Bitcoin Forum
December 06, 2016, 12:22:03 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Idea to help prevent transaction spam  (Read 4313 times)
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2492


View Profile
April 08, 2011, 12:27:25 AM
 #1

Spamming "addr" messages is not very effective because your immediate peers will not broadcast addresses that they've already seen before. They create a "wall" around the spammer. This would be a nice feature to have for transactions, as well.

Implementation seems pretty simple: "limitfreerelay" restrictions would not apply to all transactions, but only on a per-IP basis (and maybe also by larger IP blocks). The spammer would be blocked by all of its immediate peers after sending the spam, creating a "wall". These peers would be blocked by some of their peers (only those who first received the transaction from the peer), etc.

The result should be that only the spammer's "neighborhood" of nodes ends up blocking free transactions. Most of the network still accepts free transactions. This makes saturating the network's free transaction relay allowance much more difficult than the currently limitfreerelay system.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481026923
Hero Member
*
Offline Offline

Posts: 1481026923

View Profile Personal Message (Offline)

Ignore
1481026923
Reply with quote  #2

1481026923
Report to moderator
1481026923
Hero Member
*
Offline Offline

Posts: 1481026923

View Profile Personal Message (Offline)

Ignore
1481026923
Reply with quote  #2

1481026923
Report to moderator
1481026923
Hero Member
*
Offline Offline

Posts: 1481026923

View Profile Personal Message (Offline)

Ignore
1481026923
Reply with quote  #2

1481026923
Report to moderator
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2492


View Profile
April 08, 2011, 12:36:48 AM
 #2

Wouldn't that make free services like mybitcoin blocked by their neighbors unless they paid transaction fees?

With the current limitfreerelay system, they'd be blocked anyway, just network-wide instead of locally.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
eMansipater
Sr. Member
****
Offline Offline

Activity: 294



View Profile WWW
April 08, 2011, 01:50:17 AM
 #3

This seems like a good mitigation strategy.

If you found my post helpful, feel free to send a small tip to 1QGukeKbBQbXHtV6LgkQa977LJ3YHXXW8B
Visit the BitCoin Q&A Site to ask questions or share knowledge.
0.009 BTC too confusing?  Use mBTC instead!  Details at www.em-bit.org or visit the project thread to help make Bitcoin prices more human-friendly.
grue
Global Moderator
Legendary
*
Offline Offline

Activity: 1932



View Profile
April 08, 2011, 01:56:14 AM
 #4

proxies and VPNs are really easy to get.

It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures
Jim Hyslop
Member
**
Offline Offline

Activity: 98


View Profile
April 08, 2011, 03:12:28 AM
 #5

I'm not clear what you mean by "transaction spam."

Like my answer? Did I help? Tips gratefully accepted here: 1H6wM8Xj8GNrhqWBrnDugd8Vf3nAfZgMnq
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2492


View Profile
April 08, 2011, 03:29:49 AM
 #6

I'm not clear what you mean by "transaction spam."

People sending 0.01 back and forth to attack the system.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
nster
Full Member
***
Offline Offline

Activity: 126



View Profile
April 08, 2011, 03:37:14 AM
 #7

How fast are these spams? could putting a limit of one send transaction per minute help?

167q1CHgVjzLCwQwQvJ3tRMUCrjfqvSznd Donations are welcome Smiley Please be kind if I helped
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2492


View Profile
April 08, 2011, 03:41:28 AM
 #8

How fast are these spams? could putting a limit of one send transaction per minute help?

That's what limitfreerelay does (though this is disabled by default in the latest release). I'm proposing to apply it per IP so an attacker can't turn off free transactions over the whole network so easily.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
nster
Full Member
***
Offline Offline

Activity: 126



View Profile
April 08, 2011, 03:45:44 AM
 #9

How fast are these spams? could putting a limit of one send transaction per minute help?

That's what limitfreerelay does (though this is disabled by default in the latest release). I'm proposing to apply it per IP so an attacker can't turn off free transactions over the whole network so easily.

how does it originally work?

167q1CHgVjzLCwQwQvJ3tRMUCrjfqvSznd Donations are welcome Smiley Please be kind if I helped
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2492


View Profile
April 08, 2011, 03:54:23 AM
 #10

how does it originally work?

