[Bitcoin-development] Protecting Bitcoin against network-wide DoS attack

Peter Todd pete at petertodd.org
Mon Jul 15 07:32:24 UTC 2013


On Sun, Jul 14, 2013 at 10:12:00PM +0000, John Dillon wrote:
> For a non-SPV-mode client we can easily do anti-DoS by requiring the peer to do
> "useful work". As the incoming connections slots get used up, simply kick off
> the incoming peers who have relayed the least fee-paying transactions and valid
> blocks, keeping the peers who have relayed the most. We can continue to use the
> usual, randomized, logic for outgoing peers to attempt to preserve the
> randomized structure of the bitcoin network. Without an ongoing attack nodes
> making new connections are unaffected, and during an attack new connections are
> made somewhat easier by the increased numbers of incoming slots made available
> as the attackers connections timeout.

My mempool rewrite defined a CMemPoolTx subclass for CTransaction - it
shouldn't be too hard to add the required per-node accounting once nodes
get unique identifiers. (can be assigned randomly in the beginning,
later can be used for permanent node identifiers w/ ssl and message
signing)

-- 
'peter'[:-1]@petertodd.org
00000000000000214cc4e58adcacd8923d4d37b18e4f6b73556443ae7c88f71a
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130715/6b71caf0/attachment.sig>


More information about the bitcoin-dev mailing list