50k sockets looping requests make the p2p port entirely inaccessible at times. with more attacking machines it is reasonable to suspect that the target node(s) could be held down in perpetuity.
edit: re: child comment / syn flood; sure. bitcoind needs ip associated throttling baked in. there is no rationale behind a single machine attempting 1k handshakes a second. the attack shouldn't work at all.
You may as well just SYN flood at that point. None of this is really new, you can take down a lot of TCP based servers with the right combination of packets and volume.
inaccessible to external machines that are not participating in the attack. it's yet to be seen what happens to a node that's sync'd with active peers and whether a node under attack is kicked out of the network for timeouts or how bitcoind behaves in general while tcp/8333 is under fire.
It's yet to be seen by you. But you are not the first person to have thought of characterizing this behavior in the last decade. Some other people have actually done so, including the person you're responding to! (who successfully discovered and fixed a number of vulnerabilities years ago)
I tested and existing connections continue to work fine w/ a connection exhausted peer, as expected. It sounds like you're saying that you haven't tested this. If you do and get a different result, I'm sure the bitcoin devs would like to hear about it.
i've popped 25 - 30+ blockchains. from anecdotal experience i suspect that there could be something here and need to see it through with a sync'd node and more firepower. you seem overconfident.
Most "blockchains" are just garbage scams. Many are just whitelabled junk put out by scamcoin factories-- development sweatshops that bang out whatever features at least appear to fulfill some nonsense a non-engineer wrote in some marketing whitepaper, in exchange for some payment. Then they pay exchanges to list then, pay influencers to hype them, dump their premines on the suckers who bought in and then wash rinse repeat until they're either wealthy enough to quit or blow their bankroll on a pump that fails.
If any of those are secure from attack at all it's mostly by accident -- security is certainly not a goal for them, and a non-fatal attack would just be a bit of free marketing.
Even ones that are less intentionally scammy, spend much of their time essentially failed under their own weight due to a lack of any technical competence supporting them.
> i suspect that there could be something here
A fine starting point for research, not a reason to make a public announcement.
Not even knowing if connections are long lived or not really shows you haven't even bothered checking on the most basic stuff that you could easily find with a few minutes of reading.
you may be correct. the issue has been closed for further review. a scaled attack might only prevent new nodes from entering the network as existing connections would be spared even when the maximum limit of peers is reached.
however - and i mean this - you need to watch your mouth buddy. you've been unnecessarily rude. i have decided not to respond with force - so either stfu or press your luck
can you please ban bots downvoting my comments? I just posted comment and it was downvoted within less than a minute, there is no way human would read it that fast (plus it's not even controversial, it's the one about breaker box) I'm 100% sure there are bots set up brigading against my account from what I see even my innocent comments being downvoted, I'm disappointed HN allows such brigading
This is the kind of thing the site guidelines ask you to email hn@ycombinator.com about instead of posting about in the threads. Can you do that instead?
Unless there's been a significant regression these issues were fixed after I found the slowloris type attacks to be an issue in 2012.
Edit: Maybe he's attacking his own RPC port, which again doesn't matter since it's not open to the internet.