top | item 33765135

(no title)

pbear2k21 | 3 years ago

50k sockets looping requests make the p2p port entirely inaccessible at times. with more attacking machines it is reasonable to suspect that the target node(s) could be held down in perpetuity.

edit: re: child comment / syn flood; sure. bitcoind needs ip associated throttling baked in. there is no rationale behind a single machine attempting 1k handshakes a second. the attack shouldn't work at all.

discuss

r1ch|3 years ago

You may as well just SYN flood at that point. None of this is really new, you can take down a lot of TCP based servers with the right combination of packets and volume.

linuxdude314|3 years ago

It’s also reasonable to prevent this sort of abuse using a firewall or rate limiting load balancer..

pstrateman|3 years ago

Inaccessible from the machine doing the attack.

But is it preventing the node from communicating with the rest of the network?

That's a big doubt from me.

pbear2k21|3 years ago

inaccessible to external machines that are not participating in the attack. it's yet to be seen what happens to a node that's sync'd with active peers and whether a node under attack is kicked out of the network for timeouts or how bitcoind behaves in general while tcp/8333 is under fire.