Skip to content

add vulnerable nodes #620

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 8, 2024
Merged

add vulnerable nodes #620

merged 2 commits into from
Oct 8, 2024

Conversation

@willcl-ark
Copy link
Contributor

@willcl-ark willcl-ark commented Sep 26, 2024

Few easy vulns, based on bitcoin core v28rc2

To use add the custom version string into version of the graph.

@willcl-ark
Copy link
Contributor Author

willcl-ark commented Sep 26, 2024

cc @m3dwards, in case you fancy playing around with some easier scenarios :)

@m3dwards
Copy link
Collaborator

m3dwards commented Sep 26, 2024

Yep happy to

@pinheadmz
Copy link
Contributor

pinheadmz commented Oct 1, 2024

concept ACK
Didn't review code but with this patch i can deploy a cluster with all 12 supported versions (x10 = 120 tanks!)

@pinheadmz
Copy link
Contributor

pinheadmz commented Oct 1, 2024
edited
Loading

A few of these vulns are way too easy to exploit and they end up crashing right after the network starts up!

99.1.0-unknown-message

There are old nodes on this network still sending "reject" packets, which were removed and therefore unknown in newer nodes.

2024-10-01T19:31:55.989371Z [net] received: reject (119 bytes) peer=3
2024-10-01T19:31:55.989392Z [net] Unknown command "reject" from peer=3
Assertion failed: false (net_processing.cpp: ProcessMessage: 5337)
Stream closed EOF for warnet/tank-0017-orange (bitcoincore)

99.1.0-disabled-opcodes

Couldn't tell exactly what happened to this one but some tx from the tx_flood scenario knocked it over. I'll try to dig up the evil tx for analysis

2024-10-01T19:31:41.037853Z [net] Requesting wtx 63d772b1e1369bb1a5762593924bd2141d4c2006d2a9c58aaec07dd5560af255 peer=5
2024-10-01T19:31:41.037926Z [net] sending getdata (37 bytes) peer=5
2024-10-01T19:31:41.039761Z [net] received: tx (577 bytes) peer=5
Assertion failed: false (script/interpreter.cpp: EvalScript: 472)
Stream closed EOF for warnet/tank-0016-orange (bitcoincore)

99.0.1-5k-inv

This one took a while with tx_flood so it might be ok, just very very fragile

2024-10-01T19:46:55.851196Z [net] got inv: wtx 768efb91dd0107c8f9ec1d41c70d514634674c2cd4267f927a226b9c902a9d67  have peer=8
2024-10-01T19:46:55.851213Z [net] got inv: wtx 3c3edf132d0a4c1a7f6cd7efa05506e17d92cf483c307b982a2c8ddbe04ff961  have peer=8
2024-10-01T19:46:55.862668Z [net] received: inv (289 bytes) peer=7
Assertion failed: false (net_processing.cpp: ProcessMessage: 4228)
Stream closed EOF for warnet/tank-0000-red (bitcoincore)

@willcl-ark willcl-ark changed the title WIP: add vulnerable nodes add vulnerable nodes Oct 7, 2024
@willcl-ark willcl-ark marked this pull request as ready for review October 7, 2024 11:12
@willcl-ark
Copy link
Contributor Author

willcl-ark commented Oct 7, 2024

  • Updated version numbers to all start with 99.1.0-

A few of these vulns are way too easy to exploit and they end up crashing right after the network starts up!

99.1.0-unknown-message

There are old nodes on this network still sending "reject" packets, which were removed and therefore unknown in newer nodes.

2024-10-01T19:31:55.989371Z [net] received: reject (119 bytes) peer=3
2024-10-01T19:31:55.989392Z [net] Unknown command "reject" from peer=3
Assertion failed: false (net_processing.cpp: ProcessMessage: 5337)
Stream closed EOF for warnet/tank-0017-orange (bitcoincore)

Ok I have attempted to mitigate this by only counting unknown p2p messages from nodes who are using protocol version 70016 (new nodes).

99.1.0-disabled-opcodes

Couldn't tell exactly what happened to this one but some tx from the tx_flood scenario knocked it over. I'll try to dig up the evil tx for analysis

2024-10-01T19:31:41.037853Z [net] Requesting wtx 63d772b1e1369bb1a5762593924bd2141d4c2006d2a9c58aaec07dd5560af255 peer=5
2024-10-01T19:31:41.037926Z [net] sending getdata (37 bytes) peer=5
2024-10-01T19:31:41.039761Z [net] received: tx (577 bytes) peer=5
Assertion failed: false (script/interpreter.cpp: EvalScript: 472)
Stream closed EOF for warnet/tank-0016-orange (bitcoincore)

I don't understand how this could hit from tx_flood, so logs would be ideal here.

99.0.1-5k-inv

This one took a while with tx_flood so it might be ok, just very very fragile

2024-10-01T19:46:55.851196Z [net] got inv: wtx 768efb91dd0107c8f9ec1d41c70d514634674c2cd4267f927a226b9c902a9d67  have peer=8
2024-10-01T19:46:55.851213Z [net] got inv: wtx 3c3edf132d0a4c1a7f6cd7efa05506e17d92cf483c307b982a2c8ddbe04ff961  have peer=8
2024-10-01T19:46:55.862668Z [net] received: inv (289 bytes) peer=7
Assertion failed: false (net_processing.cpp: ProcessMessage: 4228)
Stream closed EOF for warnet/tank-0000-red (bitcoincore)

Mitigated (slightly) be requiring 5k invs counted per node now, which should slow things down a bit? Perhaps I should also bump the numbers though too...

@pinheadmz pinheadmz merged commit ebdc0e4 into bitcoin-dev-project:main Oct 8, 2024
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@willcl-ark @m3dwards @pinheadmz