Security in XMR

highlander1491 · August 26, 2018, 11:58am

Hi,
I read this link about xmr security:

https://xibo.org.uk/manual/en/install_xmr.html#security

but I have some question.

PROBLEM 1:
Suppose that I am an attacker. Suppose I want to do a replay attack.
I know that packets sent to xmr port (9505) are encrypted. But I can capture them anyway and resend them to port 9505.
How does xibo manage this situation?

PROBLEM 2:
Suppose I am an attacker again. I want to do a dos attack against 9505 port.
To protect 9505 port, we can use fail2ban. But fail2ban needs a log file to read. Is there a log file for xmr that fail2ban can read to figure out the ip address of the attacker?

Thanks in advance for reply.

alex · August 30, 2018, 12:06pm

XMR packets have a short TTL. You could replay them for a very short time, but after that they’d be rejected as invalid by the Player.

You can’t use Fail2Ban. Port 9505 doesn’t accept traffic, it outputs it. As such there’s no log since the Player is connecting only to open a communications channel.

highlander1491 · August 30, 2018, 5:56pm

Thanks for response.
So the 9505 port will not receive any tcp or udp packet. And so there is no reason to protect 9505 port from an hypothetical dos attack. Am I right?

alex · August 31, 2018, 9:16am

You could send data to that port, but nothing would happen with it. It can’t be used for amplification for example.

The only route to send data in to XMR is on the private port, which very definitely should not be exposed to the public internet.

If you wanted to design some firewalling around XMR you certainly could do.

highlander1491 · August 31, 2018, 8:41pm

OK, thanks very much for your reply.