Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible DoS attack against OVT protocol #1595

Open
SceneCityDev opened this issue Apr 7, 2024 · 1 comment
Open

Possible DoS attack against OVT protocol #1595

SceneCityDev opened this issue Apr 7, 2024 · 1 comment

Comments

@SceneCityDev
Copy link

In #1583 I had reported that the OVT stream worker can get stuck.

I have just seen the issue again, and this time was able to pin-point it in the log.

I now believe the issue is caused by exploit scanners hitting the OVT port:

[2024-04-07 10:28:51.928] I [SPOvtPub-t9000:977192] OVT | ovt_publisher.cpp:181  | OvtProvider is connected : <ClientSocket: 0x7f1e6a80aa10, #36, Connected, TCP, Nonblocking, 192.241.196.124:43098>
[2024-04-07 10:28:51.928] C [SPOvtPub-t9000:977192] OVT | ovt_publisher.cpp:198  | Unavailable message
[2024-04-07 10:28:55.070] W [DechevcQsv:978070] ManagedQueue | managed_queue.h:444  | [152] mngq:v=#default#origin1:s=test3:p=trs:n=filter_video size has exceeded the threshold: queue: 132, threshold: 117, peak: 299
[2024-04-07 10:29:00.141] W [DechevcQsv:978070] ManagedQueue | managed_queue.h:444  | [152] mngq:v=#default#origin1:s=test3:p=trs:n=filter_video size has exceeded the threshold: queue: 120, threshold: 117, peak: 299
[2024-04-07 10:29:01.929] I [SPOvtPub-t9000:977192] OVT | ovt_publisher.cpp:266  | OvtProvider is disconnected(2) : <ClientSocket: 0x7f1e6a80aa10, #36, Disconnected, TCP, Nonblocking, 192.241.196.124:43098>

192.241.196.124 is not one of my edges, but an exploit scanner:

https://www.abuseipdb.com/check/192.241.196.124

Does OVT have any authentication at all? I find it weird that someone sending random garbage to this port can cause a critical error, and that it takes 10 seconds (!) until that socket gets disconnected.

As you can see the ManagedQueue getting stuck happens exactly at this moment.

For now, I'll try to firewall the port for all IPs that aren't my edges.

I think it should be looked at how the OVT code can quickly check if something is a valid client, and close the socket if not, and not making it part of any queue before it's clear it's a valid client.
@getroot
Copy link
Sponsor Member

getroot commented Apr 8, 2024

Thank you for clarifying the issue. If so, it would be a good idea to close this issue and continue linking to issue #1583.

When I originally designed OVT, I intended to secure it with a firewall, but I would consider a separate authentication process.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@getroot @SceneCityDev