**Ryan Barrett** @snarfed · 2018-05-30T18:12:37Z

Ryan Barrett @snarfed

Interesting unintended consequence of federation: when you post a link, >1k mastodon nodes all fetch it at the same time to render a link preview, which results in a small DDoS.

May 30, 2018, 18:12 · Web · 1 · 5

**neekz0r** @neekz0r · May 30, 2018, 18:23

**neekz0r** @neekz0r · May 30, 2018, 18:23

@snarfed oh snap, that would mean it can be used as an amplifcation attack.

nice find! But also troubling for the internets at large.

@ashfurrow thoughts?

**Ash Furrow** @ashfurrow · May 31, 2018, 01:05

**Ash Furrow** @ashfurrow · May 31, 2018, 01:05

@neekz0r @snarfed huh! That’s really interesting – and a bit troubling.

**neekz0r** @neekz0r · May 31, 2018, 01:09

**neekz0r** @neekz0r · May 31, 2018, 01:09

@ashfurrow @snarfed One of the ways I think that could prevent it would be to pass the link preview along with the link. That way only one server fetches.

**Ash Furrow** @ashfurrow · May 31, 2018, 01:42

**Ash Furrow** @ashfurrow · May 31, 2018, 01:42

@neekz0r @snarfed there’s a vulnerability there, though: how does the receiving server know the link preview it got is correct? Malicious instances could modify it, or maybe the link preview could have changed since the lag fetch.

**neekz0r** @neekz0r · May 31, 2018, 15:51

**neekz0r** @neekz0r · May 31, 2018, 15:51

@ashfurrow @snarfed I would argue a malicious instance can do that anyway; or outright rewrite the link to a phishing site regardless of the link preview showing up or not.

**Ash Furrow** @ashfurrow · May 31, 2018, 19:19

**Ash Furrow** @ashfurrow · May 31, 2018, 19:19

@neekz0r @snarfed When federating toots, Mastodon always goes back to verify the toot contents with the source instance for this exact reason.