Limit the number of IPs addrman learns from each DNS seeder #12626

pull EthanHeilman wants to merge 1 commits into bitcoin:master from EthanHeilman:master changing 1 files +2 −1

EthanHeilman commented at 11:30 pm on March 6, 2018: contributor

A risk exists where a malicious DNS seeder eclipses a node by returning an enormous number of IP addresses. In this commit we mitigate this risk by limiting the number of IP addresses addrman learns to 256 per DNS seeder.

As discussed with @theuni

Limit the number of IPs we use from each DNS seeder

A risk exists where a malicious DNS seeder eclipses a node by returning an enormous number of IP addresses. In this commit we mitigate this risk by limiting the number of IP addresses addrman learns to 256 per DNS seeder.

46e7f800bd

fanquake added the label P2P on Mar 6, 2018
randolf approved
randolf commented at 4:14 am on March 7, 2018: contributor

This is a very good first step in mitigating this type of DoS attack, and 256 seems me to be an extremely generous default.
sipa commented at 4:26 am on March 7, 2018: member

Since DNS responses generally are sent over UDP, all of them need to fit in a single IP packet (I believe), which puts a natural limit regardless. Having some explicit limit sounds good though.
randolf commented at 5:47 am on March 7, 2018: contributor

@sipa Packets larger than 512 bytes are supported with the introduction of EDNS (see RFC 6891 dated April 2013; earlier RFCs that reference EDNS0 that may also be of interest) that uses an unsigned 16-bit integer to specify RDLEN (Record Data Length). Also, while UDP is a MUST for DNS services, TCP is a SHOULD, and both of these transport layer protocols can, for the most part, support EDNS’s larger packet size options.

In summary, the natural limit that is more well-known has effectively been extended (IP packet fragmentation and reassembly make it possible to venture beyond the MSU, which is commonly set to 1,500 bytes).
practicalswift commented at 6:21 am on March 7, 2018: contributor

utACK 46e7f800bd78aa4d4de5915b4a7e5a3234c507d6
sipa commented at 2:30 pm on March 7, 2018: member

@randolf Thanks, TIL.
sdaftuar commented at 2:33 pm on March 7, 2018: member

utACK 46e7f800bd78aa4d4de5915b4a7e5a3234c507d6
theuni approved
theuni commented at 2:39 pm on March 7, 2018: member

utACK 46e7f800bd78aa4d4de5915b4a7e5a3234c507d6
EthanHeilman commented at 2:48 pm on March 7, 2018: contributor

Three years ago I tested the number of DNS entries I could get into Bitcoin for the eclipse attack paper. My test setup was Ubuntu Linux running Bitcoind querying a custom DNS server on localhost. We didn’t end up using this attack so I wrote up a blog entry about the general question without mentioning bitcoin: How many IP addresses can a DNS query return?
theuni added the label Needs backport on Mar 7, 2018
fanquake commented at 3:04 pm on March 7, 2018: member

utACK 46e7f80
laanwj added this to the milestone 0.16.1 on Mar 7, 2018
laanwj merged this on Mar 7, 2018
laanwj closed this on Mar 7, 2018
laanwj referenced this in commit efa18a230d on Mar 7, 2018
fanquake referenced this in commit 163b505488 on Apr 12, 2018
MarcoFalke referenced this in commit 6b4e24ff67 on Apr 20, 2018
fanquake referenced this in commit f60e84dba4 on Apr 26, 2018
laanwj referenced this in commit feba12fe85 on May 16, 2018
fanquake removed the label Needs backport on May 16, 2018
fanquake commented at 2:28 pm on May 16, 2018: member

Backported in #12967
HashUnlimited referenced this in commit 66d59481b8 on Jun 29, 2018
PastaPastaPasta referenced this in commit 915797f2da on Jan 26, 2020
PastaPastaPasta referenced this in commit 72f7287de0 on Jan 26, 2020
PastaPastaPasta referenced this in commit 8cc70adf80 on Jan 27, 2020
PastaPastaPasta referenced this in commit a3ea0e93ef on Jan 27, 2020
ckti referenced this in commit 2ed2e57ab1 on Mar 28, 2021
DrahtBot locked this on Sep 8, 2021

Contributors
EthanHeilman randolf sipa practicalswift sdaftuar theuni fanquake

Labels
P2P

Milestone
0.16.1