summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Todd <pete@petertodd.org>2013-04-18 05:28:24 -0400
committerbitcoindev <bitcoindev@gnusha.org>2013-04-18 09:28:39 +0000
commit4863c6f39b1e62d6637136bbb638da969b90fa6c (patch)
tree12ca77411ad35a8465ab3da7ebb6b8d88f965fdf
parent8bec78cb502ee66061c2483882ce2a37a746f695 (diff)
downloadpi-bitcoindev-4863c6f39b1e62d6637136bbb638da969b90fa6c.tar.gz
pi-bitcoindev-4863c6f39b1e62d6637136bbb638da969b90fa6c.zip
Re: [Bitcoin-development] Anti DoS for tx replacement
-rw-r--r--d2/591012a70ca8cf22761454a547b59ccbf1b1c1127
1 files changed, 127 insertions, 0 deletions
diff --git a/d2/591012a70ca8cf22761454a547b59ccbf1b1c1 b/d2/591012a70ca8cf22761454a547b59ccbf1b1c1
new file mode 100644
index 000000000..320fa8072
--- /dev/null
+++ b/d2/591012a70ca8cf22761454a547b59ccbf1b1c1
@@ -0,0 +1,127 @@
+Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
+ helo=mx.sourceforge.net)
+ by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
+ (envelope-from <pete@petertodd.org>) id 1USl8x-0002F4-64
+ for bitcoin-development@lists.sourceforge.net;
+ Thu, 18 Apr 2013 09:28:39 +0000
+Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of petertodd.org
+ designates 62.13.149.43 as permitted sender)
+ client-ip=62.13.149.43; envelope-from=pete@petertodd.org;
+ helo=outmail149043.authsmtp.co.uk;
+Received: from outmail149043.authsmtp.co.uk ([62.13.149.43])
+ by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
+ id 1USl8v-0002v7-IT for bitcoin-development@lists.sourceforge.net;
+ Thu, 18 Apr 2013 09:28:39 +0000
+Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235])
+ by punt9.authsmtp.com (8.14.2/8.14.2/Kp) with ESMTP id
+ r3I9SVkJ092395; Thu, 18 Apr 2013 10:28:31 +0100 (BST)
+Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109])
+ (authenticated bits=128)
+ by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id r3I9SOVf054743
+ (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
+ Thu, 18 Apr 2013 10:28:27 +0100 (BST)
+Date: Thu, 18 Apr 2013 05:28:24 -0400
+From: Peter Todd <pete@petertodd.org>
+To: Mike Hearn <mike@plan99.net>
+Message-ID: <20130418092824.GA10184@savin>
+References: <CANEZrP1yKeQMayFHsEUWtA3=q+v5rPAutjzEFVVHopPGNZ4jGQ@mail.gmail.com>
+ <453bfc69-b2ab-4992-9807-55270fbda0db@email.android.com>
+ <CANEZrP0z6W0ZDsytQ7Rcqb5L6rswn1wv8cbR7c383Dmpzu+gyg@mail.gmail.com>
+ <CAPaL=UVJd3mdd0bs6Oo9vFHnv_6RbFowjmp0tD-ZbOzZxJEJ3g@mail.gmail.com>
+ <CANEZrP3ocAJNoQ3xJqRTL8Gz3_T8xsCPPAvSfEOYpPo76wgbig@mail.gmail.com>
+ <20130418090444.GA30995@savin>
+MIME-Version: 1.0
+Content-Type: multipart/signed; micalg=pgp-sha1;
+ protocol="application/pgp-signature"; boundary="Qxx1br4bt0+wmkIi"
+Content-Disposition: inline
+In-Reply-To: <20130418090444.GA30995@savin>
+User-Agent: Mutt/1.5.21 (2010-09-15)
+X-Server-Quench: 537bb9ad-a80a-11e2-b5c5-002590a15da7
+X-AuthReport-Spam: If SPAM / abuse - report it at:
+ http://www.authsmtp.com/abuse
+X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
+ aAdMdwoUGUUGAgsB AmUbWlReUlV7W2Q7 bAxPbAVDY01GQQRq
+ WVdMSlVNFUsqAmUI ZWF4BBl3cwJCezB4 bERqEHVYWxYofBcp
+ Xx9cFTwbZGY1an1N VRNdagNUcgZDfk5E bwQuUz1vNG8XDQg5
+ AwQ0PjZ0MThBJSBS WgQAK04nCW8NAj90 axc5VTsoBwUZV20p
+ IgQiI1URGUsXLi0A
+X-Authentic-SMTP: 61633532353630.1023:706
+X-AuthFastPath: 0 (Was 255)
+X-AuthSMTP-Origin: 76.10.178.109/587
+X-AuthVirus-Status: No virus detected - but ensure you scan with your own
+ anti-virus system.
