Using Lightning Network microtransactions to help website/network security?

[Elwar]

Regularly when I log into my linux server as root I'll see how many login attempts occurred since my last login. In a day it is usually around 50-100k attempts. Of course they'll never get in because I don't allow root access from outside. But what if there were a way to start implementing LN microtransactions at the firewall level, or at least any login attempt? Sending some fairly insignificant amount of bitcoins every time you log in with a simple browser or client interface that you might not even need to click when you try to get to the site. Set it up the first time you visit and you're all set. Anyone requesting access has to pay (something like 1 bit) regardless of where they're logging in from. Something where over the lifetime of your access you may end up paying 10 cents.

But for hackers or DDoSers, they have to pay thousands and thousands of bits to just attempt to hack the site. Over time that would add up for the hacker and make it costly to be a hacker.

[1714055153]

1714055153

[1714055153]

1714055153

[1714055153]

1714055153

[1714055153]

1714055153

[1714055153]

1714055153

[r1s2g3]

Regularly when I log into my linux server as root I'll see how many login attempts occurred since my last login. In a day it is usually around 50-100k attempts. Of course they'll never get in because I don't allow root access from outside. But what if there were a way to start implementing LN microtransactions at the firewall level, or at least any login attempt? Sending some fairly insignificant amount of bitcoins every time you log in with a simple browser or client interface that you might not even need to click when you try to get to the site. Set it up the first time you visit and you're all set. Anyone requesting access has to pay (something like 1 bit) regardless of where they're logging in from. Something where over the lifetime of your access you may end up paying 10 cents.

But for hackers or DDoSers, they have to pay thousands and thousands of bits to just attempt to hack the site. Over time that would add up for the hacker and make it costly to be a hacker.

50-100K amount of attempts? What server you are running I never thought of that on average so many hack attempts are made for a single server.
But I like your idea very much , more  they made the attempt to hack , more money you will get. Instead of doing micro transaction , I will suggest to take something like 10K satoshis. Either hacker will spare your server or you will start grossing 5BTC daily . 

[Elwar]

I've been thinking more about this on the firewall aspect of things. At first I thought it might be just something someone else might want to take and give a try but I was thinking about how this might be fairly simple to implement on a linux box with iptables or something along those lines.

What I am running into is the process of whitelisting.

If you set your iptables to reject all IP addresses, then have a list of allowed IP addresses based upon 1 satoshi micropayments.

My hang up is matching up a micropayment with incoming IP address.

With Lightning Network you don't know the source of the funds, just the next hop in the network. So you would have to generate a separate address (or however LN makes unique transactions)  for the IP to pay.

Is there a way to have a custom "IP blocked" message such that someone connecting will see something like a Lightning address to send their funds to for access to the server? Assuming this would be a simple plugin to whatever client is accessing the server. Perhaps a popup or dialog saying "webpage.com is requesting 1 satoshi for 1 hour of access, do you accept?" with the acceptance sending the 1 satoshi.

I was thinking you could create a table on something like Namecoin and update it (so there is no central server that can be attacked) but that would take time and cost money on the NMC network to update tables.

I was also thinking that if you have a single address for your website that never changes, people could send the amount of satoshis equivalent to the last 3 numbers in their IP address...but that would be expensive and high volume servers would likely have repetition. You could send the amount equivalent to the full IP address but then it's super expensive. Could someone send out less than 1 satoshi on LN? What happens with more decimal spaces? Does it get rounded up/down?

I'm not saying that this would make a server secure...you would still need to secure it. It would just deter distributed attacks. An attack from a single IP could still happen but in that way your server can detect the attack from a single IP address and block it.

[buwaytress]

One of the very earliest things I recall about LN functionality is the ability to send sub-satoshi payments, so it would seem your idea of matching last three digits could work. But I'm not sure it's exactly the same as the "probabilistic payments" referred to on the bitcoin wiki for LN. Probably not:

Sub-satoshi payments: payments can be made conditional upon the outcome of a random event, allowing probabilistic payments.[3] For example, Alice can pay Bob 0.1 satoshi by creating a 1-satoshi payment with 10-to-1 odds so that 90% of the time she does this she pays him 0 satoshis and 10% of the time she pays him 1 satoshi for an average payment of 0.1 satoshis.

It seems to imply that the sub-satoshi payment isn't actually possible, just that it's reflected in the nett average effect - and only for someone logging in often enough.

[nc50lc]

That would unnecessarily require every visitors of the site to open a channel just to visit the page.
The similar PPA (Pay Per Article) might work using LN, but it still not a convenient option for visitors even the traditional fiat method, look at its popularity.

Even if it's as cheap as 1 satoshi, the mainstream will think twice before considering the hassle.
I've realized that this is for (online/remote accessible) server security, leave the mainstream out of it.It will require an always online Lightning Hub in order to accept access attempts 24/7.
For a single person or a team, that's going to be crucial.
but for a large-companies like a Hosting Service Provider who's willing to add a new type of security, it's quite possible.

[buwaytress]

That would unnecessarily require every visitors of the site to open a channel just to visit the page.
The similar PPA (Pay Per Article) might work using LN, but it still not a convenient option for visitors even the traditional fiat method, look at its popularity.

Even if it's as cheap as 1 satoshi, the mainstream will think twice before considering the hassle.

I suppose it would depend on just what kind of visitor we're talking about, and just what kind of service they're trying to access on the site. I've seen some sites implement what it would call a PPA tool as well now, requiring visitors not only to complete a captcha but to complete a set minimum of hashes on their CPU power - takes about a half a minute to complete. A hassle most people wouldn't put themselves through, as you say, but it's a service I somewhat require almost daily and have so far been willing to complete. I imagine the method has worked quite well for the site, I don't see why LN micropayments wouldn't too.

Come to think of it, there's so much hassle I put up with when signing in almost daily to several services I use. If there were a way to automate all this, reducing time spent, I wouldn't mind making the regular (small) payments.