Denial of service - MQX 4.1.1 RTCS block

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Denial of service - MQX 4.1.1 RTCS block

Jump to solution
537 Views
thiagow
Contributor III

Hello,

I'm implementing an application using MQX RTCS when I need to receive broadcast frames, process then and response with the data to the requeter.

All it's working ok, I register a ethertype with Enet_open() and I'm receiving and sending frames normally.

But the problem is: When the client starts sending several broadcast frames in the network the MQX becomes very slow and other task stop working (the only task thats work is the task that receive ethernet broadcasts).

This behavior is dangerous, it can cause a DENIAL of Service in my Network if a hacker for example generate several broadcasts to stop my devices that runs MQX.

I've several tasks in my project:

- Manage web interface

- Manage configurations

- Manage Serial communications (with RS-232 polling)

- Manage SNMP task

and finnaly a Task that receive broadcasts for communication.

How can I solve and avoid that my task that receive broadcasts (with a callback in Enet_open) ,  catchs 100% of CPU for itself?

How can I avoid and discart for example another all broadcasts frames that I receive more than 2 in a second for example?

0 Kudos
1 Solution
306 Views
RadekS
NXP Employee
NXP Employee

Everything is possible… :-)

However you wanted implement your actions on base of destination address (broadcasts). This address is simply available at UDP layer. If you will be able parse just destination address at some lower layer or directly from packet, you will be able discard these packet early.

If expected broadcasts has some uniform structure in your case, you can compare it directly in callback function.

We don't have any special adaptation layer between RTCS and ENET driver for that purpose, therefore you will need to modify either RTCS stack or ENET driver.

View solution in original post

0 Kudos
3 Replies
306 Views
RadekS
NXP Employee
NXP Employee

I would like to recommend one of these approaches:

  1. You can implement some timer and counter for counting broadcasts pert second and test “ipdest” variable in UDP_service() function. In case of ipdest=broadcast and counter>NR_OF_BROADCAST_PER_S you can discard pcb with this packet:
    RTCSPCB_free(pcb_ptr);
    Optionally you can also update statistics prior that action.
    For details, please see UDP_service() function where we discard pcb for example in case when port=0 (Port zero is an illegal destination)
  2. Deeper defense against this kind of attack could be temporary disabling RX interrupts in ENET_EIMR register or directly in NVIC controller. This could prevent against massive attacks where MCU will entering into RX interrupt again and again and other tasks are not serviced.

I hope it helps you.

Have a great day,
RadekS

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos
306 Views
thiagow
Contributor III

RadekS

But in this case, I don't use UDP, I use RAW frames using ENET_OPEN with a callback function.

Is it possible to implement your trick without editing MQX driver or source only verifing in callback function?

0 Kudos
307 Views
RadekS
NXP Employee
NXP Employee

Everything is possible… :-)

However you wanted implement your actions on base of destination address (broadcasts). This address is simply available at UDP layer. If you will be able parse just destination address at some lower layer or directly from packet, you will be able discard these packet early.

If expected broadcasts has some uniform structure in your case, you can compare it directly in callback function.

We don't have any special adaptation layer between RTCS and ENET driver for that purpose, therefore you will need to modify either RTCS stack or ENET driver.

0 Kudos