hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John J. Howard (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-8906) Non Authenticated Data node Allowed to Join HDFS
Date Mon, 17 Aug 2015 13:53:46 GMT
John J. Howard created HDFS-8906:

             Summary: Non Authenticated Data node Allowed to Join HDFS
                 Key: HDFS-8906
                 URL: https://issues.apache.org/jira/browse/HDFS-8906
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: datanode, namenode
    Affects Versions: 0.20.2
         Environment: CentOS 6.7
            Reporter: John J. Howard
            Priority: Minor

An attacker with network access to a Hadoop cluster can create a spoof datanode that the namenode
will accept into the cluster without authentication, allowing the attacker to run MapReduce
jobs on the cluster in order to steal data.  The spoof datanode is created by adding the namenode
RSA SSH public key to the known hosts directory, starting Hadoop services, setting the IP
address to be the same as a legitimate node on the Hadoop cluster and sending the namenode
a heartbeat message with an empty namespace ID.  This will cause the namenode to think that
the spoof datanode is a node that had previously crashed and lost its data.  The namenode
will then connect to the spoof datanode using its SSH credentials and start replicating data
on the spoof datanode, incorporating the spoof datanode into the cluster.  Once incorporated,
the spoof node can start issuing MapReduce jobs to retrieve cluster data.

This message was sent by Atlassian JIRA

View raw message