📅 Original date posted:2011-08-05
🗒️ Summary of this message: Bitcoin network faces security testing with possible DDoS attacks and issues with recipient re-broadcasting transactions. UDP packets with spoofed sender addresses are suggested.
📝 Original message:On Fri, Aug 5, 2011 at 1:37 AM, John Smith <witchspace81 at gmail.com> wrote:
> Well it's good that the bitcoin network is seeing some security testing.
Yep.
> 1) A DDoS possibility (if this is really the cause of the network
> connectivity problems)
Unfortunately the nodes accepting incoming connections are small
enough in number (7000?) that you can shut down a lot by attacking
those nodes.
This was part of the motivation of turning on upnp by default in the
GUI version, but maybe we need to go further than that...
> 3) The recipient re-broadcasts transactions (is Theymos right here?),
> allowing both the sender and recipient to be found
Yes, that is correct. Bitcoin resends wallet transactions with zero
confirmations, and both sent and received transactions fall within the
"wallet tx" superset.
TBH I had forgotten about the resend on the receiver side, though.
It, of course, makes plenty of sense in the context of importing
transactions from foreign sources, e.g. receiving transactions via a
USB flash drive.
> Drawok's suggestion about using UDP packets with spoofed sender addresses is
> interesting, as UDP has another advantage; you can open up an "inbound" UDP
> port on almost any NAT router without any UPNP magic: just send out an UDP
> packet, the router will wait a certain time for answers (on a mapped port
> number) and relay these back.
>
> It also has some potential issues; the client needs special privileges to
> spoof sender addresses, and some ISPs might filter out packets with
> non-matching sender addriess (unsure how common this is).
Well, it -is- possible to implement TCP over UDP <grin> The TCP
connection sequence over UDP helps to work against spoofing, while UDP
helps to open an inbound UDP port as you describe.
Not that I'm endorsing a bitcoin-internal TCP stack... just sayin' :)
--
Jeff Garzik
exMULTI, Inc.
jgarzik at exmulti.com
Jeff Garzik [ARCHIVE] /
npub1kf…f3f58
2023-06-07 02:11:34
in reply to nevent1q…5gn5
Author Public Key
npub1kf0ppcjaguxekg24yx6smgxlu73qn0k8lm0t2wrqc0scpl7u3sgsmf3f58Published at
2023-06-07 02:11:34Event JSON
{
"id": "802d05bcb0262bf38164099f640bd067b6bfdcac936a2da1a025ee820b760d2e",
"pubkey": "b25e10e25d470d9b215521b50da0dfe7a209bec7fedeb53860c3e180ffdc8c11",
"created_at": 1686103894,
"kind": 1,
"tags": [
[
"e",
"3fd0921829ed37c0f8350ddeea75079340fd443c86a6a3228d2e1e0ae90eb86b",
"",
"root"
],
[
"e",
"6123c76887a1880dbd196553300936d1af070dbcc226d3dc817df2388990377a",
"",
"reply"
],
[
"p",
"cd7fc091d5673974c36bf2b5c6e8b4a5079d6821b95f6719fd48571aeb25b785"
]
],
"content": "📅 Original date posted:2011-08-05\n🗒️ Summary of this message: Bitcoin network faces security testing with possible DDoS attacks and issues with recipient re-broadcasting transactions. UDP packets with spoofed sender addresses are suggested.\n📝 Original message:On Fri, Aug 5, 2011 at 1:37 AM, John Smith \u003cwitchspace81 at gmail.com\u003e wrote:\n\u003e Well it's good that the bitcoin network is seeing some security testing.\n\nYep.\n\n\u003e 1) A DDoS possibility (if this is really the cause of the network\n\u003e connectivity problems)\n\nUnfortunately the nodes accepting incoming connections are small\nenough in number (7000?) that you can shut down a lot by attacking\nthose nodes.\n\nThis was part of the motivation of turning on upnp by default in the\nGUI version, but maybe we need to go further than that...\n\n\u003e 3) The recipient re-broadcasts transactions (is Theymos right here?),\n\u003e allowing both the sender and recipient to be found\n\nYes, that is correct. Bitcoin resends wallet transactions with zero\nconfirmations, and both sent and received transactions fall within the\n\"wallet tx\" superset.\n\nTBH I had forgotten about the resend on the receiver side, though.\nIt, of course, makes plenty of sense in the context of importing\ntransactions from foreign sources, e.g. receiving transactions via a\nUSB flash drive.\n\n\u003e Drawok's suggestion about using UDP packets with spoofed sender addresses is\n\u003e interesting, as UDP has another advantage; you can open up an \"inbound\" UDP\n\u003e port on almost any NAT router without any UPNP magic: just send out an UDP\n\u003e packet, the router will wait a certain time for answers (on a mapped port\n\u003e number) and relay these back.\n\u003e\n\u003e It also has some potential issues; the client needs special privileges to\n\u003e spoof sender addresses, and some ISPs might filter out packets with\n\u003e non-matching sender addriess (unsure how common this is).\n\nWell, it -is- possible to implement TCP over UDP \u003cgrin\u003e The TCP\nconnection sequence over UDP helps to work against spoofing, while UDP\nhelps to open an inbound UDP port as you describe.\n\nNot that I'm endorsing a bitcoin-internal TCP stack... just sayin' :)\n\n-- \nJeff Garzik\nexMULTI, Inc.\njgarzik at exmulti.com",
"sig": "c9ebea98b27b34c723f398757d5f78afcc46e8077efbd038d8696abfac588ac13ed90e3b058a923fd10f2f85f00f43243c115fcf34f8c348e2dd6e76991dedce"
}