Bitcoin Forum

Spamming "addr" messages is not very effective because your immediate peers will not broadcast addresses that they've already seen before. They create a "wall" around the spammer. This would be a nice feature to have for transactions, as well.

Implementation seems pretty simple: "limitfreerelay" restrictions would not apply to all transactions, but only on a per-IP basis (and maybe also by larger IP blocks). The spammer would be blocked by all of its immediate peers after sending the spam, creating a "wall". These peers would be blocked by some of their peers (only those who first received the transaction from the peer), etc.

The result should be that only the spammer's "neighborhood" of nodes ends up blocking free transactions. Most of the network still accepts free transactions. This makes saturating the network's free transaction relay allowance much more difficult than the currently limitfreerelay system.

With the current limitfreerelay system, they'd be blocked anyway, just network-wide instead of locally.

This seems like a good mitigation strategy.

proxies and VPNs are really easy to get.

I'm not clear what you mean by "transaction spam."

People sending 0.01 back and forth to attack the system.

How fast are these spams? could putting a limit of one send transaction per minute help?

That's what limitfreerelay does (though this is disabled by default in the latest release). I'm proposing to apply it per IP so an attacker can't turn off free transactions over the whole network so easily.

how does it originally work?

Here is the version in the current release:


The effect of this is that the entire network starts rejecting free transactions at the same time. The latest Git version of limitfreerelay (now enabled by default) has a better method for deciding when to turn off free transactions, but the entire network still turns it off at around the same time. This is bad because a constant spam attack will make it impossible to ever send a free transaction. By blocking per IP address instead of globally, it's more difficult for an attacker to do this.

If your node has 50 connections and you send each transaction to only 1 node (with a modified software), you could send 50 x the limit and those 50 nodes will relay all transactions. To limit that, the limit must be low, but i don't like a low limit.

If you are mybitcoin or else, a low limit will be blocking, and fees will be needed if you want instant transactions... But does fees existed for this reason too (putting a limit to free transactions) ?

I see another potential problem : a relaying node will accept, for example, 500 free transactions by ip maximum. It could accept 1510 free transactions from 4 nodes (500,500,500,10) but could only transmit 500 of them to other nodes ? So, a spamming node will limit other nodes too.
[edit]Thoses 10 transactions will be sent to other nodes, and then be relayed. You would be very unlucky to send your 10 transactions to the same all nodes who recevied 1500 transactions. But, this could be a way to block a lot of nodes, by sending a amount of transaction just below the limit... => same situation a now[/edit]

I agree it's a better method than the current one though.

Limit-per-ip-range is an interesting idea.

I'd like to give the current not-yet-released solution a month or two to work before trying something else.  I see two possible directions:

+ Limit-per-{connection,ip-range}.  Trouble with this is an attacker who has multiple IPs (think botnet operator) can mount a distributed flood attack.

or/and

+ Take transaction priority into account when deciding what to drop.

I'd really like to talk to a p2p network researcher; it seems to me it might be possible to keep some statistics on what "typical" bitcoin network traffic looks like; perhaps nodes could drop neighbors if they notice network traffic from them looks way out of whack (e.g. sending a much-larger-than-typical number of addr messages or free transactions or...).

What about an infinitesimal, but non-zero transaction fee on all transactions?

Is anyone but the spammers going to notice that they just got 0.00000001 clipped off their transaction?

At some point free transactions are unsustainable because they do not reflect the true cost to the miners for maintaining network integrity. Workaround code to defend an ideal will get kludgy after a point.

The problem with that idea is if the transaction fee is that low spammers won't notice it either.  They can just invest 0.01 BTC and send millions of "non-free" transactions.

That would be 1 BTC per thousand transaction... Not much really. Any higher and the rest of the BTC community suffers, but at 1 BTC per thousand it is not very costly for those spammers.

Still, I wouldn't oppose an obligatory 0.001 fee.... Or perhaps  a 0.01 fee to every transaction under 0.10 ?

With 0.001, a spammer can send 10,000 transactions with just 10 BTC, which seems too cheap. I think 0.01 is fine for now.

In any case, keeping transactions completely free for as long as possible is desirable. A 0.0000001 fee will seem much more expensive than "free" to people considering using Bitcoin.

0.01 fee for transactions under 0.05 then lol

In which case attackers will just keep passing the same 0.06 back and forth. Since they are never losing any BTC, the attacks can be performed with any denomination. It just requires them to have a larger bankroll to begin.

yes but most of the time, spammer have low amounts of BTC. Therefore, it would limit how many simutaneous spams they can do

Yep, good point. It's a thorny one alright .... the problem there is the relative size of the fee to the size of the transacted amount, but if you have a fixed 'tiny' but non-zero percentage fee then anything that is prohibitive to spammers will also be noticed by legitimate users.

E.g: a 0.001% fee (BTC 0.01 on a BTC 100) would still get spammer a large number of transactions and any higher it'll get noticed I guess ...

A transaction fee of around a US cent ($0.01) is never going to be a problem. Just compare it with all of the alternative payment systems!

I favor a transaction fee of BTC 0.01 on every transaction. Sure, it's more expensive than "free", but human psychology is a funny thing. Something purchased can be more highly valued than something being given away for free.

A naive question: what problems does transaction spam cause? besides blocking other free transactions? Is there any other harm to the network that would be a big problem at the current time?

