Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
Flooding attack against synchronising keyservers
gnupg-users at gnupg
Mar 27, 2023, 10:47 AM
Post #1 of 4 (230 views)
Permalink
Hi, everyone.

The synchronising keyserver network has been under an intermittent flooding attack for the past five days, resulting in the addition of approximately 3 million obviously-fake OpenPGP keys to the SKS dataset. The fake keys are currently being submitted multiple times per second via a large number of Tor exit relays, making them difficult to block using normal abuse mitigations. If unaddressed, this will eventually fill up the disk of all public synchronising servers.

Effective immediately, pgpkeys.eu has been temporarily disconnected from all its peers, and is blocking all key submissions. It will remain available for key lookups but will not allow key updates while the flooding attack continues.

I strongly recommend that other keyserver operators take similar measures, until a more permanent solution can be deployed.

A

Attached Files:

Re: Flooding attack against synchronising keyservers [ In reply to ]
dirk at computer42
Mar 28, 2023, 4:44 AM
Post #2 of 4 (230 views)
Permalink
As adviced I temporarily disabled the peers on
keyserver{1,2}.computer42.org.

Waiting for a better solution …

Best regards,

H.-Dirk

--

H.-Dirk Schmitt
Dipl.Math.
eMail:dirk.schmitt@computer42.org
mobile:+49 177 616 8564
phone: +49 2642 99 41 14
fax: +49 2642 99 41 15
Schillerstr. 42, D-53489 Sinzig
pgp: http://www.computer42.org/~dirk/OpenPGP-fingerprint.html

Attached Files:

Re: Flooding attack against synchronising keyservers [ In reply to ]
gnupg-users at gnupg
Mar 28, 2023, 2:25 PM
Post #3 of 4 (230 views)
Permalink
On mar, mar 28 2023, H.-Dirk Schmitt wrote:

> As adviced I temporarily disabled the peers on
> keyserver{1,2}.computer42.org.

Same for keys.escomposlinux.org

> Waiting for a better solution …

Let's hope there is one...

Best regards,

Iñaki.

Attached Files:

Re: Flooding attack against synchronising keyservers [ In reply to ]
gnupg-users at gnupg
Apr 21, 2023, 6:35 AM
Post #4 of 4 (211 views)
Permalink
Hi, all.

pgpkeys.eu is fully operational, is accepting key submissions and is syncing with two similarly recovered peers. The number of keys in the dataset is back to pre-flooding levels, and site reliability has been significantly improved.

If you are an operator and need assistance recovering your system, please get in touch.

Thanks,
A

> On 27 Mar 2023, at 18:47, Andrew Gallagher via Gnupg-users <gnupg-users@gnupg.org> wrote:
>
> Signed PGP part
> Hi, everyone.
>
> The synchronising keyserver network has been under an intermittent flooding attack for the past five days, resulting in the addition of approximately 3 million obviously-fake OpenPGP keys to the SKS dataset. The fake keys are currently being submitted multiple times per second via a large number of Tor exit relays, making them difficult to block using normal abuse mitigations. If unaddressed, this will eventually fill up the disk of all public synchronising servers.
>
> Effective immediately, pgpkeys.eu has been temporarily disconnected from all its peers, and is blocking all key submissions. It will remain available for key lookups but will not allow key updates while the flooding attack continues.
>
> I strongly recommend that other keyserver operators take similar measures, until a more permanent solution can be deployed.
>
> A

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal