Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Optional CloseNotify on unrecognised data #7

Open
ShadowJonathan opened this issue Dec 7, 2021 · 1 comment
Open

Optional CloseNotify on unrecognised data #7

ShadowJonathan opened this issue Dec 7, 2021 · 1 comment
Labels
request External request to implement something in the library

Comments

@ShadowJonathan
Copy link
Owner

ShadowJonathan commented Dec 7, 2021

As a reason for this library's creation is to support ruma/lb, one other goal is to be marginally compatible with matrix-org/lb, which is a reference implementation of the "MSC", which contains the following bit in the proposal text;

DTLS operates over UDP which is "connectionless". This makes restarting connections after restarting the server difficult.
TCP has the concept of FIN packets, which let the client know that the connection they currently are using is dead and should be terminated. UDP has no equivalent. For this reason, restarting the server will take up to the connection timeout value for clients to detect a dead connection. This can be shortened by modifying DTLS to send CloseNotify alerts when the UDP socket receives unrecognised data.

While one problem with this section is that, if this was taken at "face value", this would allow a DoS attack, I'd like to also add in the additional functionality;

Allow an optional configuration setting in the server listener, which will respond to unrecognised DTLS packets with CloseNotify, and only every X amount of times for connections in a timeout.

This would mitigate DoS amplification attacks, while eventually edging off existing DTLS connections after such a server restart.

Of course, the default behaviour would be to drop these packets, this is an opt-in behaviour.

@ShadowJonathan
Copy link
Owner Author

Hmmm, actually, there may be a problem with this behaviour, as alert messages required an encryption context, and receiving and processing this effectively could allow for DoS attacks, similarly to a MITM agent sending a RST to either party.

This is exasperated by the fact that UDP can allow very easy source address spoofing, I'll notify the authors of this proposal of this problem.

@ShadowJonathan ShadowJonathan added the request External request to implement something in the library label Dec 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
request External request to implement something in the library
Projects
None yet
Development

No branches or pull requests

1 participant