Author

Topic: The upgrade-ratio attack and the supernode invasion (Read 1311 times)

legendary
Activity: 1120
Merit: 1160
Bitcoin actually has already some rules built-in to deal with address groups outside of IPv4, see the source code.

Ha, looks like the existing rules are pretty much exactly what I wrote above other than being a bit less conservative with the prefix lengths.
donator
Activity: 1419
Merit: 1015
My proposal would be to measure the existent versions by taking a single IP address per /16 (x.y.0.0) block, so the statistics are less biased and cannot be easily manipulated.

Does the Bitcoin client try to do something similar? It's not just the statistics that could potentially be manipulated. Having control of 4000 supernodes makes Timejacking far easier to do.
legendary
Activity: 1072
Merit: 1181
Bitcoin actually has already some rules built-in to deal with address groups outside of IPv4, see the source code.
legendary
Activity: 1120
Merit: 1160
What about IPv6? /64? /48?

For IPv4 /16 roughly means that each combination of "local registry" and "ISP allocation" is captured, while less than an ISP is considered non-unique. Some entities have /8's from legacy allocations mind you, the likes of IBM, MIT etc. so in theory filtering at /16 lets them get 256 nodes past the uniqueness filter.

For IPv6 even /48 is right out as the allocation RFCs encourage a /48 per customer; I've got a /56 for my home DSL connection. Getting multiple /48's isn't hard at all.

If you look at the IPv6 allocations you see that the global unicast space is currently allocated out of 2::/3 and the registry level allocations happen at roughly the /16-/20 level. That would imply /28 is probably a reasonable uniqueness filter.

6to4 traffic is a special case as a 6to4 address embeds an IPv4 address following the 2002:/16 prefix. Thus the /16 rule for IPv4 implies you should filter at the /32 level. With Teredo tunneling the Teredo server address follows a 2002:0000:/32 prefix, followed by some flag bits, a port number, and the IPv4 client address. However while in the general case a Teredo server does *not* actually carry the IPv6 traffic, I'm not sure that an attacker couldn't fake IPv4 connections,(1) so you're probably still stuck applying the /16 filter to the server's address. Thus filtering at 2002:/48 is reasonable, as is not having a special Teredo rule at all. (who knows if Teredo advertisement inbound router filters are maintained properly) Equally not having a special rule for 6to4 isn't bad, and just implies you're filtering the embedded IPv4 addresses at the /12 level with a /28 v6 filter.

The one good thing is 6to4 and Teredo relays are becoming fairly common, with many ISPs running local relays, thus external attackers have a harder time capturing a lot of traffic by advertising an appropriate route. (remember, all this stuff assumes we trust our ISP)

Another issue is that since the IPv6 space is so plentiful an attacker could also make arrangements to borrow space from a registry on a temporary basis, or even borrow a whole registry-level prefix. Secondly an attacker could also try just advertising a whole prefix on the global routing table; the only thing stopping them is the often badly applied inbound route filtering done by ISPs. I'll bet you there are plenty who haven't gotten around to removing rules allowing 3ffe:/16 advertisements for instance.

It'd be interesting to try to capture as many IPv6 addresses on the network as it stands and get a sense of how they are distributed across the address space. For that matter, do the same thing for IPv4. For what it's worth I run my bitcoin node IPv6-only, and right now the peer list is fully unique at the /22 level, with all but two IPs unique at /20.

1) Teredo is complex... It separates the relay, the host that carries the traffic, from the server, the host that gets the client connected. The server only forwards IPv6 pings on behalf of the client. Each time the client wants to connect to a new IPv6 address it creates a ping to that address and tells the server to send that ping on it's behalf. This ping has the same source address as the client's IPv6 address. When the destination responds the response will end up at the nearest Teredo relay, either a router advertising the 2002:/32 prefix, or a non-advertising router in the upstream path of the destination. That router intercepts the packet and contacts the originating client directly at the embedded IPv4 address and port via UDP to get past most types of NAT. Due to the way the relays work in most cases you need to control an IPv4 address to be able to use a specific Teredo IPv6 address. However if the attacker also has control of a relay local to you they can intercept whole address spaces, and control of a relay is no harder than advertising 2002:/32; they don't have to be your ISP. On the other hand if you assume they don't have that control then the uniqueness filter becomes a mask rather than a prefix, so you need a whole bunch of code if you didn't implement prefixes as bit masks.

My suggestion? Don't have a special Teredo rule to avoid all this complexity. Teredo clients aren't that common anyway.
legendary
Activity: 2730
Merit: 1263
What about IPv6? /64? /48?
legendary
Activity: 1652
Merit: 2301
Chief Scientist
My proposal would be to measure the existent versions by taking a single IP address per /16 (x.y.0.0) block, so the statistics are less biased and cannot be easily manipulated.

Good idea.
legendary
Activity: 1176
Merit: 1001
Some time ago I asked some cloud computing companies if they would let me hire a single virtual CPU with 4000 external IPv4 addresses. One of them said "no problem". And it was very cheap indeed.



Seems strange.

Spammers would love that. Maybe you had port 25 locked.
hero member
Activity: 555
Merit: 654
Some time ago I asked some cloud computing companies if they would let me hire a single virtual CPU with 4000 external IPv4 addresses. One of them said "no problem". And it was very cheap indeed.

hero member
Activity: 555
Merit: 654
I'm following Gavin idea of using the current percentages of versions found in http://luke.dashjr.org/programs/bitcoin/files/charts and published in https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures to decide if a vulnerability should be disclosed or not. Gavin has used the 80% rule before. If the number of non-vulnerable nodes is greater than %80, then the vulnerability is disclosed. But today I've read that there some folks in Swiss Federal Institute of Technology Zurich, that have put on-line 4000 nodes running the latest version of the Satoshi client overnight (or nodes that pretend to be that version). So suddenly, almost all the network seems to have upgraded. In reality, I think that very few existing nodes have upgraded, but many new updated nodes have appear.

The BitcoinTalk.org user Cdecker is in charge of this experiment, but I'm unsure if he will continue to support this supernode after his experiment is finished. If he decides to finish it, this will mean that th "update" percentages will suddenly drop again, possibly below the desired 80% threshold, so the network will be exposed.

Also, there the possibility that Cdecker is preparing an attack: he is trying to speed up the disclosure of the vulnerabilities, in order to attack afterwards. (nothing personal Cdecker!)

This is not exactly the "Cancer nodes" attack described in https://en.bitcoin.it/wiki/Weaknesses. It's more a social engineering attack.

My proposal would be to measure the existent versions by taking a single IP address per /16 (x.y.0.0) block, so the statistics are less biased and cannot be easily manipulated.

Maybe luke can add another beautiful pie graphs that filters IPs addresses as I described.

What do you think?
Jump to: