Who is phantomcircuit, and is this OK ?

[AlexWhite]

Saw this on #bitcoin-dev IRC chat today:

07:59   phantomcircuit   jgarzik, i actually have code to ddos the entire network
07:59   phantomcircuit   it works
07:59   phantomcircuit   but i run out of local port numbers before i get past about 100 peers

If I found a DoS vulnerability I wouldn't brag about it in public-- I'd tell the developers privately.

And isn't testing a DoS on a production network immoral/illegal ?

[deeplink]

He is Patrick Strateman from Bitcoinica/Intersango.

[AlexWhite]

Does anybody else find it disturbing that somebody who runs a Bitcoin exchange would run DoS tests on the main bitcoin network?

That seems like behavior that could be reported to his upstream ISP(s). If he was "testing" some little email service provider by trying to fill up all and keep busy of their SMTP server with bogus connections (here I'm talking out my ass, I have no idea if there is any DoS protection with SMTP) I think that'd be against any reasonable ISP's terms of service.

And if he's using a botnet... then what the hell is somebody who runs an exchange doing with a botnet?

[Rick James]

Does anybody else find it disturbing that somebody who runs a Bitcoin exchange would run DoS tests on the main bitcoin network?

I find it disurbing that a thieving ass bitch motherfucker like Patrick would run DoS tests on the main bitcoin network!

PHANTOMCIRCUIT: WHERE'S THE BITCOINICA MONEY MOTHERFUCKER??

[deeplink]

Does anybody else find it disturbing that somebody who runs a Bitcoin exchange would run DoS tests on the main bitcoin network?

That seems like behavior that could be reported to his upstream ISP(s). If he was "testing" some little email service provider by trying to fill up all and keep busy of their SMTP server with bogus connections (here I'm talking out my ass, I have no idea if there is any DoS protection with SMTP) I think that'd be against any reasonable ISP's terms of service.

And if he's using a botnet... then what the hell is somebody who runs an exchange doing with a botnet?

He is a mediocre programmer and he and his team are responsible for lots of people losing tens of thousands of BTC in the Bitcoinica fiasco. Because they have not made any attempt to be cooperative, charges have been filled against them by some respected members of the Bitcoin community. Lawyers are now handling the case and hopefully they will go to court. They are also historically associated with Nefario, the GLBSE scammer.

Maybe a core programmer or developer can comment on what was found. But my guess is this: he has found nothing substantial and is looking for attention. Pathetic, but that is how we know Patrick.

[Luke-Jr]

Saw this on #bitcoin-dev IRC chat today:

07:59   phantomcircuit   jgarzik, i actually have code to ddos the entire network
07:59   phantomcircuit   it works
07:59   phantomcircuit   but i run out of local port numbers before i get past about 100 peers

If I found a DoS vulnerability I wouldn't brag about it in public-- I'd tell the developers privately.

And isn't testing a DoS on a production network immoral/illegal ?

You cut off the end:

[Thursday, November 15, 2012] [7:59:29 AM] <phantomcircuit>   jgarzik, i actually have code to ddos the entire network
[Thursday, November 15, 2012] [7:59:31 AM] <phantomcircuit>   it works
[Thursday, November 15, 2012] [7:59:44 AM] <phantomcircuit>   but i run out of local port numbers before i get past about 100 peers
[Thursday, November 15, 2012] [7:59:44 AM] <Luke-Jr>   um
[Thursday, November 15, 2012] [7:59:45 AM] <phantomcircuit>   :(
[Thursday, November 15, 2012] [7:59:55 AM] <Luke-Jr>   you can't know it works without having DDoS'd the network -.-
[Thursday, November 15, 2012] [8:00:44 AM] <phantomcircuit>   Luke-Jr, well it worked against the roughly dozen bitcoin nodes i run
[Thursday, November 15, 2012] [8:00:52 AM] <phantomcircuit>   scale to all connectable peers

In other words, he tested this on his own nodes.

I presume if there was anything we could do to fix it, he'd have mentioned that in private.

[mistfpga]

You cut off the end:

[Thursday, November 15, 2012] [7:59:29 AM] <phantomcircuit>   jgarzik, i actually have code to ddos the entire network
[Thursday, November 15, 2012] [7:59:31 AM] <phantomcircuit>   it works
[Thursday, November 15, 2012] [7:59:44 AM] <phantomcircuit>   but i run out of local port numbers before i get past about 100 peers
[Thursday, November 15, 2012] [7:59:44 AM] <Luke-Jr>   um
[Thursday, November 15, 2012] [7:59:45 AM] <phantomcircuit>   
[Thursday, November 15, 2012] [7:59:55 AM] <Luke-Jr>   you can't know it works without having DDoS'd the network -.-
[Thursday, November 15, 2012] [8:00:44 AM] <phantomcircuit>   Luke-Jr, well it worked against the roughly dozen bitcoin nodes i run
[Thursday, November 15, 2012] [8:00:52 AM] <phantomcircuit>   scale to all connectable peers

In other words, he tested this on his own nodes.

I presume if there was anything we could do to fix it, he'd have mentioned that in private.

hang on a sec, if this is a resource exhasution, and 12 nodes made him run out of ports then this is a non issue.  However he clearly states that he has tried it against at least 100 peers...  and only owns a dozen or so.

I see where you are coming from luke, and I would tend to agree with you, however I find myself agreeing more with this...

But my guess is this: he has found nothing substantial and is looking for attention.

60,000 ports to take out 12 boxes? that isnt a dos, that is just being stupid. (I will have a play, and I think I am pretty sure what he claims to have found I already know... it isnt worth reporting...)

I may well be wrong, but I do not thinkso, how on earth do you run out of ports on a DDoS? on a DoS sure, but a DDoS only takes out 100 nodes? again this is a non issue. (DDoS == DISTRIBUTED Denial of Serivce, v DoS == Denail of Serivce.) - Remeber what SYN floods were actually for? 1 BTC to the person who explains first. (hint kevin mitnik got imprisoned for it) if the attack cannot involve IP spoofing then again it is a non issue. (another hint to get that 1 btc)

I have no dog in any fight that Patrick is involved with (except bitcoin in general)

Patrick, take a look at you auth code on intersango.  shore your own doors before you piss in other peoples pools.

bug hugs,

disco

(re 1 btc prize, that is for the person who i deem to give the best answer.  In the event of no correct answers, I will give the 1 btc to the person that got the closest.  My deciscion is finial, there is no appeal.only one prize will be paid. so the total prize fund is 1 btc which can be won by 1 person only.)

[Bitcoin Oz]

Well, if they take down bitcoin then they can buy them for cents on the dollar and pay everyone back....

[dree12]

You cut off the end:

[Thursday, November 15, 2012] [7:59:29 AM] <phantomcircuit>   jgarzik, i actually have code to ddos the entire network
[Thursday, November 15, 2012] [7:59:31 AM] <phantomcircuit>   it works
[Thursday, November 15, 2012] [7:59:44 AM] <phantomcircuit>   but i run out of local port numbers before i get past about 100 peers
[Thursday, November 15, 2012] [7:59:44 AM] <Luke-Jr>   um
[Thursday, November 15, 2012] [7:59:45 AM] <phantomcircuit>   
[Thursday, November 15, 2012] [7:59:55 AM] <Luke-Jr>   you can't know it works without having DDoS'd the network -.-
[Thursday, November 15, 2012] [8:00:44 AM] <phantomcircuit>   Luke-Jr, well it worked against the roughly dozen bitcoin nodes i run
[Thursday, November 15, 2012] [8:00:52 AM] <phantomcircuit>   scale to all connectable peers

In other words, he tested this on his own nodes.

I presume if there was anything we could do to fix it, he'd have mentioned that in private.

hang on a sec, if this is a resource exhasution, and 12 nodes made him run out of ports then this is a non issue.  However he clearly states that he has tried it against at least 100 peers...  and only owns a dozen or so.

I see where you are coming from luke, and I would tend to agree with you, however I find myself agreeing more with this...

But my guess is this: he has found nothing substantial and is looking for attention.

60,000 ports to take out 12 boxes? that isnt a dos, that is just being stupid. (I will have a play, and I think I am pretty sure what he claims to have found I already know... it isnt worth reporting...)

I may well be wrong, but I do not thinkso, how on earth do you run out of ports on a DDoS? on a DoS sure, but a DDoS only takes out 100 nodes? again this is a non issue. (DDoS == DISTRIBUTED Denial of Serivce, v DoS == Denail of Serivce.) - Remeber what SYN floods were actually for? 1 BTC to the person who explains first. (hint kevin mitnik got imprisoned for it) if the attack cannot involve IP spoofing then again it is a non issue. (another hint to get that 1 btc)

I have no dog in any fight that Patrick is involved with (except bitcoin in general)

Patrick, take a look at you auth code on intersango.  shore your own doors before you piss in other peoples pools.

bug hugs,

disco

(re 1 btc prize, that is for the person who i deem to give the best answer.  In the event of no correct answers, I will give the 1 btc to the person that got the closest.  My deciscion is finial, there is no appeal.only one prize will be paid. so the total prize fund is 1 btc which can be won by 1 person only.)

Mitnick's target was an enemy's computer. He found he could gain terminal access by spoofing his IP, disguising as an actual server the terminal trusted. He used a SYN flood to disable the real server while IP-spoofing and patterns he obtained allowed him to pretend to be the server.

[mistfpga]

Mitnick's target was an enemy's computer. He found he could gain terminal access by spoofing his IP, disguising as an actual server the terminal trusted. He used a SYN flood to disable the real server while IP-spoofing and patterns he obtained allowed him to pretend to be the server.

For the 1 btc I would like more detail about the actual attack. (think sequence numbers, and why it was a syn dos, as apposed to a traditional ICMP DDoS [ping of death] - a couple of paragraphs max.)

as normal, first in best dressed.

as an act of good faith, and because I did not realise the detail I wanted until someone posted I will send dree12 (please pm me.) 1 bitcoin because he has imo, satisified the orginal criteria, but I want more info. so another 1 btc up for someone who wants to write a bit more deatail about the attaack.

Note:
For the record, I do not believe patrick found anything major, if he had, i personally belive it would have already been sent to the devs via pgp rather than irc. And I believe he would not DoS mainnet for a proof of concept bug he is reporting.

[Phinnaeus Gage]

How do we know for sure that that's the real Patrick being quoted? (serious question, for I'm ignorant on these types of things)

[phantomcircuit]

Patrick, take a look at you auth code on intersango.  shore your own doors before you piss in other peoples pools.

Surely if there is an issue you can break in and steal the 10 BTC in the account with email h4xm3@covertinferno.org whose password is imapassw0rd.

Shouldn't be to hard, right?

p.s. the attack works I tested it on several nodes which were running multiple bitcoind instances (which I called peers in the chat log).

p.p.s I disclosed this over a year ago but never got around to actually writing a poc because it's annoying to get the timing right on everything.

[mistfpga]

Patrick, take a look at you auth code on intersango.  shore your own doors before you piss in other peoples pools.

Surely if there is an issue you can break in and steal the 10 BTC in the account with email h4xm3@covertinferno.org whose password is imapassw0rd.

Shouldn't be to hard, right?

I would not steal anything. also, if I did know if a way of 'stealing' from intersango or its customers then I would have reported this to you rather than exploit it.  I never said there was an authentification bypass.  I would not test your systems, especially not for free.

p.s. the attack works I tested it on several nodes which were running multiple bitcoind instances (which I called peers in the chat log).

Makes sense. Thanks for the clarification.  note that in my second post I said that it was a non issue, otherwise you would have reported it properly rather than irc.

p.p.s I disclosed this over a year ago but never got around to actually writing a poc because it's annoying to get the timing right on everything.

Interseting. This is a little more worrying. (from a bitcoin dev view...) so when the bug was reported, what was the response from the dev team? why hasnt it been fixed yet?

cheers,

steve

[Sergio_Demian_Lerner]

If  you check https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures you will see that the time a vulnerability is disclosed from the time it is reported is over 6 month. Also note that vulns are fixed very fast, but people do not try to upgrade. I wonder why.