Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop using private IP addresses by default #3117

Open
6 tasks
Tracked by #2311
, #3247 #3096
...
teor2345 opened this issue Nov 29, 2021 · 8 comments
Open
6 tasks
Tracked by #2311
, #3247 #3096
...

Stop using private IP addresses by default #3117

teor2345 opened this issue Nov 29, 2021 · 8 comments
Labels
A-network Area: Network protocol updates or fixes C-security Category: Security issues I-destructive Zebra destroys unrelated files or network addresses I-privacy Zebra discloses private information I-remote-trigger Remote nodes can make Zebra do something bad

Comments

@teor2345
Copy link
Contributor

teor2345 commented Nov 29, 2021
edited
Loading

Motivation

Zebra currently connects to private IP addresses, and advertises them to its peers.

But this is a security issue, because Zebra can be used to probe internal network addresses, and disclose if they're running a Zcash node. Zebra might also overload other internal services with connections. (But we have a rate-limit for this.)

Zebra also discloses the internal IP address of the machine it is on.

Tasks

  • Reject private IP addresses in address book updates
    • Reject private IP addresses in the local listener address in the address book
  • Reject private IP addresses when querying configured DNS seeders
    • What should we do about seed peers configured with private IP address literals?
  • Stop putting private IP addresses in the inbound or outbound handshake fields
  • Add a debug_allow_private_ip_addressesconfig that allows private IP addresses for testing

Related Work

We might want to merge this PR as part of this fix:
@teor2345 teor2345 added C-enhancement Category: This is an improvement S-needs-triage Status: A bug report needs triage C-security Category: Security issues I-slow Problems with performance or responsiveness I-usability Zebra is hard to understand or use I-privacy Zebra discloses private information A-network Area: Network protocol updates or fixes I-destructive Zebra destroys unrelated files or network addresses labels Nov 29, 2021
@mpguerra
Copy link
Contributor

Hey team! Please add your planning poker estimate with ZenHub @conradoplg @dconnolly @jvff @oxarbitrage @teor2345 @upbqdn

@mpguerra mpguerra removed the S-needs-triage Status: A bug report needs triage label Dec 15, 2021
@teor2345 teor2345 mentioned this issue Dec 28, 2021
Closed
2 tasks
@mpguerra mpguerra mentioned this issue Jan 27, 2022
Closed
40 tasks
@teor2345 teor2345 mentioned this issue Jan 27, 2022
Closed
18 tasks
@teor2345 teor2345 mentioned this issue Jun 3, 2022
Merged
3 tasks
@teor2345 teor2345 mentioned this issue Aug 25, 2022
Closed
76 tasks
@mpguerra mpguerra moved this to 🆕 New in Zebra Sep 22, 2022
@mpguerra mpguerra added this to Zebra Sep 22, 2022
@teor2345
Copy link
Contributor Author

teor2345 commented Feb 1, 2023

I'm not sure if this is a priority at the moment?

@mpguerra
Copy link
Contributor

mpguerra commented Feb 2, 2023

it's not but I think it's ok to keep open for now

@teor2345
Copy link
Contributor Author

teor2345 commented May 7, 2023

@mpguerra is this something we want to do before the stable release? It seems like a privacy issue that some users might be concerned about. (And they might assume that we'd never leak private addresses.)

@mpguerra
Copy link
Contributor

mpguerra commented May 8, 2023

@mpguerra is this something we want to do before the stable release? It seems like a privacy issue that some users might be concerned about. (And they might assume that we'd never leak private addresses.)

Yup, I think so. I thought it was in the epic already.

@teor2345
Copy link
Contributor Author

@mpguerra I just noticed this again, is it something we should do before the stable release, or right after it?

@mpguerra
Copy link
Contributor

I think since it's been a low priority issue it can wait until after. If we can get it in before, great, but I wouldn't block on it.

@teor2345 teor2345 mentioned this issue May 29, 2023
Merged
6 tasks
@teor2345
Copy link
Contributor Author

teor2345 commented Jun 5, 2023

Note from engineering sync: this seems like a risky change to make between the final release candidate and the first stable release. But we could do it in stages, or do it with extra tests.

@teor2345 teor2345 removed I-destructive Zebra destroys unrelated files or network addresses I-usability Zebra is hard to understand or use labels Oct 30, 2023
@teor2345 teor2345 added I-destructive Zebra destroys unrelated files or network addresses I-remote-trigger Remote nodes can make Zebra do something bad and removed I-slow Problems with performance or responsiveness C-enhancement Category: This is an improvement labels Oct 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-network Area: Network protocol updates or fixes C-security Category: Security issues I-destructive Zebra destroys unrelated files or network addresses I-privacy Zebra discloses private information I-remote-trigger Remote nodes can make Zebra do something bad
Projects
Zebra
Status: New
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mpguerra @teor2345