Bug#932769: [moreinfo] DoS via DHCP request

To: Debian Bug Tracking System <932769@bugs.debian.org>
Cc: Mark Hutchison <mark.hutchison89@gmail.com>, debian-kernel@list.debian.org
Subject: Bug#932769: [moreinfo] DoS via DHCP request
From: Tomas Pospisek <tpo_deb@sourcepole.ch>
Date: Tue, 23 Jul 2019 16:55:49 -0400 (EDT)
Message-id: <[🔎] alpine.DEB.2.21.1907231652070.19594@hier>
Reply-to: Tomas Pospisek <tpo_deb@sourcepole.ch>, 932769@bugs.debian.org
In-reply-to: <[🔎] 20190723205128.GA19539@hier>
References: <[🔎] 20190723205128.GA19539@hier> <[🔎] 156382848053.4585.14507039083907902817.reportbug@debtest>

One more question. When you say VNWare integrated product. AFAIK vmwarehave their own networking module in the kernel? Can you reproduce thiswith some other virtualisation technology like kvm, qemu?

And one more question: do depending on who does the DHCP receival in theVM (systemd? isc-dhcp-client? [...]?): shouldn't there be some ratelimiting sanity check in the DHCP client?

*t

On Tue, 23 Jul 2019, Tomas Pospisek wrote:

Package: general
Followup-For: Bug #932769

Could you privide a recipe on how to reproduce this? There's a lot of
very special setup below, that someone wwould need large amounts of time
to reporoduce I feel.

Is it possible to reduce the problem to something easily demonstratable?

This seems to be an important issue to me.

I think the problem here *might* be a kernel problem? Re-assign this to
kernel package?

When you say that it DoS'es the server then what does "top" say? What is
being DoS'ed? Is it the CPU?
*t

It would be truly cool, if you could provide more infos.
*t

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: general: DHCP request bug when storage lost
Date: Mon, 22 Jul 2019 14:48:00 -0600

Package: general
Severity: important
Tags: l10n

Dear Maintainer,

While doing unrelated storage testing for our VMware integrated product, we purposefully recreated
a storage outage by removing the iSCSI initiators from the backing array hosting the vmdk disk
images for the virtual machine.

Upon removal of uplinks to storage, the VM goes into a R/O file system state after 5-10 minutes.
When storage initiators are brought back up and the LUNs are rescanned, the VM begins to
rapidly request DHCP leases from an ISC DHCP server.  This DoS's the server in a way due
to the number of DHCPDECLINE errors, and the interface attempts to take and discard IP's in a
rapid fashion.

This only seems to appear on this distribution, and I can't replicate the behavior on Debian 9
or in a desktop environment.

-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled






-- System Information:
Debian Release: 10.0
 APT prefers stable
 APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_CH.utf8, LC_CTYPE=de_CH.utf8 (charmap=UTF-8), LANGUAGE=de_CH:de (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Reply to:

References:
- Bug#932769: [moreinfo] DoS via DHCP request
  - From: Tomas Pospisek <tpo_deb@sourcepole.ch>
- Bug#932769: general: DHCP request bug when storage lost
  - From: Mark Hutchison <mark.hutchison89@gmail.com>

Prev by Date: Bug#932836: ITP: golang-rsc-pdf -- PDF reader library
Next by Date: Bug#932769: [moreinfo] DoS via DHCP request
Previous by thread: Bug#932769: general: DHCP request bug when storage lost
Next by thread: Bug#932769: [moreinfo] DoS via DHCP request
Index(es):
- Date
- Thread