Search returns 500 MB blob

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Search returns 500 MB blob

Sascha Rommelfangen
Hi all,

We’re just running into a situation where we looked up a key for the email address [hidden email]. All keyservers we tried, including our very own one at pgp.circl.lu, returned a blob of 500 MB.
Some key servers return a timeout after 30 seconds. The situation can also be tested with key ID 0x62cfc8f5, however, the returned blob is much smaller (23 MB).

Has anyone else seen this or similar cases and investigated the root cause and what can be done to prevent systematically the exhaustion of resources?

Thank you very much and with kind regards,
Sascha Rommelfangen


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Search returns 500 MB blob

Sascha Rommelfangen
Hi all,

Is nobody else affected by this issue?
Nobody able to reproduce it?

Cheers,
Sascha


> On 27 May 2019, at 15:27, Sascha Rommelfangen <[hidden email]> wrote:
>
> Hi all,
>
> We’re just running into a situation where we looked up a key for the email address [hidden email]. All keyservers we tried, including our very own one at pgp.circl.lu, returned a blob of 500 MB.
> Some key servers return a timeout after 30 seconds. The situation can also be tested with key ID 0x62cfc8f5, however, the returned blob is much smaller (23 MB).
>
> Has anyone else seen this or similar cases and investigated the root cause and what can be done to prevent systematically the exhaustion of resources?
>
> Thank you very much and with kind regards,
> Sascha Rommelfangen
>


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Search returns 500 MB blob

Andreas Puls
Hi Sascha,

maybe you can block the request to those keys.
In Feb '19 we had something like a DDoS, a key which made about 90% of
the traffic.

See here:
https://www.mail-archive.com/sks-devel@.../msg06498.html

I create an additonal nginx config, fail2ban will be triggered on error
code 444

Br
  Andreas

Am 03.06.2019 um 15:40 schrieb Sascha Rommelfangen:

> Hi all,
>
> Is nobody else affected by this issue?
> Nobody able to reproduce it?
>
> Cheers,
> Sascha
>
>
>> On 27 May 2019, at 15:27, Sascha Rommelfangen <[hidden email]> wrote:
>>
>> Hi all,
>>
>> We’re just running into a situation where we looked up a key for the email address [hidden email]. All keyservers we tried, including our very own one at pgp.circl.lu, returned a blob of 500 MB.
>> Some key servers return a timeout after 30 seconds. The situation can also be tested with key ID 0x62cfc8f5, however, the returned blob is much smaller (23 MB).
>>
>> Has anyone else seen this or similar cases and investigated the root cause and what can be done to prevent systematically the exhaustion of resources?
>>
>> Thank you very much and with kind regards,
>> Sascha Rommelfangen
>>
>
>
> _______________________________________________
> Sks-devel mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Search returns 500 MB blob

Kim Minh Kaplan-2
In reply to this post by Sascha Rommelfangen
Sascha Rommelfangen:

> Hi all,
>
> Is nobody else affected by this issue?
> Nobody able to reproduce it?
>
> Cheers,
> Sascha

Yes, searches for the words jr, cix and ie yield 16 keys that have
serverly been abused.

    $ du -hc /tmp/key-*.pgp
    29M     /tmp/key-03d7350a8e44bd76efdcf02e4fd34f4d.pgp
    20M     /tmp/key-0a84c799778a4fbc6fdba0a61909c9ad.pgp
    26M     /tmp/key-5d5673e1a896a9dfb59e2d815b46b7a3.pgp
    89M     /tmp/key-60bf5c0adc380ac4136370a1f125fb95.pgp
    23M     /tmp/key-6e4ec9f1a4a7bd05504f02f1cad6ba33.pgp
    15M     /tmp/key-89827e4c457bd4095ce4abdf866b56be.pgp
    9.5M    /tmp/key-a228a387845f71b4a0d030e5e81176f0.pgp
    1.6M    /tmp/key-a7dd70f37114703dcd61128e8890532c.pgp
    24M     /tmp/key-aaed1419190168b87a44df97cf8cec70.pgp
    80M     /tmp/key-b149ebf1b6d8588d79a5a095c1cd12d2.pgp
    72M     /tmp/key-c23b37ec41ec018dfaabf17fe79bd845.pgp
    49M     /tmp/key-cf9660f3b6fa8e50b3164c4dff770bfa.pgp
    133M    /tmp/key-e10f483b942a5ad6adaa6b53be05fd46.pgp
    119M    /tmp/key-e7ed87d8418531a19dcf65d7f84f65de.pgp
    35M     /tmp/key-ebf15811e4e12e9c455d375d0d4db913.pgp
    29M     /tmp/key-f673d164e9b4a52aa2e7786b35c889cb.pgp
    747M    total

Not that as far as I can see none of them match [hidden email]. Mays be we
should open a bug for that.

Kim Minh

>> On 27 May 2019, at 15:27, Sascha Rommelfangen <[hidden email]> wrote:
>>
>> Hi all,
>>
>> We’re just running into a situation where we looked up a key for the email address [hidden email]. All keyservers we tried, including our very own one at pgp.circl.lu, returned a blob of 500 MB.
>> Some key servers return a timeout after 30 seconds. The situation can also be tested with key ID 0x62cfc8f5, however, the returned blob is much smaller (23 MB).
>>
>> Has anyone else seen this or similar cases and investigated the root cause and what can be done to prevent systematically the exhaustion of resources?
>>
>> Thank you very much and with kind regards,
>> Sascha Rommelfangen
>>
>
>
> _______________________________________________
> Sks-devel mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/sks-devel

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Search returns 500 MB blob

Christoph Martin
In reply to this post by Sascha Rommelfangen
You can see it on most SKS servers like ours (pgp.uni-mainz.de)

Am 03.06.19 um 15:40 schrieb Sascha Rommelfangen:
>
> Is nobody else affected by this issue?
> Nobody able to reproduce it?
>

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel