linuxdcpp-team team mailing list archive

Thread
Date

[Bug 2019497] [NEW] Handling of CTM/search DDoS triggered by a malicious hub

To: linuxdcpp-team@xxxxxxxxxxxxxxxxxxx
From: maksis <2019497@xxxxxxxxxxxxxxxxxx>
Date: Sun, 14 May 2023 10:28:09 -0000
Reply-to: Bug 2019497 <2019497@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Private security bug reported:

I've received a few weird crash reports that are both linked to a
specific hub (favorite-hub.net):

https://github.com/airdcpp-web/airdcpp-webclient/issues/450
https://github.com/airdcpp/airdcpp-windows/issues/63

While inspecting the issue more closely, I noticed that the client
receives about 300 search/CTM requests per second from the hub, similar
to these:

$Search 82.146.38.183:80 F?F?0?1?t
$ConnectToMe maksis 82.146.38.183:443
$Search 82.146.38.183:443 F?F?0?1?p
$ConnectToMe maksis 82.146.38.183:80
$Search 82.146.38.183:80 F?F?0?1?t
$ConnectToMe maksis 82.146.38.183:443
$Search 82.146.38.183:443 F?F?0?1?p
$ConnectToMe maksis 82.146.38.183:80
$Search 82.146.38.183:80 F?F?0?1?t
$ConnectToMe maksis 82.146.38.183:443

Looks like this has been going on for years already and the client is
unable to even report it in a meaningful way. DC++ shows a few status
messages about search spam but that doesn't really reveal the full
extent of the problem as the aim of the hub is clearly to consume all
possible system resources from its users.

** Affects: airdcpp
     Importance: Undecided
         Status: New

** Affects: dcplusplus
     Importance: Undecided
         Status: New

** Also affects: airdcpp
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/2019497

Title:
  Handling of CTM/search DDoS triggered by a malicious hub

Status in AirDC++:
  New
Status in DC++:
  New

Bug description:
  I've received a few weird crash reports that are both linked to a
  specific hub (favorite-hub.net):

  https://github.com/airdcpp-web/airdcpp-webclient/issues/450
  https://github.com/airdcpp/airdcpp-windows/issues/63

  While inspecting the issue more closely, I noticed that the client
  receives about 300 search/CTM requests per second from the hub,
  similar to these:

  $Search 82.146.38.183:80 F?F?0?1?t
  $ConnectToMe maksis 82.146.38.183:443
  $Search 82.146.38.183:443 F?F?0?1?p
  $ConnectToMe maksis 82.146.38.183:80
  $Search 82.146.38.183:80 F?F?0?1?t
  $ConnectToMe maksis 82.146.38.183:443
  $Search 82.146.38.183:443 F?F?0?1?p
  $ConnectToMe maksis 82.146.38.183:80
  $Search 82.146.38.183:80 F?F?0?1?t
  $ConnectToMe maksis 82.146.38.183:443

  Looks like this has been going on for years already and the client is
  unable to even report it in a meaningful way. DC++ shows a few status
  messages about search spam but that doesn't really reveal the full
  extent of the problem as the aim of the hub is clearly to consume all
  possible system resources from its users.

To manage notifications about this bug go to:
https://bugs.launchpad.net/airdcpp/+bug/2019497/+subscriptions

Follow ups

[Bug 2019497] Re: Handling of CTM/search DDoS triggered by a malicious hub
From: RoLex, 2023-06-06
[Bug 2019497] Re: Handling of CTM/search DDoS triggered by a malicious hub
From: maksis, 2023-06-02
[Bug 2019497] Re: Handling of CTM/search DDoS triggered by a malicious hub
From: eMTee, 2023-05-18
[Bug 2019497] Re: Handling of CTM/search DDoS triggered by a malicious hub
From: maksis, 2023-05-17
[Bug 2019497] Re: Handling of CTM/search DDoS triggered by a malicious hub
From: maksis, 2023-05-15