HUSH nodes should probably disconnect from peers which send overly large pings, since they don't happen normally and probably indicates a mischevious node
This bug was likely inherited from BTC 0.11 by ZEC, which means we likely have it as well.
https://github.com/zcash/zcash/issues/5258
HUSH nodes should probably disconnect from peers which send overly large pings, since they don't happen normally and probably indicates a mischevious node
Another option here are to give no response but keep the peer connection open. In either case, we should log to debug.log when these large pings are seen, as it's indicative of a node with custom code that is potentially malicious.
There does not seem to be any privacy issues with this bug, but it does waste network bandwidth and so it has Denial-of-Service considerations. An attacker can continually send large pings and waste lots of network bandwidth of all their peers. This is mostly a concern for peers that have small amounts of bandwidth and/or pay for bandwidth.
Another option here are to give no response but keep the peer connection open. In either case, we should log to debug.log when these large pings are seen, as it's indicative of a node with custom code that is potentially malicious.
There does not seem to be any privacy issues with this bug, but it does waste network bandwidth and so it has Denial-of-Service considerations. An attacker can continually send large pings and waste lots of network bandwidth of all their peers. This is mostly a concern for peers that have small amounts of bandwidth and/or pay for bandwidth.
What size in bytes is a normal Hush full node PING ?
Are pings a fixed static size or can they be a range of sizes?
NOTE: Hush full node pings are not TCP pings, this is a p2p message type which tells a node how long it takes another node to process our p2p messages. It's used internally for nodes to know which nodes are faster in responding and to prefer those. For instance, some nodes might be on shitty internet and have high latency, and that will result in a large ping response time.
Some research to do is:
- [ ] What size in bytes is a normal Hush full node PING ?
- [ ] Are pings a fixed static size or can they be a range of sizes?
NOTE: Hush full node pings are not TCP pings, this is a p2p message type which tells a node how long it takes another node to process our p2p messages. It's used internally for nodes to know which nodes are faster in responding and to prefer those. For instance, some nodes might be on shitty internet and have high latency, and that will result in a large ping response time.
@jahway603 some code you may want to read about pings are here: https://git.hush.is/hush/hush3/src/branch/master/src/net.cpp#L652
and
https://git.hush.is/hush/hush3/src/branch/master/src/net.h#L387
jahway603
This bug was likely inherited from BTC 0.11 by ZEC, which means we likely have it as well.
https://github.com/zcash/zcash/issues/5258
HUSH nodes should probably disconnect from peers which send overly large pings, since they don't happen normally and probably indicates a mischevious node
Another option here are to give no response but keep the peer connection open. In either case, we should log to debug.log when these large pings are seen, as it's indicative of a node with custom code that is potentially malicious.
There does not seem to be any privacy issues with this bug, but it does waste network bandwidth and so it has Denial-of-Service considerations. An attacker can continually send large pings and waste lots of network bandwidth of all their peers. This is mostly a concern for peers that have small amounts of bandwidth and/or pay for bandwidth.
What size, in bytes, should we allow for PINGs ?
This looks like an interesting change that we should implement.
Some research to do is:
NOTE: Hush full node pings are not TCP pings, this is a p2p message type which tells a node how long it takes another node to process our p2p messages. It's used internally for nodes to know which nodes are faster in responding and to prefer those. For instance, some nodes might be on shitty internet and have high latency, and that will result in a large ping response time.
@jahway603 some code you may want to read about pings are here: https://git.hush.is/hush/hush3/src/branch/master/src/net.cpp#L652
and
https://git.hush.is/hush/hush3/src/branch/master/src/net.h#L387