From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1R4Cp8-0007JL-Ht for bitcoin-development@lists.sourceforge.net; Thu, 15 Sep 2011 14:21:54 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.216.175 as permitted sender) client-ip=209.85.216.175; envelope-from=gmaxwell@gmail.com; helo=mail-qy0-f175.google.com; Received: from mail-qy0-f175.google.com ([209.85.216.175]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1R4Cp4-00039N-GG for bitcoin-development@lists.sourceforge.net; Thu, 15 Sep 2011 14:21:54 +0000 Received: by qyk10 with SMTP id 10so5375987qyk.13 for ; Thu, 15 Sep 2011 07:21:45 -0700 (PDT) MIME-Version: 1.0 Received: by 10.224.176.72 with SMTP id bd8mr952519qab.296.1316096504811; Thu, 15 Sep 2011 07:21:44 -0700 (PDT) Received: by 10.229.49.12 with HTTP; Thu, 15 Sep 2011 07:21:44 -0700 (PDT) In-Reply-To: References: <4E71F6D6.2090208@justmoon.de> Date: Thu, 15 Sep 2011 10:21:44 -0400 Message-ID: From: Gregory Maxwell To: Gavin Andresen Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -1.4 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.2 AWL AWL: From: address is in the auto white-list X-Headers-End: 1R4Cp4-00039N-GG Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] Request review: drop misbehaving peers X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Sep 2011 14:21:54 -0000 On Thu, Sep 15, 2011 at 10:06 AM, Gavin Andresen wrote: > If I think you're trying to DoS me, why would I be nice to you? =C2=A0I > think response messages would just give an attacker another potential > attack vector, and it is clear from the debug.log what triggers a ban. Fail hard, log the reason locally. Problem becomes tractable. Also, for any problem big enough to cause a network outage the issue won't be reproducibility. I support the imposition of txn rules=E2=80=94 otherwise the dropping is nearly pointless due to the hole that any attack can just take the form of junk txn=E2=80=94 but you must be super careful that an attack can'= t be transitive: There should be nothing I can give a node that it will forward on that will make that node's peers drop it. (and this needs to remain true while forwarding rules evolve) So, I'd suggest that you'd only drop on transactions that would invalidate a block if included in it but the problem there is that double spends meet that criteria. Better would, perhaps be something like "would invalidate a block if included; except that double spends after the last checkpoint are allowed, and nodes should not forward any txn until they are current with their last checkpoint" (That bit of complexity is to reduce exposure where a new node gets hit with double spends that its yet too stupid to reject, and it forwards them onto its friendly peers who then hang up on it thus prolonging its period of ignorance=E2=80=94 in general care needs to be tak= en to avoid hanging up on nodes that are just too young to know better) > Good question. Anybody see a reason not to? =C2=A0How much tolerance (if > any) should there be for sending garbage data (I assume the > lower-level network stack almost never garbles data, is that a good > assumption)? It would be fine to hang up on any garbage data: something is obviously wrong. I'd be hesitant to ban on a single instance of it, it's rare but happens. (e.g. see http://citeseerx.ist.psu.edu/viewdoc/download?doi=3D10.1.1.14.150&rep=3Drep= 1&type=3Dps)