Root server vulnerabilities

If someone were to send a self-written request to the 9993 port on a root server, what data would they be able to get back from it if they did not have ZeroTier installed? And what would they need to include in the request to get any information about nodes connected to the root servers? Would they only need the planet file to be able to “trick” the root servers into believing that the request is honest and to send any routing information?

The planet file is just a list of the public root servers, their static IP addresses, and the public half of their encryption keys. It’s what tells each ZeroTier client where to find the root servers, and what public key to use when sending packets to one of the root servers in that list. So no, you cannot change the planet file to “trick” the root servers somehow. It is possible to run your own root servers, generate your own planet files, and install the planet file on your own clients to use your own root servers. The downside there is that they won’t be able to communicate with any other zerotier clients that do not have your custom planet file.

Root servers are similar to DNS servers. Instead of asking “What IP address can I contact at?”, your client asks the root server server “What PI address can I find node ID abcdef0123 at?” It then gives you IP/port combos to try to contact abcdef0123 at.

Now that we have the basics out of the way there, if you just send a random packet to port 9993 of a root server, you’re not going to get anything back because the packet likely wouldn’t be a valid ZeroTier packet, so the root just ignores it. If you’ve gone and implemented the ZeroTier protocol & encryption to send whatever packet you’re sending, well, then you have a full ZeroTier client and it can ask the root server where other nodes can be contacted at.

1 Like

Thanks, this answer explains it very well. So to summarize, the only information I can get from a root server without actually hacking it, would be the same information that I would get from a regular DNS server, so IP/port combos to different nodes? And I can only get this information if I have implemented the ZeroTier protocol and encryption to send this packet?

The only thing you can get from the root server is the Node ID -> IP address mapping, period. That’s all it knows and all it has. And yes, you would need the protocol & encryption implemented to get that information.

Root servers also forward packets between nodes that cannot establish direct connections. Even then, the packets are encrypted from sender to receiver. So even with access to the machine, all one would be able to see is encrypted data going from Node A -> root server -> Node B and there is no way to decrypt the data that is being sent between nodes from the root.

1 Like

Okay, thank you! Very good answers!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.