[pbear2k21]

50k sockets looping requests make the p2p port entirely inaccessible at times. with more attacking machines it is reasonable to suspect that the target node(s) could be held down in perpetuity.

edit: re: child comment / syn flood; sure. bitcoind needs ip associated throttling baked in. there is no rationale behind a single machine attempting 1k handshakes a second. the attack shouldn't work at all.

[r1ch]

You may as well just SYN flood at that point. None of this is really new, you can take down a lot of TCP based servers with the right combination of packets and volume.

[linuxdude314]

It’s also reasonable to prevent this sort of abuse using a firewall or rate limiting load balancer..

[pstrateman]

Inaccessible from the machine doing the attack.

But is it preventing the node from communicating with the rest of the network?

That's a big doubt from me.

[pbear2k21]

inaccessible to external machines that are not participating in the attack. it's yet to be seen what happens to a node that's sync'd with active peers and whether a node under attack is kicked out of the network for timeouts or how bitcoind behaves in general while tcp/8333 is under fire.

[nullc]

> it's yet to be seen

It's yet to be seen by you. But you are not the first person to have thought of characterizing this behavior in the last decade. Some other people have actually done so, including the person you're responding to! (who successfully discovered and fixed a number of vulnerabilities years ago)

I tested and existing connections continue to work fine w/ a connection exhausted peer, as expected. It sounds like you're saying that you haven't tested this. If you do and get a different result, I'm sure the bitcoin devs would like to hear about it.

[pbear2k21]

i've popped 25 - 30+ blockchains. from anecdotal experience i suspect that there could be something here and need to see it through with a sync'd node and more firepower. you seem overconfident.

[nullc]

> i've popped 25 - 30+ blockchains

Most "blockchains" are just garbage scams. Many are just whitelabled junk put out by scamcoin factories-- development sweatshops that bang out whatever features at least appear to fulfill some nonsense a non-engineer wrote in some marketing whitepaper, in exchange for some payment. Then they pay exchanges to list then, pay influencers to hype them, dump their premines on the suckers who bought in and then wash rinse repeat until they're either wealthy enough to quit or blow their bankroll on a pump that fails.

If any of those are secure from attack at all it's mostly by accident -- security is certainly not a goal for them, and a non-fatal attack would just be a bit of free marketing.

Even ones that are less intentionally scammy, spend much of their time essentially failed under their own weight due to a lack of any technical competence supporting them.

> i suspect that there could be something here

A fine starting point for research, not a reason to make a public announcement.

Not even knowing if connections are long lived or not really shows you haven't even bothered checking on the most basic stuff that you could easily find with a few minutes of reading.

[pbear2k21]

you may be correct. the issue has been closed for further review. a scaled attack might only prevent new nodes from entering the network as existing connections would be spared even when the maximum limit of peers is reached.

however - and i mean this - you need to watch your mouth buddy. you've been unnecessarily rude. i have decided not to respond with force - so either stfu or press your luck