Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1UydGz-0003Qa-H4 for bitcoin-development@lists.sourceforge.net; Mon, 15 Jul 2013 07:32:42 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.149.55 as permitted sender) client-ip=62.13.149.55; envelope-from=pete@petertodd.org; helo=outmail149055.authsmtp.co.uk; Received: from outmail149055.authsmtp.co.uk ([62.13.149.55]) by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1UydGw-0001bv-S4 for bitcoin-development@lists.sourceforge.net; Mon, 15 Jul 2013 07:32:41 +0000 Received: from mail-c233.authsmtp.com (mail-c233.authsmtp.com [62.13.128.233]) by punt9.authsmtp.com (8.14.2/8.14.2/Kp) with ESMTP id r6F7WVVn045163; Mon, 15 Jul 2013 08:32:31 +0100 (BST) Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id r6F7WP4Q053656 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 15 Jul 2013 08:32:27 +0100 (BST) Date: Mon, 15 Jul 2013 03:32:24 -0400 From: Peter Todd To: John Dillon Message-ID: <20130715073224.GA4885@savin> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="+QahgC5+KEYLbs62" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Server-Quench: b37ed8bf-ed20-11e2-a49c-0025907707a1 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aAdMdwcUEkAYAgsB AmUbW1xeU197W2s7 bAxPbAVDY01GQQRq WVdMSlVNFUsqB2oG YX4aMxl3dANDfjB3 YkFrECJYWxEufRQr XxsAF20bZGY1an1O VEkLagNUcgZDfhhC alcuVT1vNG8XDQg5 AwQ0PjZ0MThBJSBS WgQAK04nCX4RGSIx TAwDGzpnN0wZTCIy KVQvJVcdGl0NekM/ LUQmQ1FdLB4eB28W M0Z2SCZFO1AKREIA X-Authentic-SMTP: 61633532353630.1021:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 76.10.178.109/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1UydGw-0001bv-S4 Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Protecting Bitcoin against network-wide DoS attack X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jul 2013 07:32:42 -0000 --+QahgC5+KEYLbs62 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jul 14, 2013 at 10:12:00PM +0000, John Dillon wrote: > For a non-SPV-mode client we can easily do anti-DoS by requiring the peer= to do > "useful work". As the incoming connections slots get used up, simply kick= off > the incoming peers who have relayed the least fee-paying transactions and= valid > blocks, keeping the peers who have relayed the most. We can continue to u= se the > usual, randomized, logic for outgoing peers to attempt to preserve the > randomized structure of the bitcoin network. Without an ongoing attack no= des > making new connections are unaffected, and during an attack new connectio= ns are > made somewhat easier by the increased numbers of incoming slots made avai= lable > as the attackers connections timeout. My mempool rewrite defined a CMemPoolTx subclass for CTransaction - it shouldn't be too hard to add the required per-node accounting once nodes get unique identifiers. (can be assigned randomly in the beginning, later can be used for permanent node identifiers w/ ssl and message signing) --=20 'peter'[:-1]@petertodd.org 00000000000000214cc4e58adcacd8923d4d37b18e4f6b73556443ae7c88f71a --+QahgC5+KEYLbs62 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBCAAGBQJR46WIAAoJECSBQD2l8JH7CtkIAKCHIOp3Gx1O4JUn/wI0zIWS JcEKD14dk7ZtaWsyH91Nrl3dsgqA1HYLoT7VrgY36OK+7Sse16WkP7omt+I15pb5 Rabei5qyQFjkWZ7y5rP+VEeixa/l7nKmxKHi4fNbc/ybevd7wZwdgvW62wWTpt2g zpU7q6Wfa4YLVN9UBCpxpSOoqT337Mpa0bPtlEHOtI681kdfwDFN7/zYDxRWpNTa q+uRNLnRDvOgAIQUBxueGb+tniO/sVNGgjy77uQkroQAuQRkI0NssDX05b6vlX9s Me3ojOrTNWR8XWPlojZTvjASCFtYBbHXmwPMzTqb5Tb+vTNnmHiarMmGhOHNDgg= =JEAC -----END PGP SIGNATURE----- --+QahgC5+KEYLbs62--