+X-Spam-Score: -1.5 (-)
+X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
+ See http://spamassassin.org/tag/ for more details.
+ -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
+ sender-domain
+ -0.0 SPF_PASS SPF: sender matches SPF record
+X-Headers-End: 1USl8v-0002v7-IT
+Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
+Subject: Re: [Bitcoin-development] Anti DoS for tx replacement
+X-BeenThere: bitcoin-development@lists.sourceforge.net
+X-Mailman-Version: 2.1.9
+Precedence: list
+List-Id: <bitcoin-development.lists.sourceforge.net>
+List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
+ <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
+List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
+List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
+List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
+List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
+ <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
+X-List-Received-Date: Thu, 18 Apr 2013 09:28:39 -0000
+
+
+--Qxx1br4bt0+wmkIi
+Content-Type: text/plain; charset=us-ascii
+Content-Disposition: inline
+Content-Transfer-Encoding: quoted-printable
+
+On Thu, Apr 18, 2013 at 05:04:44AM -0400, Peter Todd wrote:
+> An attack still shuts down useful tx replacement though. For instance in
+> the adjusting payments example an attacker sets up a legit adjusting
+> payment channel, does a bunch of adjustments, and then launches their
+> attack. They broadcast enough adjustments that their adjustment session
+> looks like part of an attack, and then don't have to pay for the full
+> adjusted amount.
+
+=2E..and actually, that's not a problem if the defender is online, because
+they can just broadcast the highest sequence numbered tx, which blocks
+further broadcasts by the attacker. You still need some way of
+distinguishing the two acts, by time is probably fine, but it'd make a
+real attack difficult.
+
+Of course, regardless you are still asking nodes to set aside however
+many KB/second to tx replacement transactions, and they're all going to
+use different settings, which makes overall network convergence
+impossible to guarantee as legit replacement transactions outnumber
+non-legit ones. Any protocol requiring the broadcast of more than one or
+two replacements, either normally or against an attacker, just isn't
+going to be reliable. But many don't, so they're probably doable.
+
+
+But lets see some working code first...
+
+--=20
+'peter'[:-1]@petertodd.org
+
+--Qxx1br4bt0+wmkIi
+Content-Type: application/pgp-signature; name="signature.asc"
+Content-Description: Digital signature
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iQEcBAEBAgAGBQJRb7y3AAoJEH+rEUJn5PoEA7IH/AyhRVWdgLfet5//Wl3An3P1
+qjtRZvAMFCQHB7Nx73TXHuZbMTXuQV4F2LsZB790sI0FE6vLFVKHhjov0g06a00X
+YW9WNDkIXMOX3vVLRuhBMAaltrSZKE57q8z3ctkfMu0+21d2G4T9jpaoDKBrcm7u
+o9h4HUni3WVB5mj9K9HgMZZQxFjAm4ozkGe3WrVY4+Z2iWGsfnaAIDtQ/IKnyUnQ
+qTHgg7+OUjpZW0DgNrs9MHttFqipgeOrl66ogWC9SxLJ3oWlxnnYHq4JlCT9+r2C
+J6mk3qrjQWCRdBDLzo6gP5+65ueivDPols6VXf7UNoRR2eNYd+RsGaXqgSfnC9M=
+=Tsha
+-----END PGP SIGNATURE-----
+
+--Qxx1br4bt0+wmkIi--
+
+