Here is the version in the current release:

Code:
// Limit free transactions per 10 minutes
        if (nFees < CENT && GetBoolArg("-limitfreerelay"))
        {
            static int64 nNextReset;
            static int64 nFreeCount;
            if (GetTime() > nNextReset)
            {
                nNextReset = GetTime() + 10 * 60;
                nFreeCount = 0;
            }
            if (nFreeCount > 150000 && !IsFromMe())
                return error("AcceptToMemoryPool() : free transaction rejected by rate limiter");
            nFreeCount += nSize;
        }

The effect of this is that the entire network starts rejecting free transactions at the same time. The latest Git version of limitfreerelay (now enabled by default) has a better method for deciding when to turn off free transactions, but the entire network still turns it off at around the same time. This is bad because a constant spam attack will make it impossible to ever send a free transaction. By blocking per IP address instead of globally, it's more difficult for an attacker to do this.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
khal
Hero Member
*****
Offline Offline

Activity: 538


NamecoinID: id/khal


View Profile WWW
April 08, 2011, 08:46:40 AM
 #11

but only on a per-IP basis (and maybe also by larger IP blocks).

If your node has 50 connections and you send each transaction to only 1 node (with a modified software), you could send 50 x the limit and those 50 nodes will relay all transactions. To limit that, the limit must be low, but i don't like a low limit.

If you are mybitcoin or else, a low limit will be blocking, and fees will be needed if you want instant transactions... But does fees existed for this reason too (putting a limit to free transactions) ?

I see another potential problem : a relaying node will accept, for example, 500 free transactions by ip maximum. It could accept 1510 free transactions from 4 nodes (500,500,500,10) but could only transmit 500 of them to other nodes ? So, a spamming node will limit other nodes too.
[edit]Thoses 10 transactions will be sent to other nodes, and then be relayed. You would be very unlucky to send your 10 transactions to the same all nodes who recevied 1500 transactions. But, this could be a way to block a lot of nodes, by sending a amount of transaction just below the limit... => same situation a now[/edit]

I agree it's a better method than the current one though.

NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9 | NamecoinID: id/khal | Register .bit domain
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T | My bitcoin Identity: send messages to bitcoin users
Free bitcoins: Surf4Bitcoin.com | Charity Ad: Make a good deed without paying a cent
Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
April 08, 2011, 06:06:25 PM
 #12

Limit-per-ip-range is an interesting idea.

I'd like to give the current not-yet-released solution a month or two to work before trying something else.  I see two possible directions:

+ Limit-per-{connection,ip-range}.  Trouble with this is an attacker who has multiple IPs (think botnet operator) can mount a distributed flood attack.

or/and

+ Take transaction priority into account when deciding what to drop.

I'd really like to talk to a p2p network researcher; it seems to me it might be possible to keep some statistics on what "typical" bitcoin network traffic looks like; perhaps nodes could drop neighbors if they notice network traffic from them looks way out of whack (e.g. sending a much-larger-than-typical number of addr messages or free transactions or...).

How often do you get the chance to work on a potentially world-changing project?
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2086



View Profile
April 08, 2011, 10:41:36 PM
 #13


What about an infinitesimal, but non-zero transaction fee on all transactions?

Is anyone but the spammers going to notice that they just got 0.00000001 clipped off their transaction?

At some point free transactions are unsustainable because they do not reflect the true cost to the miners for maintaining network integrity. Workaround code to defend an ideal will get kludgy after a point.

Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
April 08, 2011, 11:00:49 PM
 #14


What about an infinitesimal, but non-zero transaction fee on all transactions?

Is anyone but the spammers going to notice that they just got 0.00000001 clipped off their transaction?

The problem with that idea is if the transaction fee is that low spammers won't notice it either.  They can just invest 0.01 BTC and send millions of "non-free" transactions.

How often do you get the chance to work on a potentially world-changing project?
nster
Full Member
***
Offline Offline

Activity: 126



View Profile
April 09, 2011, 12:13:33 AM
 #15


What about an infinitesimal, but non-zero transaction fee on all transactions?

Is anyone but the spammers going to notice that they just got 0.00000001 clipped off their transaction?

The problem with that idea is if the transaction fee is that low spammers won't notice it either.  They can just invest 0.01 BTC and send millions of "non-free" transactions.


What about adding an extra precision and requiring 0.001 fee on every single transaction?

That would be 1 BTC per thousand transaction... Not much really. Any higher and the rest of the BTC community suffers, but at 1 BTC per thousand it is not very costly for those spammers.

Still, I wouldn't oppose an obligatory 0.001 fee.... Or perhaps  a 0.01 fee to every transaction under 0.10 ?

167q1CHgVjzLCwQwQvJ3tRMUCrjfqvSznd Donations are welcome Smiley Please be kind if I helped
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2492


View Profile
April 09, 2011, 12:15:04 AM
 #16

With 0.001, a spammer can send 10,000 transactions with just 10 BTC, which seems too cheap. I think 0.01 is fine for now.

In any case, keeping transactions completely free for as long as possible is desirable. A 0.0000001 fee will seem much more expensive than "free" to people considering using Bitcoin.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
nster
Full Member
***
Offline Offline

Activity: 126



View Profile
April 09, 2011, 01:56:56 AM
 #17

With 0.001, a spammer can send 10,000 transactions with just 10 BTC, which seems too cheap. I think 0.01 is fine for now.

