Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneSobhraj_charlesH1:416494
HistorySep 30, 2018 - 2:16 p.m.

Monero: DoS for remote nodes using Slow Loris attack

2018-09-3014:16:46
sobhraj_charles
hackerone.com
24
JSON

Summary:

Using the slow loris attack it’s possible to make the the daemon unresponsive to all RPC requests without at least a restart.

Description:

I used this node.js application (https://www.npmjs.com/package/sloww) to perform the attack on one of my remote nodes, but any other implementation of the attack should also work fine.

Releases Affected:

  • Ubuntu 16.04 x64 - Monero v0.12.3.0 was affected so all releases before should be affected as well.

Steps To Reproduce:

  1. Start the daemon with standard remote node parameters like ./monerod --rpc-bind-ip 0.0.0.0 --confirm-external-bind
  2. Start the slow loris attack, I tested with 1000 sockets opened and 700 milliseconds as rate at which
    packets should be sent.
  3. Try sending a normal RPC command like curl -X POST http://IP:18089/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_block_count"}' -H 'Content-Type: application/json' there will not be any response from the RPC a few seconds after the attack was started.

Impact

An attacker could target a large number of remote nodes for example the ones under https://moneroworld.com/, with just a single PC.

JSON