Keep getting: Connection attempt from node 'AAAAAA@AAAAAAA' rejected since it cannot handle ["BIG_CREATION"]

Questions / Help
1

In my open source project , I receive such errors all the time. I don’t know why I receive similar errors. How can I solve the problem?

error.log:

2023-04-17 20:03:12.420 UTC [error] <0.2886.6> ** 'imboy@127.0.0.1': Connection attempt from node 'AAAAAA@AAAAAAA' rejected since it cannot handle ["BIG_CREATION"].**
2 Likes
2

Distribution flag DFLAG_BIG_CREATION became mandatory from OTP23. It says: This flag is mandatory. If not present, the connection is refused. You’re probably connecting node running OTP<23 and node running OTP>=23.

1 Like
3

I did not initiate the connection myself, I guess it is malicious attack, I am not sure, no evidence, how to prevent similar errors?, My environment is:
erl --version
Erlang/OTP 24 [erts-12.3.1] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [jit]

Eshell V12.3.1 (abort with ^G)

2 Likes
4

Hmm, did you set cookie for your VM at startup (via -setcookie flag)? After this, you could set TLS for Erlang Distribution. By using those two methods you’ll reject all connection attempts that don’t have matching cookie and aren’t using TLS. However, you’ll still get error logs. Next step could be Firewall to block connection attempts from the attacker.

3 Likes
5

I set the cookie; How to set up the firewall? Can you give some reference?

1 Like
6

Firewall is completely separated from Erlang node. You can set it network-wise on your router or on your PC via iptables. E.g. you could drop packages from attacker’s IP address or you could drop all non-TLS connections to port where your node is exposed. There are lots of tutorials on web.

2 Likes
7

FWIW, that’s definitely an attack. There’s a copy / paste exploit from 2020 that matches the pattern AAAAAA@AAAAAAA. Please take @mmin’s advice and secure your network and nodes. Especially heeding to using TLS and a firewall, cookies are not really an authentication mechanism. Rather, and IMHO they are a way to wall off nodes (or entire clusters) from one or another.

That is not to say you shouldn’t have a good unpredictable cookie though!

See Erlang -- Distributed Erlang for more information on tls and and cookies.

2 Likes