In any case, keeping transactions completely free for as long as possible is desirable. A 0.0000001 fee will seem much more expensive than "free" to people considering using Bitcoin.

Agreed. One of the biggest problems with just the current 0.01 transaction fee as optional, is when the bitcoin faucet adds a 0.01 transaction fee to a 0.05 freebie, that's a 20% fee to send out coins. The faucet is probably one of the largest contributors to the transaction fees, benefiting the miners, not the new users testing out the coins.

Maybe we should encourage pool operators to take the transaction fees and send them back to the faucet Wink

RE: the spam problem... I dunno. Free transactions are awesome. But when you start doing IP restrictions or limiting, or something like that, the majority of people you end up effecting are the legitimate users. Spammers or exploiters simply look at the open source code, and figure a way around it be it their botnet, proxies, or whatever.

0.01 fee for transactions under 0.05 then lol

167q1CHgVjzLCwQwQvJ3tRMUCrjfqvSznd Donations are welcome Smiley Please be kind if I helped
NghtRppr
Sr. Member
****
Offline Offline

Activity: 476


View Profile
April 09, 2011, 02:11:42 AM
 #18

With 0.001, a spammer can send 10,000 transactions with just 10 BTC, which seems too cheap. I think 0.01 is fine for now.

In any case, keeping transactions completely free for as long as possible is desirable. A 0.0000001 fee will seem much more expensive than "free" to people considering using Bitcoin.

Agreed. One of the biggest problems with just the current 0.01 transaction fee as optional, is when the bitcoin faucet adds a 0.01 transaction fee to a 0.05 freebie, that's a 20% fee to send out coins. The faucet is probably one of the largest contributors to the transaction fees, benefiting the miners, not the new users testing out the coins.

Maybe we should encourage pool operators to take the transaction fees and send them back to the faucet Wink

RE: the spam problem... I dunno. Free transactions are awesome. But when you start doing IP restrictions or limiting, or something like that, the majority of people you end up effecting are the legitimate users. Spammers or exploiters simply look at the open source code, and figure a way around it be it their botnet, proxies, or whatever.

0.01 fee for transactions under 0.05 then lol

In which case attackers will just keep passing the same 0.06 back and forth. Since they are never losing any BTC, the attacks can be performed with any denomination. It just requires them to have a larger bankroll to begin.
nster
Full Member
***
Offline Offline

Activity: 126



View Profile
April 09, 2011, 03:38:20 AM
 #19

With 0.001, a spammer can send 10,000 transactions with just 10 BTC, which seems too cheap. I think 0.01 is fine for now.

In any case, keeping transactions completely free for as long as possible is desirable. A 0.0000001 fee will seem much more expensive than "free" to people considering using Bitcoin.

Agreed. One of the biggest problems with just the current 0.01 transaction fee as optional, is when the bitcoin faucet adds a 0.01 transaction fee to a 0.05 freebie, that's a 20% fee to send out coins. The faucet is probably one of the largest contributors to the transaction fees, benefiting the miners, not the new users testing out the coins.

Maybe we should encourage pool operators to take the transaction fees and send them back to the faucet Wink

RE: the spam problem... I dunno. Free transactions are awesome. But when you start doing IP restrictions or limiting, or something like that, the majority of people you end up effecting are the legitimate users. Spammers or exploiters simply look at the open source code, and figure a way around it be it their botnet, proxies, or whatever.

0.01 fee for transactions under 0.05 then lol

In which case attackers will just keep passing the same 0.06 back and forth. Since they are never losing any BTC, the attacks can be performed with any denomination. It just requires them to have a larger bankroll to begin.

yes but most of the time, spammer have low amounts of BTC. Therefore, it would limit how many simutaneous spams they can do

167q1CHgVjzLCwQwQvJ3tRMUCrjfqvSznd Donations are welcome Smiley Please be kind if I helped
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2086



View Profile
April 09, 2011, 07:22:12 AM
 #20


What about an infinitesimal, but non-zero transaction fee on all transactions?

Is anyone but the spammers going to notice that they just got 0.00000001 clipped off their transaction?

The problem with that idea is if the transaction fee is that low spammers won't notice it either.  They can just invest 0.01 BTC and send millions of "non-free" transactions.


Yep, good point. It's a thorny one alright .... the problem there is the relative size of the fee to the size of the transacted amount, but if you have a fixed 'tiny' but non-zero percentage fee then anything that is prohibitive to spammers will also be noticed by legitimate users.

E.g: a 0.001% fee (BTC 0.01 on a BTC 100) would still get spammer a large number of transactions and any higher it'll get noticed I guess ...

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!