Handling of CTM/search DDoS triggered by a malicious hub
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AirDC++ |
Fix Released
|
Undecided
|
Unassigned | ||
DC++ |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
I've received a few weird crash reports that are both linked to a specific hub (favorite-hub.net):
https:/
https:/
While inspecting the issue more closely, I noticed that the client receives about 300 search/CTM requests per second from the hub, similar to these:
$Search 82.146.38.183:80 F?F?0?1?t
$ConnectToMe maksis 82.146.38.183:443
$Search 82.146.38.183:443 F?F?0?1?p
$ConnectToMe maksis 82.146.38.183:80
$Search 82.146.38.183:80 F?F?0?1?t
$ConnectToMe maksis 82.146.38.183:443
$Search 82.146.38.183:443 F?F?0?1?p
$ConnectToMe maksis 82.146.38.183:80
$Search 82.146.38.183:80 F?F?0?1?t
$ConnectToMe maksis 82.146.38.183:443
Looks like this has been going on for years already and the client is unable to even report it in a meaningful way. DC++ shows a few status messages about search spam but that doesn't really reveal the full extent of the problem as the aim of the hub is clearly to consume all possible system resources from its users.
information type: | Private Security → Public Security |
Should be fixed in https:/ /github. com/airdcpp/ airdcpp- windows/ commit/ 55a50d9a720c885 f59ca80ab3ad206 b17e387bf4 (it also adds flood checks for incoming TCP connections)
Looks like the hub also stopped flooding...