DDOS, A bug og just a coincidence?

Fornax

Also, it surprises me that it could make your router crash... It could have something to do with upnp too, which is a tool that automatically forwards ports to a sia host at startup without user interaction. A lot of routers have a list on their settings panel that shows which applications are currently using upnp. If it doesn't you can download the upnp commandline client too.

This is what it looks like when I run ./upnpc-static -l (upnpc is the upnp commandline client)

 4 TCP  9981->192.168.178.21:9981  'Sia RPC' '' 0
 5 UDP  9981->192.168.178.21:9981  'Sia RPC' '' 0
 6 TCP  9982->192.168.178.21:9982  'Sia Host' '' 0
 7 UDP  9982->192.168.178.21:9982  'Sia Host' '' 0

These are some automatic forwards done by sia

thorvald

I have disable the renter module, so just running this command

siad -M gctwh

is causing the problem.
I have tried just calling
siad -M gctw
and then i have no router-problem

This is the output from
siac host v

    Host info:
    Storage:      400.000 GB (570.43 MB used)
    Price:        10 KS / TB / Month
    Max Duration: 25920 Blocks

    Accepting Contracts: Yes
    Anticipated Revenue: 66.58 SC
    Locked Collateral:   1.286 KS
    Risked Collateral:   15.19 SC
    Revenue:             0 H
    Lost Revenue:        0 H
    Lost Collateral:     0 H

    Net Address: 85.218.210.34:9982 (automatically determined)

    RPC Stats:
    Error Calls:        9
    Unrecognized Calls: 0
    Download Calls:     0
    Renew Calls:        0
    Revise Calls:       5
    Settings Calls:     1918
    FormContract Calls: 11

  Storage Folders:
    Used         Capacity      % Used    Path
    570.43 MB    400.000 GB    0.14     .\SIAFolder

So what can I change so the renters from outside don't kill my router ?

Fornax

I'm not sure what could really be causing your router problem, or how to solve it. Maybe the devs have some insights on this issue. Better wait until they wake up.

Those stats looks pretty OK to me. I can also see in my renter log that it has been trying to upload to you, but the connection timed out.

thorvald

It is difficult to upload as currently I have 18 up time, then 4 min downtime while the router reboots, then 18 mins up etc..

And as soon as I drop the host, the router is working fine, could be some strange memory leak in the router only happening for incomming signals, though I have been running a lot of other applications from the outside

thorvald

How many requests will my host receive from the network on average ? Will it only be from the connected peers ?

nemo

@thorvald said in DDOS, A bug og just a coincidence?:

How many requests will my host receive from the network on average ? Will it only be from the connected peers ?

The number of connected peers is not related to the number of host requests. "Peers" refers to the nodes you are connected to for consensus purposes (i.e. relaying blocks and transactions). Renters can connect at any time, and disconnect when they have finished uploading/downloading. The "RPC Stats" output should give you a rough idea of how many people are connecting to you. You can also check your log file (host/host.log) for suspicious activity.

thorvald

How can I increase the logging , so the log file gets updated on each request?

Currently I only have a very few lines, most like this:

    2016/05/26 19:19:03.781322 network.go:149: WARN: incoming RPC "ReviseContract" failed: read tcp 192.168.25.111:9982->213.73.138.240:55240: wsarecv: An existing connection was forcibly closed by the remote host.
   2016/05/26 20:36:05.487705 network.go:149: WARN: incoming RPC "ReviseContract" failed: read tcp 192.168.25.111:9982->213.73.138.240:45196: wsarecv: An existing connection was forcibly closed by the remote host.

It would be nice to be able to log each request

Taek

Right now the only way you could do that is by modifying the source code. Logging in the host is pretty simple, you just make a call to host.log.Println(...).

We are taking the general strategy of logging common or attacker-triggerable messages only in DEBUG mode, otherwise an attacker could pretty easily fill a users disk with useless logging messages (10+GB of logging messages). For developers, that's not really a problem and it's interesting, but for users it's annoying.

We only distribute non-DEBUG binaries, but if you are building from master you can build your binaries with DEBUG mode enabled. make release will build the binaries with DEBUG.

The logging is still not very complete, I frequently find myself needing to add more messages to figure things out that I want to know, even with DEBUG enabled. We're definitely accepting pull requests if you want to help us improve logging in the host.

thorvald

One idea might be to set the logging level as a parameter, so it is a host setting.

But I have done some more testing, and it seems it is the requests from the renters, that are DDOS'ing my router. Are there anything special about the requests made from the renters ? or is it just normal RPC-calls?

I have had other P2P running, so I am suspecting either that the request are creating some shortage in the router making it boot after a while.

What I have seen is the following

no siad running - my router is happy

siad running but not as a host - all is still fine

siad running as a host - 18 minutes approx. router boot

siad as been running for a while, but I terminates it but still letting it be registered as a host - router might work for 1-2 hours, probably because there are still some tries of connecting

siad has ben running but is deregistered as a host for contracts, router seems to be working fne

As I understand it there are different type of calls made, but I suspect the scanning of hosts might be the problem.

I can see that in Sia / modules / renter / hostdb / scan.go the host is added to the pool, but as GO is a new language for me, I still havent figured out where the actual call to the host is made (And thus not found where I need to log the request on the host side).

I think it might be a request that is not passed thru the router, so even logging on the host might not help me.