Closed ygnkim closed 3 years ago
The fake addr
can be implemented by adding peerlist_entry
in the response of the TIMED_SYNC message.
After the insertion of IP address '3.0.0.1:28080', the target Monero prints the following logs.
2020-01-01 00:01:04.400 I [3.0.0.1:28080 OUT] 243 bytes sent for category command-1001 initiated by us
2020-01-01 00:01:04.400 T [3.0.0.1:28080 OUT] [levin_protocol] -->> start_outer_call
2020-01-01 00:01:04.400 T Moving counter buffer by 1 second 0 < 1.57784e+09 (last time 0)
2020-01-01 00:01:04.400 T Throttle throttle_speed_out: packet of ~276b (from 276 b) Speed AVG= 0[w=1] 0[w=1] / Limit=16 KiB/sec [276 0 0 0 0 0 0 0 0 0 ]
2020-01-01 00:01:04.400 D do_send_chunk() NOW SENSD: packet=276 B
2020-01-01 00:01:04.400 T handler_write (direct) - before ASIO write, for packet=276 B (after sleep)
2020-01-01 00:01:04.400 T Setting 00:05:00 expiry
2020-01-01 00:01:04.400 T [3.0.0.1:28080 OUT] [sock 1313] Async send calledback 276
2020-01-01 00:01:04.400 T Moving counter buffer by 1 second 1.57784e+09 < 1.57784e+09 (last time 1.57784e+09)
2020-01-01 00:01:04.400 T Moving counter buffer by 1 second 1.57784e+09 < 1.57784e+09 (last time 1.57784e+09)
2020-01-01 00:01:04.400 T dbg >>> global-OUT: speed is A= 21.8085 vs Max=2.09715e+06 so sleep: D=-9.39988 sec E= 205 (Enow= 481) M=2.09715e+06 W= 9.4 R=1.9713e+07 Wgood 11 History: [0 0 205 0 0 0 0 0 0 0 ] m_last_sample_time=1.57784e+09
2020-01-01 00:01:04.400 T Throttle >>> global-OUT: packet of ~276b (from 276 b) Speed AVG= 0[w=9.4] 0[w=9.4] / Limit=2048 KiB/sec [276 0 205 0 0 0 0 0 0 0 ]
2020-01-01 00:01:04.400 D [3.0.0.1:28080 OUT] LEVIN_PACKET_SENT. [len=243, flags1, r?=1, cmd = 1001, ver=1
2020-01-01 00:01:04.400 T [3.0.0.1:28080 OUT] [levin_protocol] -->> start_outer_call
2020-01-01 00:01:04.400 D [3.0.0.1:28080 OUT] anvoke_handler, timeout: 5000
2020-01-01 00:01:04.400 T [3.0.0.1:28080 OUT] [levin_protocol] <<-- finish_outer_call
2020-01-01 00:01:04.400 T [3.0.0.1:28080 OUT] [sock 1313] release
2020-01-01 00:01:09.500 I [3.0.0.1:28080 OUT] Timeout on invoke operation happened, command: 1001 timeout: 5000
2020-01-01 00:01:09.500 I Failed to invoke command 1001 return code -4
2020-01-01 00:01:09.500 W [3.0.0.1:28080 OUT] COMMAND_HANDSHAKE invoke failed. (-4, LEVIN_ERROR_CONNECTION_TIMEDOUT)
2020-01-01 00:01:09.500 W [3.0.0.1:28080 OUT] COMMAND_HANDSHAKE Failed
2020-01-01 00:01:09.500 I [3.0.0.1:28080 OUT] Failed to HANDSHAKE with peer 3.0.0.1:28080
The shadow node
of the Monero should implement command_handshake response first.
Adhoc-test of handshaking to shadow node
from a target Monero node is successfully done.
The fake addr injection
mechanism for Monero should be implemented in scalable way.
EREBUS policy를 써서 에러없이 동작시키는데에는 성공함. 하지만, benign node churnout을 구현해야하고, 실제 공격과 유사하게 파라미터 설정이 필요함.
또한, 처음에 target Monero에서 NOTIFY_GET_TXPOOL_COMPLEMENT 메시지를 만들고, 전송을 못해서 한 노드와 해당 연결이 제대로 이뤄지지 않는 문제점을 발견 (실제 로컬 monero와 비교했을 때, context switching이 제대로 안되는 것 때문인지?). 일단, NOTIFY_GET_TXPOOL_COMPLEMENT 메시지가 더 안만들어져서 문제는 없어보이는데, 나중에 여유 있을 때 디버깅해보기. (shadow 관련된 이슈로 추정된다)
fake addr injection
은 MoneroNodePrimitives.cpp 에서 _addr_ip_list
벡터를 이용해 구현함. 즉, ADDR 타이머가 호출될때마다 우선 _addr_ip_list에 target에게 보낼 ip들을 넣어줌. 그리고, attacker node가 target node와 주기적인 COMMAND_TIMED_SYNC_T 메시지를 교환할 때마다 _addr_ip_list이 비어있지 않다면 target node에게 전달함.
Bitcoin 같이 별도의 ADDR message를 이용한 ADDR injection mechanism이 Monero에서도 가능한지는 조사가 좀더 필요함.
구현한 adapter를 적용한 EREBUS policy를 동작시켰을 때, shadow node가 제대로 연결되는 것까지 확인했음.
(근데 본 이슈와는 별개로 모네로에서 최대 outgoing connection 개수만큼 연결이 맺어졌을 때에, connection이 끊어지는 로직이 있음)
Monero Adapter should support
shadow node
which passively receives connection request from the target Monero node.Also, to test the
shadow node
, it is also nice to includefake addr
message feature for Monero Adapter so that the target Monero can initiate the connection to theshadow node
.Originally posted by @ygnkim in https://github.com/kaistshadow/blockchain-sim/issues/275#issuecomment-813191175