Potential denial-of-service attack methods against the exozyme server #38

Closed
opened 2021-08-28 23:20:34 +00:00 by a · 5 comments
Owner

There are a lot of ways people can attack the server. Here's a few that I thought of:

  • Flooding the server with a ton of network traffic
  • Filling up the NVME hard drive with tons of files
  • Filling up the RAM so we run out of memory
  • Running an intense program that uses 100% CPU
  • Uploading an extremely large file to exocloud or exochat
There are a lot of ways people can attack the server. Here's a few that I thought of: * Flooding the server with a ton of network traffic * Filling up the NVME hard drive with tons of files * Filling up the RAM so we run out of memory * Running an intense program that uses 100% CPU * Uploading an extremely large file to exocloud or exochat
a added the
security
label 2021-08-28 23:20:34 +00:00
a added this to the (deleted) project 2021-08-28 23:20:34 +00:00
Author
Owner

I mean, we're assuming that the users are people that I kind of know, so we should be able to manage it when something like this happens.

I mean, we're assuming that the users are people that I kind of know, so we should be able to manage it when something like this happens.
Author
Owner

Obvious countermeasures include setting a disk quota and systemd resource limits. I don't think it's needed right now.

Obvious countermeasures include setting a [disk quota](https://wiki.archlinux.org/title/Disk_quota) and [systemd resource limits](https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html). I don't think it's needed right now.
Author
Owner

OK, it might be time for setting some limits...

OK, it might be time for setting some limits...
a added this to the v5.0 milestone 2021-10-29 21:19:42 +00:00
a removed this from the v5.0 milestone 2021-11-03 00:39:25 +00:00
a added the
help wanted
label 2021-11-13 22:46:01 +00:00
a added this to the v6.0 milestone 2021-11-13 22:53:51 +00:00
Author
Owner

Memory leaks like this one will get killed pretty quickly by the OOM killer:

#include <bits/stdc++.h>
using namespace std;

int main() {
    while (1) {
        malloc(1<<20);
    }
}

Now time to test fork bombs...

Memory leaks like this one will get killed pretty quickly by the OOM killer: ``` #include <bits/stdc++.h> using namespace std; int main() { while (1) { malloc(1<<20); } } ``` Now time to test fork bombs...
Author
Owner

So fork bombs do work, but it's quite easy to stop them by logining in with SSH and running nice -20 pkill -9 -u USER. Closing this for now but we can reopen this if we find other attack methods.

So fork bombs do work, but it's quite easy to stop them by logining in with SSH and running `nice -20 pkill -9 -u USER`. Closing this for now but we can reopen this if we find other attack methods.
a closed this issue 2021-11-14 17:12:16 +00:00
Sign in to join this conversation.
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: exozyme/exozyme#38
No description provided.