Denial of service via large UID packets

Issue #60 new
Yegor Timoshenko created an issue

Screenshot from 2018-06-14 17-07-17.png

To reproduce, follow instructions in #57, but replace single ./sks-forge-uid with:

while true; do ./sks-forge-uid pgp.mit.edu -rand < /tmp/key.gpg; done

Also, if you've previously fetched sks-tools repo, make sure you're on the latest revision (git pull origin master).

I don't have server logs, but Kristian does (see 16:55 to 17:10 UTC).

It takes very little time to cause server to be inaccessible (5-10 min), and only requires the command above running on a single computer.

I've tested this with multiple SKS servers, to make sure this is not specific to some particular instance :-(

Comments (5)

  1. Andrew Gallagher

    I've tested this with multiple SKS servers, to make sure this is not specific to some particular instance :-(

    So you freely admit to running a premeditated DoS experiment against multiple public internet servers...?

  2. Yegor Timoshenko reporter

    Yes. Why not? I was trying to get a key to 1GB size, which would be another DoS vulnerability, but SKS keyservers I've tried this on became unresponsive at about 30MB. I was not sure if that was caused by my actions at first. My intent here is to cause keyservers to become more resilient to both spoofing (#41) and DoS (#57, #60).

  3. Hendrik Visage

    @yegortimoshenko the issue is more that you didn't warn the operators, as we could've provided you with test systems where we could've observed it in a more controlled environment, instead of effectively killing several servers ;(

  4. Yegor Timoshenko reporter

    @hvisage I'm sorry, I didn't expect that (I was trying to make a key too big to realistically fetch, not to take down servers).

    Are there systems I can test other experiments on?

  5. Log in to comment