You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Evernode Hosts are servers that provide hosting services on Evernode, they openly share their IP address and hardware specs to the platform which allows Tenants to conduct proper analysis on which hosts to choose from to host their contracts.
In my opinion, Evernode Hosts sharing their IP address publicly is a double-edged sword as it allows tenants and users to connect to a node and interact with a contract (which is necessary) but it also opens up an attack vector to the host as malicious parties could conduct DDoS attacks on a particular host.
Profitable Attack Vector
A malicious party could conduct a DDoS attack on most, if not all hosts to halt the platform which subsequently affects the hosted contracts. There's no monetary incentive to this attack if they target all hosts but they're able to make a generous amount of money from a DDoS attack if:
They themselves run hosts
They only DDoS their "competitors" (other hosts)
The cost of executing a DDoS attack is less than the attack's profit
If they're successful with the DDoS attack (all targeted hosts go offline), their hosts are able to monopolize the reward emission schedule and keep the hosting rewards to themselves.
Here's the formula for a DDoS attack on Evernode:
Variables:
VoA = Value of Attack, which is the reward pool for a Moment during an Epoch
EHC = Eligible Host Count, hosts that are eligible to receive the reward during the Moment
Cost = Cost of Executing The DDoS Attack, translated from Dollars to $EVR
( ( VoA / EHC ) * Hosts owned by Attacker ) - Cost = Profit to the Attacker
All surplus hosts from the EHC that are not owned by the attacker is deemed a "Dummy Host", dummy hosts are hosts that are not necessary resilient from the attack but hosts that are not attacked to act as scapegoats/coverup.
Dummy Hosts are hosts that are scapegoats to the attack, they are not attacked by the attackers to reduce the attacker's hosts' exposure, reducing the suspicion that the attacker conducted the DDoS to monopolize the hosting reward program for themselves.
In this case, the cost of executing a DDoS attack is unknown plus it gets relatively cheaper as the internet grows with more insecure computers that are exploited to be apart of DDoS attacks unknowingly, but we're able to know the value of the attack which is the reward pool for a Moment during an Epoch (proposed to start @ 5120 EVR).
Protecting your host from DDoS attacks
This attack vector can be mitigated and patched if a host operator conducts proper network security management, utilizing a Firewall on their host's network either through a software or hardware implementation, blocking all redundant requests that are suspected to be apart of a DDoS attack. It is up to the host to implement the right configurations and set of rules to mitigate this attack.
Additionally, hosts can block all ports except for port 26201 to 26201+n and 22861 to 22861+n. This will block all unnecessary ports that may play a threat to the host's operations.
Evernode as a platform or any other party isn't able to protect hosts from DDoS attacks, so host operators must conduct proper NetSec to secure and protect themselves from these technical attacks that may potential disturb their business model and their reputation as a secure and stable host.
Additional note
I won't be touching this part much but please note that if your host is breached, an attacker could easily steal your private keys and transfer all your EVR and deregister your host to redeem the deposit rebate. Please ensure your host is secure, limit SSH requests and have strict rules for SSH.
Please note that this material was written independently, the research done and its contents might be invalid or outdated as time progresses, please DYOR.
Welcoming all views, discussions, thoughts and questions on this thread.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Evernode Hosts are servers that provide hosting services on Evernode, they openly share their IP address and hardware specs to the platform which allows Tenants to conduct proper analysis on which hosts to choose from to host their contracts.
In my opinion, Evernode Hosts sharing their IP address publicly is a double-edged sword as it allows tenants and users to connect to a node and interact with a contract (which is necessary) but it also opens up an attack vector to the host as malicious parties could conduct DDoS attacks on a particular host.
Profitable Attack Vector
A malicious party could conduct a DDoS attack on most, if not all hosts to halt the platform which subsequently affects the hosted contracts. There's no monetary incentive to this attack if they target all hosts but they're able to make a generous amount of money from a DDoS attack if:
If they're successful with the DDoS attack (all targeted hosts go offline), their hosts are able to monopolize the reward emission schedule and keep the hosting rewards to themselves.
Here's the formula for a DDoS attack on Evernode:
All surplus hosts from the EHC that are not owned by the attacker is deemed a "Dummy Host", dummy hosts are hosts that are not necessary resilient from the attack but hosts that are not attacked to act as scapegoats/coverup.
Dummy Hosts are hosts that are scapegoats to the attack, they are not attacked by the attackers to reduce the attacker's hosts' exposure, reducing the suspicion that the attacker conducted the DDoS to monopolize the hosting reward program for themselves.
In this case, the cost of executing a DDoS attack is unknown plus it gets relatively cheaper as the internet grows with more insecure computers that are exploited to be apart of DDoS attacks unknowingly, but we're able to know the value of the attack which is the reward pool for a Moment during an Epoch (proposed to start @ 5120 EVR).
Protecting your host from DDoS attacks
This attack vector can be mitigated and patched if a host operator conducts proper network security management, utilizing a Firewall on their host's network either through a software or hardware implementation, blocking all redundant requests that are suspected to be apart of a DDoS attack. It is up to the host to implement the right configurations and set of rules to mitigate this attack.
Additionally, hosts can block all ports except for port
26201 to 26201+nand22861 to 22861+n. This will block all unnecessary ports that may play a threat to the host's operations.Evernode as a platform or any other party isn't able to protect hosts from DDoS attacks, so host operators must conduct proper NetSec to secure and protect themselves from these technical attacks that may potential disturb their business model and their reputation as a secure and stable host.
Additional note
I won't be touching this part much but please note that if your host is breached, an attacker could easily steal your private keys and transfer all your EVR and deregister your host to redeem the deposit rebate. Please ensure your host is secure, limit SSH requests and have strict rules for SSH.
Please note that this material was written independently, the research done and its contents might be invalid or outdated as time progresses, please DYOR.
Welcoming all views, discussions, thoughts and questions on this thread.
Beta Was this translation helpful? Give feedback.
All reactions