[Battlemesh] Routing Tables of Death

Pau pau at dabax.net
Tue Mar 7 22:29:57 CET 2017 

Would be interesting to see if bmx7 (with security extensions [1]) is
able to minimize the impact of such kind of attack. Of course the
network flooding will still be a problem but if the routing protocol can
survive to it the attack impact would reduce drastically.

[1] http://bmx6.net/documents/30

On 07/03/17 22:13, Dave Taht wrote:
> On Tue, Mar 7, 2017 at 12:53 PM, Simon Wunderlich <sw at simonwunderlich.de> wrote:
>> It's not exactly stress testing and doesn't apply for the routing protocols
>> you mentioned, but maybe you will find the joker interesting:
>>
>> https://www.open-mesh.org/projects/open-mesh/wiki/Joker
> 
> Thank you, that is indeed interesting. I have been looking over a
> fuzzer loosely based on this:
> 
> https://www.fastly.com/blog/how-fuzz-server-american-fuzzy-lop
> 
>> I'm sure that some of those ideas can be adopted for other protocols as well.
> 
> Yes, looks promising, thx!
> 
> ...
> 
> One item that I would like to see move to use everywhere is filtering
> out netlink messages to self (stuff sent from my pid) via bpf.
> 
> (And maybe use bpf on other sorts of messages).
> 
> This is applicable to everything persistently using netlink, and I'm
> not sure to what extent it is in userspace daemons like odhcpd,
> dnsmasq, bmx, olsr, etc, etc.
> 
> Example from my rabeld repo:
> 
> https://github.com/dtaht/rabeld/commit/a163eed7a2af0c55d700e8042341aeb011fb13de
> 
>> Cheers,
>>       Simon
>>
>> On Tuesday, March 7, 2017 10:00:31 AM CET Dave Taht wrote:
>>> I have been stress testing multicast (after getting ATF to work on
>>> unicast this past year), and ended up rolling a few tools that let me
>>> abuse it in the case of meshy routing protocols.
>>>
>>> Last night's effort is called "rtod - routing tables of death".
>>>
>>> The initial code is here:
>>>
>>> https://github.com/dtaht/rtod
>>>
>>> I hope you find the README enlightening. Emphatically, do not run rtod
>>> on a production mesh network. I did. Multiple times. It took hours to
>>> fix.
>>>
>>> I'd like to add conf files for various daemons (bmx, batman, olsrr)
>>> that will both enable this tool - and, more importantly,
>>> configurations that will filter out the routes rtod inserts.
>>>
>>> ...
>>>
>>> It would be "interesting" to run stress tests like these at the next
>>> battlemesh.
>>>
>>> ...
>>>
>>> If anyone can point me at other routing stress test tools they use,
>>> or can suggest additional features for rtod, please let me know. I
>>> have a few features left to add to it as yet.
>>>
>>> My intent was originally to merely to stress out wifi multicast, but....
>>
> 
> 
> 

-- 
./p4u

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://ml.ninux.org/pipermail/battlemesh/attachments/20170307/f05382d0/attachment-0001.sig>

More information about the Battlemesh mailing list