public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Wladimir <laanwj@gmail.com>
To: Gregory Maxwell <gmaxwell@gmail.com>
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Deanonymisation of clients in Bitcoin P2P network paper
Date: Thu, 27 Nov 2014 11:27:34 +0000	[thread overview]
Message-ID: <CA+s+GJBsxmQJkrUYekFuUOgmEcD7qeL2e9Rf-d2nD1G1N7c_EQ@mail.gmail.com> (raw)
In-Reply-To: <CAAS2fgRSxBmyDg5R7WgisB-XmhrpGVKHXQpchtL-Ow0xDQAziA@mail.gmail.com>

On Thu, Nov 27, 2014 at 2:22 AM, Gregory Maxwell <gmaxwell@gmail.com> wrote:
>> Since this attack vector has been discussed, I started making some
>> measurements on how effective it is to connect to Bitcoin using Tor,
>> and I found that the number of connections dropping to near-zero is
>> a situation which occurs rather frequently, which suggests that there
>> is still room to improve on the DoS handling.
>
> I'm confused by this, I run quite a few nodes exclusively on tor and
> chart their connectivity and have seen no such connection dropping
> behaviour.

In my experience the problem has always been getting bootstrapped.
Most nodes hardly give any hidden service nodes in their getaddr.
(this has been improved in master by including a set of hidden service
seed nodes)
But this assumes -onlynet=tor. Tor with exit nodes should be less
problematic, unless someone managed to DoSban all the exit nodes as
described in the paper (but I've never seen such an attack myself).

> Can you tell me more about how you measured this?
>
> [As an aside I agree that there are lots of things to improve here,
> but the fact that users can in theory be forced off of tor via DOS
> attacks is not immediately concerning to me because its a conscious
> choice users would make to abandon their privacy (and the behaviour of
> the system here is known and intentional). There are other mechanisms
> available for people to relay their transactions than connecting
> directly to the bitcoin network; so their choice isn't just abandon
> privacy or don't use bitcoin at all.]

Right, there's something to be said for splitting your own transaction
submission from normal P2P networking and transaction relay.
(esp for non-SPV wallets which don't inherently leak any information
about their addresses)

There was a pull request about this for Bitcoin Core one, maybe I
closed it unfairly https://github.com/bitcoin/bitcoin/issues/4564 .

Wladimir



  parent reply	other threads:[~2014-11-27 11:27 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-26  7:47 [Bitcoin-development] Deanonymisation of clients in Bitcoin P2P network paper Jean-Paul Kogelman
2014-11-26 13:51 ` Jeff Garzik
2014-11-26 17:13   ` odinn
2014-11-27  2:09   ` Isidor Zeuner
2014-11-27  2:22     ` Gregory Maxwell
2014-11-27 11:06       ` Mike Hearn
2014-11-27 11:27       ` Wladimir [this message]
2014-12-08 16:15       ` Isidor Zeuner
2014-12-08 16:59         ` Mike Hearn
2015-01-22  0:44         ` Isidor Zeuner
2015-01-22 13:20           ` Mike Hearn
2014-12-15 13:25       ` Isidor Zeuner
2014-12-01 10:42     ` Isidor Zeuner
2014-11-27 17:44 Mistr Bigs
2014-11-27 20:30 ` Gregory Maxwell
2014-11-28  0:45 Mistr Bigs
2014-11-28  5:30 ` Gregory Maxwell
2014-12-11 11:51 ` Isidor Zeuner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CA+s+GJBsxmQJkrUYekFuUOgmEcD7qeL2e9Rf-d2nD1G1N7c_EQ@mail.gmail.com \
    --to=laanwj@gmail.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=gmaxwell@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox