Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Zebra should limit the number of addresses it sends to peers, to avoid address book discovery #1889

Closed
1 of 3 tasks
teor2345 opened this issue Mar 12, 2021 · 1 comment · Fixed by #3007
Closed
1 of 3 tasks

Zebra should limit the number of addresses it sends to peers, to avoid address book discovery #1889

teor2345 opened this issue Mar 12, 2021 · 1 comment · Fixed by #3007
Assignees
@oxarbitrage
Labels
A-rust Area: Updates to Rust code C-bug Category: This is a bug C-security Category: Security issues I-invalid-data Zebra relies on invalid or untrusted data, or sends invalid data I-remote-node-overload Zebra can overload other nodes on the network
Milestone
2021 Sprint 22

Comments

@teor2345
Copy link
Contributor

teor2345 commented Mar 12, 2021
edited
Loading

Motivation

Currently, Zebra sends up to 1000 addresses to any peer that asks for addresses. But there are only a few hundred active peers on mainnet.

This large list of peer addresses, combined with Zebra's connectivity to many nodes, makes it easier for malicious nodes to use a Zebra instance to pollute the peer addresses of other nodes.

Solution

Limit the number of peer addresses that Zebra sends to:

  • maximum 1000: protocol constant
  • maximum 1/3 of the available addresses - this is a security parameter
  • minimum 1: handle an edge case where the number of eligible addresses is 1 or 2

The relevant code is at:

zebra/zebrad/src/components/inbound.rs

Line 237 in cc7d5bd

peers.truncate(MAX_ADDR);

This change has the following benefits:

  • it's harder to use Zebra to attack other peers
  • Zebra doesn't ever reveal its entire peer set to honest peers (but repeated malicious requests could discover it easily)
  • other peers get a variety of addresses from Zebra, improving network diversity and reducing the risk of flooding

Related Issues

#1867 Zebra should stop gossiping unreachable addresses to other nodes

Context

zcashd and Zebra both resist address book pollution, so this issue is not critical.
@teor2345 teor2345 added C-bug Category: This is a bug A-rust Area: Updates to Rust code S-needs-triage Status: A bug report needs triage P-High C-security Category: Security issues I-invalid-data Zebra relies on invalid or untrusted data, or sends invalid data labels Mar 12, 2021
@mpguerra mpguerra removed the S-needs-triage Status: A bug report needs triage label Mar 15, 2021
@teor2345 teor2345 added I-remote-node-overload Zebra can overload other nodes on the network P-Critical and removed P-High labels Mar 16, 2021
@mpguerra mpguerra modified the milestones: 2021 Sprint 6, 2021 Sprint 7 Mar 17, 2021
@teor2345 teor2345 mentioned this issue Mar 24, 2021
Closed
@teor2345
Copy link
Contributor Author

zcashd and Zebra both resist address book pollution, so this issue is not critical.

@teor2345 teor2345 removed this from the 2021 Sprint 7 milestone Mar 24, 2021
@teor2345 teor2345 changed the title Zebra should limit the number of addresses it sends to peers Zebra should limit the number of addresses it sends to peers, to avoid address book discovery Oct 25, 2021
@teor2345 teor2345 mentioned this issue Oct 25, 2021
Closed
@mpguerra mpguerra added this to the 2021 Sprint 22 milestone Oct 26, 2021
@oxarbitrage oxarbitrage self-assigned this Nov 2, 2021
@oxarbitrage oxarbitrage mentioned this issue Nov 2, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@oxarbitrage oxarbitrage

Labels
A-rust Area: Updates to Rust code C-bug Category: This is a bug C-security Category: Security issues I-invalid-data Zebra relies on invalid or untrusted data, or sends invalid data I-remote-node-overload Zebra can overload other nodes on the network
Projects
None yet
Milestone
2021 Sprint 22
Development

Successfully merging a pull request may close this issue.

Truncate inbound Peers response further oxarbitrage/zebra
3 participants
@mpguerra @teor2345 @oxarbitrage