Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

In (strCommand == "tx"), return if AlreadyHave() #6588

Merged
merged 1 commit into from
Oct 1, 2015

Conversation

dgenr8
Copy link
Contributor

@dgenr8 dgenr8 commented Aug 25, 2015

A live DoS attack observed by several nodes in recent days involved repeated rejection of duplicate transactions.

Add a call to AlreadyHave when an unsolicited full tx is received, as was the case in the observed attack. AlreadyHave uses the recentRejects filter.

I tested this change on mainnet while the actual attack was still underway.

The recentRejects filter is cleared when the tip is updated, so nothing stops attacker from re-transmitting a load of rejectable txes after a new block, and in fact our attacker was doing this. But the duplicates are stopped between blocks and the attack could get arbitrarily heavy if multiple attacking peers were involved.

@sipa
Copy link
Member

sipa commented Aug 25, 2015

Concept ACK

@dajohi
Copy link
Contributor

dajohi commented Aug 26, 2015

What are you thoughts on disallowing unsolicited tx's -- peers that send a tx without a getdata request. That would break bitcoinj though.

@gavinandresen
Copy link
Contributor

Untested ACK.

assert(recentRejects);
recentRejects->insert(tx.GetHash());
}
} else
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: can you please keep the style the same here

@laanwj
Copy link
Member

laanwj commented Sep 3, 2015

utACK, nice catch

@laanwj laanwj added the P2P label Sep 3, 2015
The main effect is to exit processing for recently-rejected hashes,
in case they are pushed to us without prior advertisement.  This
behavior was seen in the wild.

An additional effect is to do early checks for mempool or mapOrphan
existence.  No logging or nDoS tracking is needed for failures of
these checks.
@dgenr8
Copy link
Contributor Author

dgenr8 commented Sep 3, 2015

@laanwj done

@btcdrak
Copy link
Contributor

btcdrak commented Sep 7, 2015

utACK

1 similar comment
@dcousens
Copy link
Contributor

dcousens commented Sep 8, 2015

utACK

@jgarzik
Copy link
Contributor

jgarzik commented Oct 1, 2015

tested ACK

@jgarzik jgarzik merged commit 9524c4d into bitcoin:master Oct 1, 2015
jgarzik added a commit that referenced this pull request Oct 1, 2015
@dgenr8 dgenr8 deleted the already_have branch September 19, 2018 14:27
@bitcoin bitcoin locked as resolved and limited conversation to collaborators Sep 8, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants