[ https://issues.apache.org/jira/browse/HDFS-8906?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yongjun Zhang resolved HDFS-8906. --------------------------------- Resolution: Won't Fix Hi [~JJHoward], Thanks for reporting the issue, I'm closing it as 'Won't fix" per [~aw]'s comments. Please raise if you have any concern. Thanks. > Non Authenticated Data node Allowed to Join HDFS > ------------------------------------------------ > > Key: HDFS-8906 > URL: https://issues.apache.org/jira/browse/HDFS-8906 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode > Affects Versions: 0.20.2 > Environment: CentOS 6.7 > Reporter: John J. Howard > Priority: Minor > Labels: security > > An attacker with network access to a Hadoop cluster can create a spoof > datanode that the namenode will accept into the cluster without > authentication, allowing the attacker to run MapReduce jobs on the cluster in > order to steal data. The spoof datanode is created by adding the namenode > RSA SSH public key to the known hosts directory, starting Hadoop services, > setting the IP address to be the same as a legitimate node on the Hadoop > cluster and sending the namenode a heartbeat message with an empty namespace > ID. This will cause the namenode to think that the spoof datanode is a node > that had previously crashed and lost its data. The namenode will then > connect to the spoof datanode using its SSH credentials and start replicating > data on the spoof datanode, incorporating the spoof datanode into the > cluster. Once incorporated, the spoof node can start issuing MapReduce jobs > to retrieve cluster data. -- This message was sent by Atlassian JIRA (v6.3.4#6332)