From daf97cb441137306417c156d910fd9ea4558302f Mon Sep 17 00:00:00 2001 From: zebambam Date: Fri, 15 Mar 2019 16:00:27 -0700 Subject: [PATCH] Added documentation warnings about DNS rebinding attacks, issue #3841 --- doc/amqp.md | 14 ++++++++++++++ doc/zmq.md | 18 ++++++++++++++++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/doc/amqp.md b/doc/amqp.md index f733fa514..a603f354b 100644 --- a/doc/amqp.md +++ b/doc/amqp.md @@ -40,6 +40,20 @@ In order to run the example Python client scripts in contrib/ one must also install *python-qpid-proton*, though this is not necessary for daemon operation. +## Security WARNING + +Enabling this feature even on the loopback interface only (e.g. binding +it to localhost or 127.0.0.1) will still expose it to the wilds of the +Internet, because of an attack vector called DNS rebinding. DNS +rebinding allows an attacker located remotely on the Internet to trick +applications that you're running on the same computer as Zcashd to +contact your supposedly localhost-only AMQP port, then, depending on the +program they may be able to attempt to attack it. + +Do not enable this feature unless you are sure that you know what you +are doing, and that you have a strong reason for thinking that you are +not vulnerable to this type of attack. + ## Enabling By default, the AMQP feature is automatically compiled in if the diff --git a/doc/zmq.md b/doc/zmq.md index ffc4a6297..f75566dc4 100644 --- a/doc/zmq.md +++ b/doc/zmq.md @@ -1,8 +1,8 @@ # Block and Transaction Broadcasting With ZeroMQ [ZeroMQ](http://zeromq.org/) is a lightweight wrapper around TCP -connections, inter-process communication, and shared-memory, -providing various message-oriented semantics such as publish/subscribe, +connections, inter-process communication, and shared-memory, providing +various message-oriented semantics such as publish/subscribe, request/reply, and push/pull. The Zcash daemon can be configured to act as a trusted "border @@ -42,6 +42,20 @@ In order to run the example Python client scripts in contrib/ one must also install *python-zmq*, though this is not necessary for daemon operation. +## Security WARNING + +Enabling this feature even on the loopback interface only (e.g. binding +it to localhost or 127.0.0.1) will still expose it to the wilds of the +Internet, because of an attack vector called DNS rebinding. DNS +rebinding allows an attacker located remotely on the Internet to trick +applications that you're running on the same computer as Zcashd to +contact your supposedly localhost-only ZMQ port, then, depending on the +program they may be able to attempt to attack it. + +Do not enable this feature unless you are sure that you know what you +are doing, and that you have a strong reason for thinking that you are +not vulnerable to this type of attack. + ## Enabling By default, the ZeroMQ feature is automatically compiled in if the