[OTR-users] OTR loop DOS attack

Ken Restivo ken at restivo.org
Mon Jul 25 19:45:20 EDT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I inadvertently discovered a DOS attack in OTR.

I wrote a Jabber bot which notifies me of certain events. It also accepts a few text commands. If an unknown command is entered, the bot echoes it back.

This created a DOS attack in Adium. The OTR code apparently saw the "?OTR?" echoed back, and thought that my bot was attempting to mate with it. Not so. A huge, CPU-soaking, network-spewing, machine-locking disaster resulted (on the client, anyway).

Turning off encryption for that particular contact solved the problem.

It might be good if the opportunistic encryption somehow could recognise an echo of its own request, and just disregard it and go into unencrypted mode.

I don't know whether this vulnerability is in Adium, with the OTR protocol. It's obviously more annoying than dangerous, but I suppose it could be put to nefarious endsas well.

I'm not subscribed to this list. If you want to duplicate the error, write a simple Jabber bot that just echoes messages back (may be in sample code of a few Jabber libraries), then try to use opportunistic encryption to connect to it. Much hilarity will follow.

Cheers!

- -ken
- -- 
- ---------------
The world's most affordable web hosting.
http://www.nearlyfreespeech.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC5XmQe8HF+6xeOIcRAvKCAJ9sxZpokOG9CTlPalH8NF91g4UD2gCfXN5O
cWiznvkcdI0pFJ4gqbqpJbw=
=HSm+
-----END PGP SIGNATURE-----



More information about the OTR-users mailing list