Potential DOS via spoofed NodeId

gofractally / psibase

Open source protocol enabling communities to easily self-host web applications

https://docs.psibase.io

MIT License

26 stars 7 forks source link

Potential DOS via spoofed NodeId #254

Open tbfleming opened 1 year ago

tbfleming commented 1 year ago

Node A is connected to Node B
Node C spoofs Node A's NodeId and periodically tries to connect to Node B
Temporary net outage causes the A-B connection to go down
C Successfully connects to B
A can no longer connect to B

Related: // TODO: Make this a public key and validate it

swatanabe commented 1 year ago

What I'd like to use for identification is the peer's certificate.

tbfleming commented 1 year ago

If the cert isn't viable, would a regular key pair work?

Well-known nodes could use a configured key
Regular nodes could randomly generate on startup

swatanabe commented 1 year ago

It's possible, but needs to ensure that the verification step isn't vulnerable to MITM.

swatanabe commented 1 year ago

~Using ECDH to generate the deduplication key could work. It's vulnerable to KCI, but I don't know that that matters for this use.~

swatanabe commented 1 year ago

If the cert isn't viable, would a regular key pair work?
* Well-known nodes could use a configured key
* Regular nodes could randomly generate on startup

Unless the verification step is bound to the TLS connection, it's going to vulnerable to MITM. When using a reverse proxy, it's probably easier to forward the client certificate than it would be to get a connection identifier.