diff options
author | Peter Todd <pete@petertodd.org> | 2013-04-18 05:28:24 -0400 |
---|---|---|
committer | bitcoindev <bitcoindev@gnusha.org> | 2013-04-18 09:28:39 +0000 |
commit | 4863c6f39b1e62d6637136bbb638da969b90fa6c (patch) | |
tree | 12ca77411ad35a8465ab3da7ebb6b8d88f965fdf | |
parent | 8bec78cb502ee66061c2483882ce2a37a746f695 (diff) | |
download | pi-bitcoindev-4863c6f39b1e62d6637136bbb638da969b90fa6c.tar.gz pi-bitcoindev-4863c6f39b1e62d6637136bbb638da969b90fa6c.zip |
Re: [Bitcoin-development] Anti DoS for tx replacement
-rw-r--r-- | d2/591012a70ca8cf22761454a547b59ccbf1b1c1 | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/d2/591012a70ca8cf22761454a547b59ccbf1b1c1 b/d2/591012a70ca8cf22761454a547b59ccbf1b1c1 new file mode 100644 index 000000000..320fa8072 --- /dev/null +++ b/d2/591012a70ca8cf22761454a547b59ccbf1b1c1 @@ -0,0 +1,127 @@ +Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] + helo=mx.sourceforge.net) + by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) + (envelope-from <pete@petertodd.org>) id 1USl8x-0002F4-64 + for bitcoin-development@lists.sourceforge.net; + Thu, 18 Apr 2013 09:28:39 +0000 +Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of petertodd.org + designates 62.13.149.43 as permitted sender) + client-ip=62.13.149.43; envelope-from=pete@petertodd.org; + helo=outmail149043.authsmtp.co.uk; +Received: from outmail149043.authsmtp.co.uk ([62.13.149.43]) + by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76) + id 1USl8v-0002v7-IT for bitcoin-development@lists.sourceforge.net; + Thu, 18 Apr 2013 09:28:39 +0000 +Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235]) + by punt9.authsmtp.com (8.14.2/8.14.2/Kp) with ESMTP id + r3I9SVkJ092395; Thu, 18 Apr 2013 10:28:31 +0100 (BST) +Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109]) + (authenticated bits=128) + by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id r3I9SOVf054743 + (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); + Thu, 18 Apr 2013 10:28:27 +0100 (BST) +Date: Thu, 18 Apr 2013 05:28:24 -0400 +From: Peter Todd <pete@petertodd.org> +To: Mike Hearn <mike@plan99.net> +Message-ID: <20130418092824.GA10184@savin> +References: <CANEZrP1yKeQMayFHsEUWtA3=q+v5rPAutjzEFVVHopPGNZ4jGQ@mail.gmail.com> + <453bfc69-b2ab-4992-9807-55270fbda0db@email.android.com> + <CANEZrP0z6W0ZDsytQ7Rcqb5L6rswn1wv8cbR7c383Dmpzu+gyg@mail.gmail.com> + <CAPaL=UVJd3mdd0bs6Oo9vFHnv_6RbFowjmp0tD-ZbOzZxJEJ3g@mail.gmail.com> + <CANEZrP3ocAJNoQ3xJqRTL8Gz3_T8xsCPPAvSfEOYpPo76wgbig@mail.gmail.com> + <20130418090444.GA30995@savin> +MIME-Version: 1.0 +Content-Type: multipart/signed; micalg=pgp-sha1; + protocol="application/pgp-signature"; boundary="Qxx1br4bt0+wmkIi" +Content-Disposition: inline +In-Reply-To: <20130418090444.GA30995@savin> +User-Agent: Mutt/1.5.21 (2010-09-15) +X-Server-Quench: 537bb9ad-a80a-11e2-b5c5-002590a15da7 +X-AuthReport-Spam: If SPAM / abuse - report it at: + http://www.authsmtp.com/abuse +X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR + aAdMdwoUGUUGAgsB AmUbWlReUlV7W2Q7 bAxPbAVDY01GQQRq + WVdMSlVNFUsqAmUI ZWF4BBl3cwJCezB4 bERqEHVYWxYofBcp + Xx9cFTwbZGY1an1N VRNdagNUcgZDfk5E bwQuUz1vNG8XDQg5 + AwQ0PjZ0MThBJSBS WgQAK04nCW8NAj90 axc5VTsoBwUZV20p + IgQiI1URGUsXLi0A +X-Authentic-SMTP: 61633532353630.1023:706 +X-AuthFastPath: 0 (Was 255) +X-AuthSMTP-Origin: 76.10.178.109/587 +X-AuthVirus-Status: No virus detected - but ensure you scan with your own + anti-virus system. +X-Spam-Score: -1.5 (-) +X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. + See http://spamassassin.org/tag/ for more details. + -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for + sender-domain + -0.0 SPF_PASS SPF: sender matches SPF record +X-Headers-End: 1USl8v-0002v7-IT +Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net> +Subject: Re: [Bitcoin-development] Anti DoS for tx replacement +X-BeenThere: bitcoin-development@lists.sourceforge.net +X-Mailman-Version: 2.1.9 +Precedence: list +List-Id: <bitcoin-development.lists.sourceforge.net> +List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> +List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> +List-Post: <mailto:bitcoin-development@lists.sourceforge.net> +List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> +List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> +X-List-Received-Date: Thu, 18 Apr 2013 09:28:39 -0000 + + +--Qxx1br4bt0+wmkIi +Content-Type: text/plain; charset=us-ascii +Content-Disposition: inline +Content-Transfer-Encoding: quoted-printable + +On Thu, Apr 18, 2013 at 05:04:44AM -0400, Peter Todd wrote: +> An attack still shuts down useful tx replacement though. For instance in +> the adjusting payments example an attacker sets up a legit adjusting +> payment channel, does a bunch of adjustments, and then launches their +> attack. They broadcast enough adjustments that their adjustment session +> looks like part of an attack, and then don't have to pay for the full +> adjusted amount. + +=2E..and actually, that's not a problem if the defender is online, because +they can just broadcast the highest sequence numbered tx, which blocks +further broadcasts by the attacker. You still need some way of +distinguishing the two acts, by time is probably fine, but it'd make a +real attack difficult. + +Of course, regardless you are still asking nodes to set aside however +many KB/second to tx replacement transactions, and they're all going to +use different settings, which makes overall network convergence +impossible to guarantee as legit replacement transactions outnumber +non-legit ones. Any protocol requiring the broadcast of more than one or +two replacements, either normally or against an attacker, just isn't +going to be reliable. But many don't, so they're probably doable. + + +But lets see some working code first... + +--=20 +'peter'[:-1]@petertodd.org + +--Qxx1br4bt0+wmkIi +Content-Type: application/pgp-signature; name="signature.asc" +Content-Description: Digital signature + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iQEcBAEBAgAGBQJRb7y3AAoJEH+rEUJn5PoEA7IH/AyhRVWdgLfet5//Wl3An3P1 +qjtRZvAMFCQHB7Nx73TXHuZbMTXuQV4F2LsZB790sI0FE6vLFVKHhjov0g06a00X +YW9WNDkIXMOX3vVLRuhBMAaltrSZKE57q8z3ctkfMu0+21d2G4T9jpaoDKBrcm7u +o9h4HUni3WVB5mj9K9HgMZZQxFjAm4ozkGe3WrVY4+Z2iWGsfnaAIDtQ/IKnyUnQ +qTHgg7+OUjpZW0DgNrs9MHttFqipgeOrl66ogWC9SxLJ3oWlxnnYHq4JlCT9+r2C +J6mk3qrjQWCRdBDLzo6gP5+65ueivDPols6VXf7UNoRR2eNYd+RsGaXqgSfnC9M= +=Tsha +-----END PGP SIGNATURE----- + +--Qxx1br4bt0+wmkIi-- + + |