Skip to content
This repository has been archived by the owner on Dec 5, 2024. It is now read-only.

Patch against eclipse attack #1023

Open
zilm13 opened this issue Mar 2, 2018 · 8 comments
Open

Patch against eclipse attack #1023

zilm13 opened this issue Mar 2, 2018 · 8 comments
Labels
security
Milestone
1.11.0

Comments

@zilm13
Copy link
Collaborator

zilm13 commented Mar 2, 2018

Check whether EthereumJ is affected and in what aspects: https://bitcoinmagazine.com/articles/researchers-explore-eclipse-attacks-ethereum-blockchain/
Geth patch: https://github.com/ethereum/go-ethereum/milestone/62?closed=1
@adonley
Copy link

adonley commented Mar 3, 2018

Which of the counter measures listed in part V of the white paper do you propose implementing?

@tenghuanhe
Copy link
Contributor

@zilm13 @adonley
According to attack listed in part III of the paper:

Our first attack is simple. The client can be eclipsed if the attacker establishes maxpeers incoming TCP connections (to its own adversarial nodes) before the client has a chance to establish any outgoing TCP connections.

It seems that there is no such maxpeers limitation in EthereumJ.

@adonley
Copy link

adonley commented Mar 4, 2018
edited
Loading

Take a look at ethereumj.conf : maxActivePeers = 30

It might be worth it to do what geth did, associate and limit the number of peers from the same IP.

@tenghuanhe
Copy link
Contributor

tenghuanhe commented Mar 4, 2018
edited
Loading

@adonley
Sorry for my missing mistake, thank you :)
I agree to avoid too many peers from the same IP and identifying peers just by their nodeIds.

BTW, after checking I found the maxActivePeers here is used to limit incoming connections, it should be different from maxpeers in geth I think, sorry if I misunderstood.

@adonley
Copy link

adonley commented Mar 4, 2018
edited
Loading

If you take a look at ChannelManager.java and SyncPool.java, the maxActivePeers system property limits the amount of active peers that the node can have (unless it's a trusted peer). I believe this to be the TCP portion of the block communication.

Let's check to see if the "packet-of-death", the open window for incoming connections upon boot or the ability to predict the Kademlia like buckets works on ethereumj. Also we could check to see if seeding from the DB happens even if the table is not empty.

Ethereumj does not implement any IP restrictions on peers at the moment.

@goldbe
Copy link

goldbe commented Mar 16, 2018
edited
Loading

Hi guys, I'm one of the ETH and BTC eclipse paper authors. I think the most important countermeasure from the ETH paper is limiting the number of node IDs that have the same IP address that are stored in the peer tables. This is countermeasure 2 in our paper. The other ones are relevant as well, but if you don't have countermeasure 2 I would be very worried, since this opens the door to low resource (e.g. 1 or 2 attack machine) eclipse attacks of some sort. Even if they attack is not identical to the one in our paper, I am pretty sure a low-resource attack could be found somehow.

@mkalinin mkalinin added this to the 1.9.0 milestone Jun 15, 2018
@RichardH92
Copy link

So the check for this would go in P2pHandler#setHandshake? Before calling channel.getNodeStatistics().setClientId(msg.getClientId()) we should check if that node ID / IP pair already exists?

@mkalinin
Copy link
Contributor

mkalinin commented Jul 8, 2018

@RichardH92 Basically, we already have a protection against a spam from same IP address. To continue work on this you better start from learning the paper.

@mkalinin mkalinin modified the milestones: 1.9.0-Constantinople, 1.10.0 Aug 7, 2018
@mkalinin mkalinin modified the milestones: 1.10.0, 1.11.0 Jan 11, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
1.11.0
Development

No branches or pull requests
7 participants
@mkalinin @adonley @goldbe @zilm13 @RichardH92 @tenghuanhe and others