Description
Because Stacks nodes can be tricked by both the neighbor walk algorithm and StackerDB sync into connecting to hosts that are not nodes, there exists a port-scanning timing attack whereby a malicious peer can examine the behavior of the victim node to assess whether or not it was able to connect to the attacker-given IP address (indicating the presence or absence of the service on the victim's network). There is no protocol-level remediation for this -- it's a fundamental limitation of open-network p2p systems in which nodes learn neighbors from other (potentially malicious) nodes.
The remediation is to run the Stacks node in a network DMZ of some kind. For example, the node should not be able to connect to any other host on its local network except for other Stacks nodes.
This needs to be stated in both the operator's documentation, as well as enforced in the default Docker files we ship for the node if it isn't already.
Metadata
Metadata
Assignees
Type
Projects
Status