Summary:
Using the slow loris attack itβs possible to make the the daemon unresponsive to all RPC requests without at least a restart.
Description:
I used this node.js application (https://www.npmjs.com/package/sloww) to perform the attack on one of my remote nodes, but any other implementation of the attack should also work fine.
./monerod --rpc-bind-ip 0.0.0.0 --confirm-external-bind
curl -X POST http://IP:18089/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_block_count"}' -H 'Content-Type: application/json'
there will not be any response from the RPC a few seconds after the attack was started.An attacker could target a large number of remote nodes for example the ones under https://moneroworld.com/, with just a single PC.