Author: Mike Hearn 2013-08-16 13:46:12
Published on: 2013-08-16T13:46:12+00:00
On Fri, Aug 16, 2013, Warren Togami Jr. proposed an Anti-DoS Low Hanging Fruit: source IP or subnet connection limits to mitigate against DoS attacks. The proposal aims to disallow the same IP and/or subnet from establishing too many TCP connections with a node, thus making it more expensive for attackers to use a single host exhaust a target node's resources. Configurable per source IP and source subnet limits with sane defaults enforced by bitcoind itself would be a big improvement over the current situation where one host address can consume limited resources of many target nodes. However, this doesn't remove the risk of a network-wide connection exhaustion attack by a determined attacker, but it makes multiple types of attacks a lot more expensive. In the same thread, Mike Hearn requested the start of a new anti-DoS framework that would replace the current framework without eliminating the headroom in block sizes. Gavin Andresen responded to this request, stating his plans on working on smarter fee handling, "First double-spend" relaying and alerting and 2-3 whitepapers on why we need to increase or remove the 1MB block size limit, how we can do it safely, and go through all of the arguments that have been made against it and explain why they're wrong. Warren Togami Jr.'s proposal could be a reasonable addition to mitigate against DoS attacks; however, it may work against decentralisation and having a big network since it involves every node operator doing manual intervention. Thus, pushing for automated heuristic driven prioritisation would be ideal.
Updated on: 2023-06-07T15:59:37.633235+00:00