nanomq icon indicating copy to clipboard operation
nanomq copied to clipboard
verified publisher icon nanomq

Potential DoS Attacks in NanoMQ

Open songxpu opened this issue 1 year ago • 3 comments

Describe the bug

After the client sends a large number of packets to NanoMQ, NanoMQ will fall into a circular waiting state where the MQTT port is still open, but any new requests will not be responded to.

Expected behavior

NanoMQ should revert to the normal receive state after receiving and processing any input message to wait for subsequent requests.

Actual Behavior

But, NanoMQ seems to be stuck in a waiting loop, as you can see from the logs it keeps printing "send aio error Out of files".

To Reproduce

I implemented a Python script with the two packets involved, nanomq.pcap and nanomq2.pcap, to reproduce the problem. NanoMQ DoS.zip

# start the broker
./nanomq start --conf ./nanomq.conf

# execute py script
python3 mqtt_replay.py

image

Now: image

image

Environment Details

Client SDK If possible include the mqtt sdk you used to connect to nanomq Minimal C test cases are perferred.

Additional context

songxpu avatar May 01 '24 12:05 songxpu

This state for NanoMQ seems to persist until the Broker is restarted manually. Also, I use nanomq.conf with no special settings, the default is fine.

songxpu avatar May 01 '24 12:05 songxpu

HI songxpu, thank you for your feedback.

An interesting observation we found after running your script is that the fd growth did not decrease when we ran only the 120th case. That's consistent with your description. But we found out that this case is trying to set up a link with clean_session 0 which means session holding. So when the link is broken, the session continues until the same clientid session is connected.

To sum up, the phenomenon you describe is not a problem. Enabling session holding continuously consumes the fd resources of the system.

In the future, however, there are plans to recycle fd after the session holding link is broken, but it will not affect the session holding functionality.

At the moment it looks like this feature will be complicated to change.

RanMaoyi avatar May 08 '24 12:05 RanMaoyi

this is a system level issue, dont blame nanomq, however we will consider to refactor the session keeping feature.

JaylinYu avatar May 09 '24 04:05 JaylinYu