1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <pete@petertodd.org>) id 1Z24g7-00089X-GC
for bitcoin-development@lists.sourceforge.net;
Mon, 08 Jun 2015 21:33:55 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of petertodd.org
designates 62.13.148.110 as permitted sender)
client-ip=62.13.148.110; envelope-from=pete@petertodd.org;
helo=outmail148110.authsmtp.com;
Received: from outmail148110.authsmtp.com ([62.13.148.110])
by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1Z24g6-00076Y-1B for bitcoin-development@lists.sourceforge.net;
Mon, 08 Jun 2015 21:33:55 +0000
Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235])
by punt16.authsmtp.com (8.14.2/8.14.2/) with ESMTP id t58LXj3Y017813;
Mon, 8 Jun 2015 22:33:45 +0100 (BST)
Received: from muck (bas3-cooksville17-1176329630.dsl.bell.ca [70.29.93.158])
(authenticated bits=128)
by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id t58LXbBZ065838
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
Mon, 8 Jun 2015 22:33:40 +0100 (BST)
Date: Mon, 8 Jun 2015 17:33:36 -0400
From: Peter Todd <pete@petertodd.org>
To: "Raystonn ." <raystonn@hotmail.com>
Message-ID: <20150608213336.GA19826@muck>
References: <5574E39C.3090904@thinlink.com>
<COL131-DS25374BEFA76744E26EB8CBCDBF0@phx.gbl>
<AD4A025F-D782-4094-9CBC-EBEF0DD04838@newcastle.ac.uk>
<COL131-DS2729F02884BC43E54C8D63CDBF0@phx.gbl>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="LZvS9be/3tNcYl/X"
Content-Disposition: inline
In-Reply-To: <COL131-DS2729F02884BC43E54C8D63CDBF0@phx.gbl>
X-Server-Quench: 0829cf47-0e26-11e5-b396-002590a15da7
X-AuthReport-Spam: If SPAM / abuse - report it at:
http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
aQdMdgoUEkAaAgsB AmMbWVZeU157XWI7 bApPbwxDa0lQXgBi
T01BRU1TWkFtCWBp VGx0Uh93fwZONn9y YUNkEHBTXk0pI0J6
X04BF2sbZGY1bX1N U0leagNUcgZDfk5E bwQuUz1vNG8XDQg5
AwQ0PjZ0MThBJSBS WgQAK04nCWAGAXY1 WwwLFjZnHEEIQTky
IR0rJhYVGkpZKkIu PF09WFscUVcJDQlD A0BKBk5VKkIKXSsh
AA8IFWIEFyVFTCsZ HgchJARBCSBTXSwQ H1NMTlkGFz9MWyoA
QTlUUys2EBA1J09i OCAYOgJTegY/WRcF CRwXR1cw
X-Authentic-SMTP: 61633532353630.1023:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 70.29.93.158/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
X-Headers-End: 1Z24g6-00076Y-1B
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>,
"Patrick Mccorry \(PGR\)" <patrick.mccorry@newcastle.ac.uk>
Subject: Re: [Bitcoin-development] New attack identified and potential
solution described: Dropped-transaction spam attack against the block size
limit
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 08 Jun 2015 21:33:55 -0000
--LZvS9be/3tNcYl/X
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Jun 08, 2015 at 02:14:01PM -0700, Raystonn . wrote:
> > there is no memory pool cap currently
>=20
> Real hardware does not have an infinite amount of RAM. Memory pool sizes=
=20
> cannot grow unbounded. Some transactions with insufficient fees do get=
=20
> dropped today after many hours.
Actually they don't, which is an unfortunate problem with the existing
mempool implementation; the only way a transaction can be removed from a
Bitcoin Core mempool is through it getting mined, double-spent, or the
node restarting.
The protection that we have against that attack is that you need access
to a lot of bitcoins to pay enough fees. With the 0.01mBTC/KB minimum
relay fee and $230 USD/BTC that works out to about $2.3kUSD/GB of ram
consumed, and furthermore, actually getting that many transactions to
propagate over the network is non-trivial. (no, I'm not going to tell
you how)
The obvious solution is to cap the size of the mempool and evict
transactions lowest fee/KB first, but if you do that they you (further)
break zeroconf security. On the other hand, if you don't break zeroconf
security an attacker can prevent reasonable fee transactions from
propagating.
I probably should get around to fixing this...
--=20
'peter'[:-1]@petertodd.org
0000000000000000127ab1d576dc851f374424f1269c4700ccaba2c42d97e778
--LZvS9be/3tNcYl/X
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
iQGrBAEBCACVBQJVdgotXhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw
MDAwMDAwMDAwMDAwMDAxMjdhYjFkNTc2ZGM4NTFmMzc0NDI0ZjEyNjljNDcwMGNj
YWJhMmM0MmQ5N2U3NzgvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0
ZUBwZXRlcnRvZC5vcmcACgkQwIXyHOf0udxJaAf8DPd+WNieLQpzKNN/W2FgWCAO
dM0oUlUZ3enB8y7w64pnz/ICrcyPlJD2lcPQWrAJ7WKbZpMvg2vCD2X/IOWl4GIy
yIZ+xdRhw393032ox0g5c0aP/g5ll/kmR6Au9H3zZWKflrUrEdjMad/GE8112pEs
J9rQeiG295VebhakgdezUavJkQRP9l0lEhKx6bbk+Br4xPoDuE3q24QT72qBR+1p
hoTrerW+k4ddbEV/qhrpmR2QlRV9J6H7nqFv5GA7m/9qD+AHX3Rr/Ie/Hy5GKAx+
eewH7YFcH6J+saFpb6cWROWY4r85ElpHNFR0WG9TGpqZggaia4bF/IRmyhQWDg==
=gb4z
-----END PGP SIGNATURE-----
--LZvS9be/3tNcYl/X--
|