public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Gavin Andresen <gavinandresen@gmail.com>
To: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] Request review: drop misbehaving peers
Date: Thu, 15 Sep 2011 12:19:45 -0400	[thread overview]
Message-ID: <CABsx9T2kQTAA77Q=qYc2iKNftQSd8ficfhcXL2W6kX0JUhe3Dw@mail.gmail.com> (raw)
In-Reply-To: <201109151136.47485.luke@dashjr.org>

I hate to get specific about potential attacks on a public mailing
list, but I think the debate over what to do with non-standard
transactions means we need to.

I agree with Gregory; if there are NO rules about what transactions
peers can send at you, then an attacker can trivially get around other
the DoS rules.

I also agree we need to think hard about what will happen when new
'standard' transaction types are deployed.

There are two significant DoS attacks I can imagine using transactions
that will never be included in blocks.  The "will never be included in
blocks" bit is important, because if an attacker can make you do
significant work at no cost to themselves then they win. And if the
transactions will never be included in blocks the attacker can include
lots of transaction fees that will never be spent.

1) Exhaust memory by filling up the transaction memory pool. I think
another patch needs to be written to deal with that (keep the size of
the transaction pool reasonable by evicting low-priority
transactions).

2) Waste CPU time validating transactions   They can make you use an
arbitrary amount of CPU time just by flooding you with a stream of
valid-but-won't-ever-get-into-a-block transactions.

The code already refuses to relay non-standard transactions, and
doesn't check their signatures or add them to the memory pool, so I
think no DoS check is needed for them (and would be harmful when we do
start supporting new standard transactions).

It also drops transactions with "too few fees" before checking
signatures or doing other CPU-intensive work, so no I think no DoS
check is needed there, either (and again, would be harmful when
transaction fee rules change).

I'm ignoring bandwidth DoS attacks-- we already have the
-maxreceivebuffer option to deal with those.


PS: I'll add Gregory's comment:

"There should be nothing I can give a node that it will
forward on that will make that node's peers drop it. (and this needs
to remain true while forwarding rules evolve)"

... as a comment in the code so hopefully we don't forget it.

-- 
--
Gavin Andresen



  parent reply	other threads:[~2011-09-15 16:19 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-09-15  1:57 [Bitcoin-development] Request review: drop misbehaving peers Gavin Andresen
2011-09-15  2:06 ` Luke-Jr
2011-09-15 10:43   ` Christian Decker
2011-09-15 12:56   ` kjj
2011-09-15 15:36     ` Luke-Jr
2011-09-15 16:04       ` kjj
2011-09-15 16:41         ` solar
2011-09-15 17:29         ` Luke-Jr
2011-09-15 16:19       ` Gavin Andresen [this message]
2011-09-15 17:41         ` Douglas Huff
     [not found]           ` <CABsx9T3HCVAn5ECuPWfAyZ4zt3WCbyKPF-7DV1HY2j2TKjavrg@mail.gmail.com>
2011-09-15 18:36             ` Douglas Huff
2011-09-15 19:07               ` Gavin Andresen
2011-09-15 11:45 ` Mike Hearn
2011-09-15 12:25   ` Gavin Andresen
2011-09-15 13:00     ` Stefan Thomas
2011-09-15 14:06       ` Gavin Andresen
2011-09-15 14:21         ` Gregory Maxwell
2011-09-15 16:21         ` Mike Hearn
2011-09-16 12:57         ` Joel Joonatan Kaartinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CABsx9T2kQTAA77Q=qYc2iKNftQSd8ficfhcXL2W6kX0JUhe3Dw@mail.gmail.com' \
    --to=gavinandresen@gmail.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox