Please use this thread to discuss the Updating the xx network to protect against DDoS attacks blog post
2 Likes
You are correct in general that the only way to protect against a DDoS attack is to have more bandwidth than an attacker.
We are not trying to protect against a general case DDoS attack here though.
Our goal is to stop an attack which is submitting cMix messages and filling all batches, which this does not protect against. Without this protection, filling all batches is trivial, far more trivial than a generic DDoS attack.
3 Likes
Good points about DDoS, but that indeed is a separate matter which every gateway needs to solve and as @warnings says, it ideally shouldn’t be shared by too many nodes. So it’d be fine if that was in place separately and if 20% used DIY approach, 20% CF, 20% Akamai, 20% ISP, 20% hyperscaler…
Problem statement describes only gateways and app-level DDoS:
This is a particularly difficult problem, and solutions like mini proofs of work on send seem to work
I think the approach is good for that layer. Below, and before that, node runners could apply other approaches and the less prescriptive about that the project is, the better.
My hosting provider has their own anti-DDoS service. It’s inexpensive and probably crap, but if each is crappy in its own way that should still help because in the case of an attack that exploits one weakness, only a minority of the nodes would be affected while simpler attacks should be survived by all.
1 Like
Nano currency is feeless and because of that faced some attacks like the one we are trying to mitigate… From what I’ve heard, they used a PoW solution as well, but looks like they were evolving it. There is a good read in here about this topic. Great move from the XX team by looking for solutions regarding the free tier messaging exchange!!
1 Like
I had a look at my GW server Provider (Contabo) and they do have some built in DDOS protection for all servers they host. This is the link. Although im sure its not perfect, they do say it will filter nearly 99% of all DDOS attacks. Not sure what the other providers offer but something is better than nothing and when all these protections are paired together I think we are off to a good start. Ill link the Contabo page on DDOS protection Here:
Hetzner info on DDOS protection is here:
https://www.hetzner.com/news/hetzner-online-now-offers-extensive-ddos-protection/
2 Likes
As there are multiple layers in the OSI model, so there are multiple levels where you can/should implement a DDoS mitigation solution, you cannot compare apples with pears (layer 2/3 DDoS protections with layer 7 DDoS protection).
Having a DDoS protection at the application level makes absolutely sense (and it’s the only layer where it makes sense for xx network, given that it cannot control our networks), what I don’t like very much is basing it on the IPv4 scarcity. It’s already a shame that it doesn’t support IPv6, and this will make its support even more difficult.
Also I’m not sure if sharing the IPs will have some impact on the metadata privacy.
1 Like
Good idea about leaky buckets. However, I was also wondering about the privacy aspect and what happens if many devices are connected to the same network and share the public ip (eg. Students in university etc…).
Can the IPs be hashed before gossiping?
It will definetly be an issue for students, there will need to be a system to allow increased bucket sizes for certain IPs.
As for hashing, it is of little value. IPv4 addresses are have 32 bits of entropy. A dumb table of all hashes would only take up 128TB of space, trivial for a sufficiently motificated attacker.
2 Likes
Now that the update has been pushed out: about the word “urgent” - what made it urgent?
It’s a given that XX nodes will be DDoS’d, so no doubt the sooner we can better handle those, the better.
the xx messenger is about to launch, with a significant marketing push behind it. With this vulnerability present, someone could have easily and cheaply made the xx network unavailable. We calculated that before it, for ~$100 USD a day someone could saturate the network. It would have been a big blow to the network if someone did that during the launch.
4 Likes