Because I don't consider it such a big problem. There was a lot of spamming going on a few weeks ago, which has seemed to calm down again. During that time you couldn't really send a free transaction, which was unfortunate, for sure. But if we now employ a complicated policy which basically boils down to not being able to send free transactions anymore, then we are kind of in the same situation, aren't we? Might as well keep it simple then and don't have such a policy.

I would rather be able to send out a free transaction and hope it gets through, then having to worry about some complicated fee-structure to figure out if that will get me banned or not. This is mostly speaking from the point of someone interested in running Bitcoin services.

Indeed, problem solved, but usefulness of Bitcoin greatly diminished. I know that Bitcoin is ultimately not a micro-payment solution, but while it still is, it has great potential to catch market-share in that area. I would hope we are able to keep that up as long as possible.

An additional thought: I think it's fairly hard to judge for a sender how much fee is appropriated and needed for a timely procession. Maybe there should be a standard way for the _receiver_ to pay a transaction fee as well. So as a receiver I would monitor the network for transactions to one of my addresses and when I see such a transaction T, I send out a special "bounty transaction" that basically says: "if you include transaction T in your block, you can additionally collect my bounty".

This way senders could just send out transactions without a fee, and if they risk getting lost in a sea of free transactions, the receiver could "fish them out" for a small fee.

Transaction spam is not a high-priority issue, in my humble opinion, and I don't think we need to do anything more right now.

We were running into big free-transaction backlogs because of the rise in popularity of the mining pools, but with the big pools now using the new sendmany feature to pay (with a transaction fee) their users that issue has gone away.

The improved -limitfreerelay and sendmany will both be in the next release, which should further improve the situation.  And I think in the next few months lightweight download-headers-only clients will start to appear.

I would much rather see work on optimizing the network protocol so that hashed of already-spent transactions deep in the block chain aren't sent to (or stored on) new nodes joining the network.

So why would someone send transaction spam?  What do they get out of it?

Have fun killing the bitcoin network? perhaps if the problem gets big enough, BTC value goes down? Someone who hates someone else that is in the btc community who would be affected by this?

Miners have an economic incentive to accelerate the implementation of fees ... not saying that anyone is doing that just that it is a possibility ... either way it is a mild form of attack, like an annoying rash you might get from a lap dance ...

100% agreed with Gavin. I've said this several times before but please let's kill the "spam" meme. Small transactions are not spam in any traditional usage of the word.

The only reason this problem exists is because of the artificial limits placed on the system to work around its scalability limitations. The solution is not to try and suppress usage of BitCoin, even if you suspect that usage is pointless or malicious. The solution is to make a few thousand transactions per minute not a problem for anyone to process.

Today that means finishing off the client mode work in the main client, or, having most users move to an alternative implementation that is client mode only (like BitCoinJ). It'd be better to do the first one but nobody seems to be working on it right now.

Why would 'most users' move to client mode only (like BitCoinJ)?
Most users are on PC sized devices at present I'd guess.

hahaha +1 for that.  I lurk here on the forums but that comment made me actually register an account!

Because the initial block chain download/indexing process takes ages. People don't want to wait 30 minutes+ to get started with BitCoin. That's a serious brake on adoption.

I'm not saying everyone should switch to a different implementation (no such implementation exists anyway). But rather that finishing one off is the solution to these 'spam' issues, as then the block size limit could be lifted significantly without hurting initial setup time so much people stop entering the community.

Oh ok.

But lifting the block size limit to accommodate bogus transactions seems wrong, although it may have merits for other reasons ... what if there was some kind of some proof-of-work required by the sending client? It would not need to be large but enough of a drag to discourage large numbers of sends from a node with an intent on attacking the network.

If the miners are expected to pick up the work and not get paid maybe a commitment from the clients that transactions are valid, in the way of some proof-of-work, from them is needed? Kind of like a proof-of-work handshake to the veracity of the send transaction. If it would make the network more robust also having the clients do some more work there are none actively mining anymore (are there?) so all that CPU power can add up to a lot if they do a little bit each time they send. As a bonus maybe the client work could be put towards anonymising the send in some way, coin selection?, blind-sign?, dunno still thinking about it, but some clients definitely already have an incentive to do this anyway.

There already is, to some extent, as the signing and hashing process involved in sending a transaction does put some weight on the sending cpu.  More would be a burden for collective wallet systems like mybitcoin.

So increasing the difficulty of this signing process is a possible solution to discouraging bogus transaction prevention.

Collective wallet systems shouldn't really be a consideration in this though since they are secondary user in the sense they are centralising pools of users, so they should be prepared to do the same amount of work as the equivalent number of distributed nodes. User pays.

How do you know the transactions are bogus?

Nodes are probably capable of verifying somewhere in the region of 50 to 80 transactions per second. No "spam" attack has reached anywhere near that level yet. The only reason it can cause backups and delays is the block size limitations.

I'm not talking about small transactions, but free transactions of any size. Anything that is free will be completely used. If free transactions could fill blocks to 100 GB, I have no doubt that many blocks would be 100 GB. Even when Bitcoin has a client mode, the network will only be able to handle so many transactions.

This topic is about allowing minimal use of free transactions for as long as possible by preventing individuals from sending dozens of free transactions per second at no cost. "limitfreerelay" increases the cost, but I don't think the way it does this is effective in prioritizing users who send only a few free transactions over those who send many.

Another way of improving limitfreerelay would be to randomly drop free transactions at an automatically-adjusting probability. High-priority transactions could have lower drop probability.