possible, before it uses any resources for the connection.

If a connection fails, the dialer puts the demand signal back in the demand channel. But if we do that when we're over the limit, we could cause an infinite busy-loop or deadlock.

We want Zebra to have more outbound than inbound connections, so we'll want to make the outbound limit slightly bigger than peerset_initial_target_size. We also want to avoid reaching this limit with just the initial seed peers.

@teor2345 teor2345 added C-bug Category: This is a bug A-rust Area: Updates to Rust code S-needs-triage Status: A bug report needs triage NU-5 Network Upgrade: NU5 specific tasks P-High C-security Category: Security issues I-heavy Problems with excessive memory, disk, or CPU usage I-slow Problems with performance or responsiveness I-unbounded-growth Zebra keeps using resources, without any limit labels Mar 5, 2021
@teor2345 teor2345 added this to the 2021 Sprint 4 milestone Mar 5, 2021
@teor2345 teor2345 changed the title Limit the number of open connections in zebra-network Limit the number of active peers in zebra-network Mar 5, 2021
@mpguerra mpguerra modified the milestones: 2021 Sprint 4, 2021 Sprint 5 Mar 8, 2021
@mpguerra mpguerra removed the S-needs-triage Status: A bug report needs triage label Mar 8, 2021
@teor2345 teor2345 added I-remote-node-overload Zebra can overload other nodes on the network P-Critical and removed P-High labels Mar 16, 2021
@mpguerra mpguerra modified the milestones: 2021 Sprint 5, 2021 Sprint 6 Mar 22, 2021
@teor2345
Copy link
Contributor Author

We can fix this issue after the mempool works

@teor2345 teor2345 added A-network Area: Network protocol updates or fixes and removed C-bug Category: This is a bug A-rust Area: Updates to Rust code NU-5 Network Upgrade: NU5 specific tasks I-heavy Problems with excessive memory, disk, or CPU usage I-slow Problems with performance or responsiveness I-unbounded-growth Zebra keeps using resources, without any limit labels Oct 19, 2021
@teor2345 teor2345 added the S-blocked Status: Blocked on other tasks label Oct 19, 2021
@teor2345 teor2345 self-assigned this Oct 25, 2021
@mpguerra mpguerra removed the S-blocked Status: Blocked on other tasks label Jan 24, 2022
mergify bot pushed a commit that referenced this issue May 23, 2023
* ZIPs were updated to remove ambiguity, this was tracked in #1267.

* #2105 was fixed by #3039 and #2379 was closed by #3069

* #2230 was a duplicate of #2231 which was closed by #2511

* #3235 was obsoleted by #2156 which was fixed by #3505

* #1850 was fixed by #2944, #1851 was fixed by #2961 and #2902 was fixed by #2969

* We migrated to Rust 2021 edition in Jan 2022 with #3332

* #1631 was closed as not needed

* #338 was fixed by #3040 and #1162 was fixed by #3067

* #2079 was fixed by #2445

* #4794 was fixed by #6122

* #1678 stopped being an issue

* #3151 was fixed by #3934

* #3204 was closed as not needed

* #1213 was fixed by #4586

* #1774 was closed as not needed

* #4633 was closed as not needed

* Clarify behaviour of difficulty spacing

Co-authored-by: teor <[email protected]>

* Update comment to reflect implemented behaviour

Co-authored-by: teor <[email protected]>

* Update comment to reflect implemented behaviour when retrying block downloads

Co-authored-by: teor <[email protected]>

* Update `TODO` to remove closed issue and clarify when we might want to fix

Co-authored-by: teor <[email protected]>

* Update `TODO` to remove closed issue and clarify what we might want to change in future

Co-authored-by: teor <[email protected]>

* Clarify benefits of how we do block verification

Co-authored-by: teor <[email protected]>

* Fix rustfmt errors

---------

Co-authored-by: teor <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-network Area: Network protocol updates or fixes C-security Category: Security issues I-remote-node-overload Zebra can overload other nodes on the network
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants