Opened at 2022-03-08T15:16:48Z
Last modified at 2022-03-08T15:22:09Z
#3878 new defect
Potential denial of service attack by rogue servers
| Reported by: | itamarst | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | undecided |
| Component: | unknown | Version: | n/a |
| Keywords: | availability, security | Cc: | |
| Launchpad Bug: |
Description
- Malicious server SN joins grid G
- Client C begins to upload shares R[1..N] to storage servers S[1..N]
- SN sees upload of share RN to storage index I
- SN immediately calls allocate_buckets on S[1..N-1] for shares R[1..N] (but doesn't bother to upload anything)
- For any server/share combination where SN gets there first, C is denied the ability to perform an upload. Also, to C, it looks like the share has already been uploaded so no further work is required on its part.
Change History (1)
comment:1 Changed at 2022-03-08T15:22:09Z by itamarst
- Keywords availability security added
Note: See
TracTickets for help on using
tickets.
