3. DDOS, A bug og just a coincidence?

DDOS, A bug og just a coincidence?

  • T

    Each time I start siad my router reboorts after about 20 minutes, and the router keeps rebooting, each time af about 20 mins

    I have tested the different modules, and it is only when the host module is activated this happens

    I can see I have 8 connections on port 8891

    1
  • Global Moderator

    The renter module is currently not very smart, when it's trying to upload a file but the host rejects it the renter will just keep trying until it works, this means it's constantly spawning lots of connections to all it's hosts to try to upload the file, even though brute forcing it will not help a bit. This happens when the contract runs out of funds, the host is full of data, contract revisions are not correct and some other cases.

    I think the devs are currently working on making the renter a bit smarter. But with 0.6.0 the renter will essentially DDOS any host that works against it's will.

    You can see the amount of connections being made to the sia host with the command ./siac host -v, it will show you what kind of request the renter is making and how many times it's happened.

    0
  • Global Moderator

    Also, it surprises me that it could make your router crash... It could have something to do with upnp too, which is a tool that automatically forwards ports to a sia host at startup without user interaction. A lot of routers have a list on their settings panel that shows which applications are currently using upnp. If it doesn't you can download the upnp commandline client too.

    This is what it looks like when I run ./upnpc-static -l (upnpc is the upnp commandline client)

     4 TCP  9981->192.168.178.21:9981  'Sia RPC' '' 0
 5 UDP  9981->192.168.178.21:9981  'Sia RPC' '' 0
 6 TCP  9982->192.168.178.21:9982  'Sia Host' '' 0
 7 UDP  9982->192.168.178.21:9982  'Sia Host' '' 0

    These are some automatic forwards done by sia

    0
  • T

    I have disable the renter module, so just running this command

    siad -M gctwh

    is causing the problem.
    I have tried just calling
    siad -M gctw
    and then i have no router-problem

    This is the output from
    siac host v

        Host info:
    Storage:      400.000 GB (570.43 MB used)
    Price:        10 KS / TB / Month
    Max Duration: 25920 Blocks

    Accepting Contracts: Yes
    Anticipated Revenue: 66.58 SC
    Locked Collateral:   1.286 KS
    Risked Collateral:   15.19 SC
    Revenue:             0 H
    Lost Revenue:        0 H
    Lost Collateral:     0 H

    Net Address: 85.218.210.34:9982 (automatically determined)

    RPC Stats:
    Error Calls:        9
    Unrecognized Calls: 0
    Download Calls:     0
    Renew Calls:        0
    Revise Calls:       5
    Settings Calls:     1918
    FormContract Calls: 11

  Storage Folders:
    Used         Capacity      % Used    Path
    570.43 MB    400.000 GB    0.14     .\SIAFolder

    So what can I change so the renters from outside don't kill my router ?

    0
  • Global Moderator

    I'm not sure what could really be causing your router problem, or how to solve it. Maybe the devs have some insights on this issue. Better wait until they wake up.

    Those stats looks pretty OK to me. I can also see in my renter log that it has been trying to upload to you, but the connection timed out.

    0
  • T

    It is difficult to upload as currently I have 18 up time, then 4 min downtime while the router reboots, then 18 mins up etc..

    And as soon as I drop the host, the router is working fine, could be some strange memory leak in the router only happening for incomming signals, though I have been running a lot of other applications from the outside

    0
  • T

    How many requests will my host receive from the network on average ? Will it only be from the connected peers ?

    0

  • @thorvald said in DDOS, A bug og just a coincidence?:

    How many requests will my host receive from the network on average ? Will it only be from the connected peers ?

    The number of connected peers is not related to the number of host requests. "Peers" refers to the nodes you are connected to for consensus purposes (i.e. relaying blocks and transactions). Renters can connect at any time, and disconnect when they have finished uploading/downloading. The "RPC Stats" output should give you a rough idea of how many people are connecting to you. You can also check your log file (host/host.log) for suspicious activity.

    0
  • T

    How can I increase the logging , so the log file gets updated on each request?

    Currently I only have a very few lines, most like this:

        2016/05/26 19:19:03.781322 network.go:149: WARN: incoming RPC "ReviseContract" failed: read tcp 192.168.25.111:9982->213.73.138.240:55240: wsarecv: An existing connection was forcibly closed by the remote host.
   2016/05/26 20:36:05.487705 network.go:149: WARN: incoming RPC "ReviseContract" failed: read tcp 192.168.25.111:9982->213.73.138.240:45196: wsarecv: An existing connection was forcibly closed by the remote host.

    It would be nice to be able to log each request

    0
  • admins

    Right now the only way you could do that is by modifying the source code. Logging in the host is pretty simple, you just make a call to host.log.Println(...).

    We are taking the general strategy of logging common or attacker-triggerable messages only in DEBUG mode, otherwise an attacker could pretty easily fill a users disk with useless logging messages (10+GB of logging messages). For developers, that's not really a problem and it's interesting, but for users it's annoying.

    We only distribute non-DEBUG binaries, but if you are building from master you can build your binaries with DEBUG mode enabled. make release will build the binaries with DEBUG.

    The logging is still not very complete, I frequently find myself needing to add more messages to figure things out that I want to know, even with DEBUG enabled. We're definitely accepting pull requests if you want to help us improve logging in the host.

    0
  • T

    One idea might be to set the logging level as a parameter, so it is a host setting.

    But I have done some more testing, and it seems it is the requests from the renters, that are DDOS'ing my router. Are there anything special about the requests made from the renters ? or is it just normal RPC-calls?

    I have had other P2P running, so I am suspecting either that the request are creating some shortage in the router making it boot after a while.

    What I have seen is the following

    no siad running - my router is happy

    siad running but not as a host - all is still fine

    siad running as a host - 18 minutes approx. router boot

    siad as been running for a while, but I terminates it but still letting it be registered as a host - router might work for 1-2 hours, probably because there are still some tries of connecting

    siad has ben running but is deregistered as a host for contracts, router seems to be working fne

    As I understand it there are different type of calls made, but I suspect the scanning of hosts might be the problem.

    I can see that in Sia / modules / renter / hostdb / scan.go the host is added to the pool, but as GO is a new language for me, I still havent figured out where the actual call to the host is made (And thus not found where I need to log the request on the host side).

    I think it might be a request that is not passed thru the router, so even logging on the host might not help me.

    0
Log in to reply