[ENet-discuss] DOS problem with connections?

Lee Salzman lsalzman at telerama.com
Wed May 12 21:04:05 PDT 2004 

Well, there are probably a bunch more DoSes hiding in ENet. I never
really went through hardening the protocol against such stuff just
because it was not an issue for what I was using it for on the time. But
if someone *cough* would like to audit it for this sort of thing and
submit sane bug-fixes, that's A-OK with me. :)

Lee

On Wed, May 12, 2004 at 03:05:24PM -0700, Kevin Deus wrote:
>    Maybe I'm missing something, but it looks like there's a possible
> denial-of-service issue with ENet's connection scheme.  From the looks of it
> (and from a previous post), the connection follows this sequence:
> 
>    Computer 'A' is the client, attempting to connect.
>    Computer 'B' is the server, accepting connections.
> 
> 1) A sends CONNECT to B
> 2) B receives CONNECT ->
>     B reserves a Peer slot for this client, setting its
>       state to ENET_PEER_STATE_ACKNOWLEDGING_CONNECT
>     B sends ACK:CONNECT to A
>     B sends VERIFY_CONNECT to A
> 3) A receives VERIFY_CONNECT ->
>     A delivers CONNECT event
>     A sends ACK:VERIFY_CONNECT to B
> 4) B receives ACK:VERIFY_CONNECT ->
>     B delivers CONNECT event
> 
>    However, what happens if A isn't really a valid client, and all it's
> trying to do is use up slots on the server so that nobody else can connect?
> The sequence will stop after step #2, since the client will never respond.
> And the server has already reserved a peer slot for that client.  The server
> will keep that slot in use until enet_protocol_check_timeouts() times out on
> the VERIFY_CONNECT packet.  ...which looks like it'd be about 16 seconds,
> since the default round-trip time is set to half a second, and the packet
> won't time out until 32* that amount.
>    All that a malicious user would have to do to prevent the server from
> establishing any new connections is repeatedly send CONNECT packets to the
> server (either from one host or from a distributed collection of computers
> using forged IP headers).  The server will use up all its peer slots and
> valid clients won't be able to connect (except on the rare occasion where
> the server has just timed out one of the invalid clients and it hasn't
> received the next invalid CONNECT packet yet).
> 
>    If I'm missing something and this wouldn't be a problem, please let me
> know..  ...otherwise I may poke through the code and look into a fix.

More information about the ENet-discuss mailing list