simple DoS of lnd nodes #994
Labels
dos/hardening
Related to the resilience of LND against denial of service or other related attacks
p2p
Code related to the peer-to-peer behaviour
Background
it seems the accept loop is very vulnerable to some easy attacks.
i haven't checked the source code, since that is kind of cheating, but my stomach tells me a node can for some unexplainable reason accept only one new connection at a time in total?
this makes it possible for a light weight DoS by opening a lingering TCP connection to it.
this really must be hardened, and soon! it is too easy to disable a nodes inbound functionality, even by mistake. which is how i noticed this.
after seeing this and other peculiarities i would strongly like to suggest a serious audit of everything network related in lnd, and probably it should be redesigned. but first please make a quick fix for this particular issue.
Your environment
three lnd nodes.
Steps to reproduce
first try to connect to a victim A from B and disconnect again to see that it works
all well, established in 45ms. works multiple times.
now open a tcp connection to it from C and let it linger for a while. just for the heck of it, actually make two. opening a silent lingering tcp with netcat will do. when it closes by timeout in A, replace with a new one.
like this:
IMPORTANT! when using this script, be careful and make sure you have the
contains
part match the test victims id properly. otherwise you will risk matching multiple victims and disabling ALL lnd nodes on the entire lightning network from accepting incoming connections!also make sure you don't remove the outer timeout of 300 seconds, or it will stun the targets indefinitely!
now C will establish two concurrent TCP sessions to A
now try to connect from B to A again
and it fails. multiple times.
Expected behaviour
nodes should connect
Actual behaviour
they don't
The text was updated successfully, but these errors were encountered: