[zeromq-dev] security model recommendation

Pieter Hintjens ph at imatix.com
Thu Sep 8 01:56:30 CEST 2011


On Wed, Sep 7, 2011 at 6:41 PM,  <chrish at techspecs.com> wrote:

>   Suppose 0mq is used in a commercial product and is released and is used
> by the community. Now, a hacker discovers that 0mq is being used and
> tries to get inside by imitating the protocol somehow. How to discover
> this (besides segfault)? Or worse still, the hacker simply wants to
> bring down the server and sends an empty string across REP/REQ or
> something like that.

It's not very different from any public-facing service:

* the software (libzmq) must be resistant against all possible attacks
based on malformed messages
* the software should be guarded against DoS by clients exhausting all resources
* the software may need assistance from external firewalls

Today, libzmq doesn't do this properly, but we're pretty good at
fixing any issues that we can reproduce. There was a port "futzing"
project (sending random data to sockets to try to crash libzmq) which
produced a few asserts, that we fixed.

I'd guess that 0MQ/2.1 will never have guards against DoS attacks;
this could be added to 3.x and later versions if anyone cares strongly
enough.

You can already use iptables to whitelist trusted peers, and block all others.

-Pieter



More information about the zeromq-dev mailing list