Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

In (strCommand == "tx"), return if AlreadyHave() #6588

Merged
merged 1 commit into from Oct 1, 2015

Conversation

@dgenr8
Copy link
Contributor

dgenr8 commented Aug 25, 2015

A live DoS attack observed by several nodes in recent days involved repeated rejection of duplicate transactions.

Add a call to AlreadyHave when an unsolicited full tx is received, as was the case in the observed attack. AlreadyHave uses the recentRejects filter.

I tested this change on mainnet while the actual attack was still underway.

The recentRejects filter is cleared when the tip is updated, so nothing stops attacker from re-transmitting a load of rejectable txes after a new block, and in fact our attacker was doing this. But the duplicates are stopped between blocks and the attack could get arbitrarily heavy if multiple attacking peers were involved.

@sipa
Copy link
Member

sipa commented Aug 25, 2015

Concept ACK

@dajohi
Copy link
Contributor

dajohi commented Aug 26, 2015

What are you thoughts on disallowing unsolicited tx's -- peers that send a tx without a getdata request. That would break bitcoinj though.

@gavinandresen
Copy link
Contributor

gavinandresen commented Aug 27, 2015

Untested ACK.

@laanwj
laanwj reviewed Sep 3, 2015
View changes
src/main.cpp Outdated
assert(recentRejects);
recentRejects->insert(tx.GetHash());
}
} else

This comment has been minimized.

Copy link
@laanwj

laanwj Sep 3, 2015

Member

Nit: can you please keep the style the same here

@laanwj
Copy link
Member

laanwj commented Sep 3, 2015

utACK, nice catch

@laanwj laanwj added the P2P label Sep 3, 2015
The main effect is to exit processing for recently-rejected hashes,
in case they are pushed to us without prior advertisement.  This
behavior was seen in the wild.

An additional effect is to do early checks for mempool or mapOrphan
existence.  No logging or nDoS tracking is needed for failures of
these checks.
@dgenr8 dgenr8 force-pushed the dgenr8:already_have branch to 9524c4d Sep 3, 2015
@dgenr8
Copy link
Contributor Author

dgenr8 commented Sep 3, 2015

@laanwj done

@btcdrak
Copy link
Contributor

btcdrak commented Sep 7, 2015

utACK

1 similar comment
@dcousens
Copy link
Contributor

dcousens commented Sep 8, 2015

utACK

@jgarzik
Copy link
Contributor

jgarzik commented Oct 1, 2015

tested ACK

@jgarzik jgarzik merged commit 9524c4d into bitcoin:master Oct 1, 2015
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
jgarzik added a commit that referenced this pull request Oct 1, 2015
@dgenr8 dgenr8 deleted the dgenr8:already_have branch Sep 19, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

8 participants
You can’t perform that action at this time.