I was thinking about what could be done to proactively protect from future DoS attacks.
It's not only my opinion that this may be a weak point in the source code.
From
https://en.bitcoin.it/wiki/Weaknesses:
Bitcoin has some denial-of-service prevention built-in (..), but is likely still vulnerable to more sophisticated denial-of-service attacks.
Why not isolate clients from another. Suppose we add a "sliding window" of resources (CPU/RAM) for each node.
So, for example, when I client sends a transaction Tx1, it receives the message:
("avail-resouces" ,100 Kb, 75 sig)
Which means that he can send an additional 100 Kb of data containing no more than 75 signature verifications.
Every 1 minute (if no avail-resources message was previously sent in the last minute), a node broadcasts new avail-resources messages to every peer, with an update of the available resources for each one of them.
If a peer tries to overpass the resource limit, it is banned.
Also, counters should be maintained for every peer (for example dFreeCount should be local and not global)
As an additional benefit client isolation allows the user to specify how much CPU/RAM he is willing to give to the Bitcoin application.
eDonkey2000 and other similar P2P nets have a bandwidth control to limit use. Why not Bitcoin?
Best regards,
Sergio.
