John J. Howard created HDFS-8906:
------------------------------------
Summary: Non Authenticated Data node Allowed to Join HDFS
Key: HDFS-8906
URL: https://issues.apache.org/jira/browse/HDFS-8906
Project: Hadoop HDFS
Issue Type: Bug
Components: datanode, namenode
Affects Versions: 0.20.2
Environment: CentOS 6.7
Reporter: John J. Howard
Priority: Minor
An attacker with network access to a Hadoop cluster can create a spoof datanode
that the namenode will accept into the cluster without authentication, allowing
the attacker to run MapReduce jobs on the cluster in order to steal data. The
spoof datanode is created by adding the namenode RSA SSH public key to the
known hosts directory, starting Hadoop services, setting the IP address to be
the same as a legitimate node on the Hadoop cluster and sending the namenode a
heartbeat message with an empty namespace ID. This will cause the namenode to
think that the spoof datanode is a node that had previously crashed and lost
its data. The namenode will then connect to the spoof datanode using its SSH
credentials and start replicating data on the spoof datanode, incorporating the
spoof datanode into the cluster. Once incorporated, the spoof node can start
issuing MapReduce jobs to retrieve cluster data.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
