Bitcoin is still vulnerable to DOS attacks. I'm not sure anybody knows how to prevent DOS attacks on a p2p network that allows untrusted/unverified peers to join (but I'd very much like a networking expert to tell me I'm wrong, and would like it even more if they volunteered to fix it....).
Thanks for link, I've been reading this forum for some time, I think I never came up with an idea that was not mentioned here
Asking hackers to prove that they can DOS the bitcoin network wouldn't prove anything, it would just slow down transactions for however long they decided to keep up the attack.
Wouldn't it? From the discussion in the linked thread it seems it is not all that obvious what can be done. And if it can be done, I would say we better exploit it ourselves and see how bad is it. I think we are still at the point where nobody's life depends on need to make immediate transaction. Date and time could be set up and everybody could be warned. It's like vaccination. It's good to know your weak points. If I would be creating alternative currency, that's the way to make people change their mind. If some third party would do such thing, it could produce a panic attack among bitcoiners (OK, I've been reading this forum for some time, I trust btc with my money because I trust most people here in the way that I believe in their rationality, so hopefully that would not be such a big panic attack). Even if some small percent of bitcoin users would panic thinking system is vulnerable, they may want to sell, if they sell, price drops, so I want to sell too before it drops even more. You know how it works.
Of course trying to find solution is another interesting story. But I think it helps a lot knowing how bad is it.
And to try to provide some idea instead of just bitching: I like idea of PoW on connection, but I don't think it would really work. With mining it's a different story, but for average users, they have very little computing power to provide, so in general even if this PoW would be something that does not scale on GPU, attacker usually still does not have problem to provide at least 100x average computing power.
So I would suggest rather something based on assumption of limited IP addresses attacker can have. What if nodes that I'm connected to, would share with me IP addresses of nodes connected to them? And say one more step (so also nodes connected to these shared nodes). With 10 connections on average that's 1000 IPs. So 4KB. 4KB ain't that much. We can count then to how many other clients is this IP connected already, and deny if too many. I think that makes things much harder for attacker already. And you obviously can go somewhere further with this like propagating network blacklist if some IP tries too hard (this one would need some careful planning)