Bug 12354 - Possible Denial of Service when using dhcp on red
Summary: Possible Denial of Service when using dhcp on red
Status: CLOSED FIXED
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: all All
: Will affect most users Security
Assignee: Assigned to nobody - feel free to grab it and work on it
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-07 15:46 UTC by Jonatan Schlag
Modified: 2020-04-30 20:15 UTC (History)
5 users (show)

See Also:


Attachments
Logs of the Firewall, reduced to the interesting parts (12.74 KB, text/plain)
2020-04-07 15:59 UTC, Jonatan Schlag
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jonatan Schlag 2020-04-07 15:46:22 UTC
Hi,

I will a further Information when this bug is marked as private.

Greetings
Jonatan
Comment 1 Jonatan Schlag 2020-04-07 15:56:41 UTC
Hi,

on the third of February 2020, the dhcpc daemon crashed, due to a segfault. This segfault seems to be caused by an invalid UDP Package that was sent from an IP address which does not belong to my ISP.

Attached are logs of all events when the dhcpc daemon encountered an invalid UDP package.


I substituted all internal IP addresses with corresponding strings.

Greetings
Jonatan
Comment 2 Jonatan Schlag 2020-04-07 15:59:50 UTC
Created attachment 741 [details]
Logs of the Firewall, reduced to the interesting parts
Comment 3 Peter Müller 2020-04-07 18:45:46 UTC
Just some details regarding the mentioned IPs:

2.19.194.154
-> AS20940 (Akamai Technologies)
-> Estimated location: Amsterdam, NL

74.125.173.198
-> AS15169 (Google LLC)
-> Estimated location: ? (Somewhere in Central Europe)

88.134.182.42
-> AS31334 (Vodafone Kabel Deutschland GmbH)
-> Estimated location: ?, DE

179.27.95.90
-> AS6057 (Administracion Nacional de Telecomunicaciones)
-> Estimated location: ?, BO

In my opinion, Vodafone/Kabel Deutschland has a major problem with the packet filters (if any) at their perimeters. Although I do not expect any answer, we should let them know about this as soon as this bug has been solved.
Comment 4 Peter Müller 2020-04-10 11:00:11 UTC
Trying to get a contact to the firewall folks at Kabel Deutschland...
Comment 5 Michael Tremer 2020-04-14 14:55:25 UTC
(In reply to Peter Müller from comment #4)
> Trying to get a contact to the firewall folks at Kabel Deutschland...

A customer can confirm that this is happening on Vodafone's network somewhere in Eastern Germany.

Jonatan, could you please install c143, which has an updated version of dhcpcd as soon as you can?
Comment 6 Arne.F 2020-04-14 16:33:52 UTC
Please test core144 from unstable. This contains only dhcpcd 9.00 yet.
Comment 8 Michael Tremer 2020-04-22 17:33:18 UTC
> https://blog.ipfire.org/post/ipfire-2-25-core-update-144-is-available-for-testing

Can somebody confirm that this is fixed?
Comment 9 Andreas Zweili 2020-04-23 15:27:20 UTC
I'm installing update 144 now since I wrote this post:
https://community.ipfire.org/t/connection-on-red-randomply-stops-working-maybe-after-dhcp-renewal/531

However I have no idea when I should report back that it works.
It can work fine for two - three weeks and at other times happen every few days.