This Is Probably Why Half the Internet Shut Down Today

The SAFE Network to the rescue? :wink:

8 Likes

I wonder how SAFE is going to defend against DDOS.

Since we are dealing with a majority of low capacity nodes it would be so easy to launch 10k nodes into the network, get all the IP:s from the nodes in the groups, and start bombing.

This appears to be based on negligible thought or understanding of how the SAFEnetwork works.

It isnā€™t worth refuting unless you are going to spell out what you suggest and but just uses vague generalised terms.

4 Likes

I speak about this sometimes. The nodes have managed connections (tcp say). So each node creates a connection to the others. They are not listening here just a connection established. To get into the connection you need to use tcp hijacking, but itā€™s encrypted, so this becomes ddos immune IMO.

So some nodes will listen (bootstrapping needs some to be listening for connections). However, if the listening port is too busy then a node doesnā€™t need to keep it going. It may stop then maybe listen on another port are the same one later, or not

Then consider bitcoin, the nodes listen on a known port (we donā€™t) and there are circa 5000 of them. So a much easier target, but I donā€™t know of a DDOS on that network using typical ddos of those ports. There have been DOS attacks with lots of transactions etc. but not AFAIK DDOS attacks there.

So itā€™s a different thing from DDOS of a known IP:port as these are not known but very distributed and on differing ports. Not impossible (little is) perhaps, but a lot more difficult to find them all and attack many (hopefully) thousands or millions at once.

13 Likes

You appear to be based on negligible understanding.

One does not have to be listening to a port to be DDOSed. It is enough to know the IP, then you can be DDOSed. It takes effort to decide not to listen to a packet.

What would happen if a single node was down?

How do you DDOS a million IPā€™s at the same time? Iā€™m not saying it couldnā€™t be done but wondering the amount of resources it would take to pull off something like that?

One node out of a million isnā€™t going to affect anything.

1 Like

The SAFE network is distributed. Pick a node and attack it (if you can determine itā€™s IP). Pick 10,000 nodes and attack them (again, if you manage to find their IPā€™s). Youā€™ll make somebody unhappy, to be sure. But the 99.9% of the network you didnā€™t attack wonā€™t even hiccup.

2 Likes

If all sources of data would be DDOSed then it would be lost. To set it up an attacker would only need to join all groups holding it.

Hopefully the upcoming datachains implementation can defeat this type of attack by allowing the data to become available after the attack stops (or as nodes join with a new IP and re-publish what they held).

1 Like

Can you expand on this please, I am not following. Are you talking of a router attack or a node in promiscuous mode? The IP:PORT combination is the service point, if that does not exist then you get an IP message ā€œdestination unavailableā€ and your stack should stop sending. Do you mean you ignore these and try and flood the route not the service?

The lower down the stack to stop this then the harder the attack AFAIK, so getting up the stack i.e. to a service (port) where the layers are traversed means the machine does more work.

Anyway interested to dig into this a little and the impact of ddos at different levels. Of course DDOS a router with packets before the node is also a consideration, but here I think we are talking of the node itself.

3 Likes

How does an attacker join all groups holding a particular piece of data? How does an attacker discover what groups hold the data? I thought groups donā€™t know what data they hold. Or is that just Vaults?

By my understanding once a packet is sent to your IP destination your computer acknowledges it and ignores it if it does not match a destination that listens. This ignoring can overwhelm your capacity and cause DOS.

In addition to this there is the issue you mentioned of flooding the router/ISP routers to get you to drop off.

I might be wrong here so feel free to correct.[quote=ā€œsprucely, post:11, topic:11590, full:trueā€]
How does an attacker join all groups holding a particular piece of data? How does an attacker discover what groups hold the data? I thought groups donā€™t know what data they hold. Or is that just Vaults?
[/quote]

if you have n nodes that coordinate you can establish where you know all the groups holding a specific piece of data, and commence an attack from other addresses. The safe network has no method to defend itself except ignoring the incoming flood.

Another outage that cannot happen on safe network because there is no central DNS server to attack. Currently github cannot be reached, I suppose it is one of the impacted sites.

Edit: Sorry, i didā€™nt realize it is the same one and github is in fact one of the impacted sites.

Yes sort of, there is a 3-way tcp handshake before any data is sent. So the initial part fails and no data is sent though. So this I think would not work as a DDOS attack. The non acknowledgement of syn packets is a problem for the attacker.

Then on the other hand the connections themselves, as they are not listening ports but an established connection the attacker needs to spoof the IP address and then go through the process of hijacking the connection.

So you really want to DDOS a system with listening port and attack the port with valid looking ā€œinvalid data (junk)ā€. There were a few years back slow ddos attacks where apache servers for instance spawned a new thread and socket for each connection, so you just needed to keep the connection open (not close it at the http level) to create denial of service there.

For us I think the DDOS attack is unlikely to be effective outside the listening ports for bootstrapping, but these are not required to always run, as long as some do and can be found. Clients and vaults tough gather their own bootstrap caches which makes it harder as there is not a list of bootstrap nodes.

The exception though is the hard coded nodes that are basically a fallback or seed position. A brand new client/vault will use these initially. Those are a target for denial of joining, but there are many threads about this one.

7 Likes

Here it does actually, if a group could be attacked like this it would become unresponsive and itā€™s neighbor group merges with it. This continually happens down to the root of the network. So it is some mechanism, but needs deeply investigated under possible attacks, so I wont say we are immune, but there is a mechanism in the design to handle this.

The problem would be if all nodes became unresponsive at exactly the same time, then merge becomes difficult. You are right though data chains means a single node can republish, so definitely helps.

Nice convo, I hope you donā€™t think I am debating at all, just throwing in some more info.

8 Likes

I really appreciate your on-the-point honest rebuttals. I believe you are correct here and my issue was theoretical at best.

You made a good point with bitcoin having survived this long even when being such a disruptive tech.

6 Likes

many of the sites mentioned in the original post are down for me on the west coast now. Timing is suspicious, to say the least.

I wager it was the US Gov who did this.

Perhaps Assange supporters? They took his internet connection away, this could be payback in kind.

1 Like

Iā€™ve been wondering whether the safe network will be susceptible to a type of amplification attack, magnifying the effect of ddos.

An attacker takes 1% of the nodes offline, which then requires something like 20% (?) of the nodes on the network to perform a lot of work churning to replace those nodes. If the amount of churn is high enough, Itā€™s possible it may cause another 1% of nodes involved in the churn to die, increasing the amount of churn and bringing more nodes into the picture. This could cascade quite badly. Add in the workload for group merging etc and it seems like a feasible scenario. Not sure how realistic kind of amplification is to pull off.

5 Likes