Denial of service via large UID packets #60
Comments
|
Original comment by Andrew Gallagher (Bitbucket: andrewg_com, ).
So you freely admit to running a premeditated DoS experiment against multiple public internet servers...? |
|
Original comment by Yegor Timoshenko (Bitbucket: yegortimoshenko, GitHub: yegortimoshenko). Yes. Why not? I was trying to get a key to 1GB size, which would be another DoS vulnerability, but SKS keyservers I've tried this on became unresponsive at about 30MB. I was not sure if that was caused by my actions at first. My intent here is to cause keyservers to become more resilient to both spoofing (#41) and DoS (#57, #60). |
|
Original comment by Hendrik Visage (Bitbucket: hvisage, GitHub: hvisage). @yegortimoshenko the issue is more that you didn't warn the operators, as we could've provided you with test systems where we could've observed it in a more controlled environment, instead of effectively killing several servers ;( |
|
Original comment by Yegor Timoshenko (Bitbucket: yegortimoshenko, GitHub: yegortimoshenko). @hvisage I'm sorry, I didn't expect that (I was trying to make a key too big to realistically fetch, not to take down servers). Are there systems I can test other experiments on? |
Original report by Yegor Timoshenko (Bitbucket: yegortimoshenko, GitHub: yegortimoshenko).
To reproduce, follow instructions in #57, but replace single
./sks-forge-uidwith:Also, if you've previously fetched sks-tools repo, make sure you're on the latest revision (
git pull origin master).I don't have server logs, but Kristian does (see 16:55 to 17:10 UTC).
It takes very little time to cause server to be inaccessible (5-10 min), and only requires the command above running on a single computer.
I've tested this with multiple SKS servers, to make sure this is not specific to some particular instance :-(
The text was updated successfully, but these errors were encountered: