What protection does Bitcoin have against Denial of Service (DoS) attacks?

What protection does Bitcoin have against DoS attacks? Could you bring down a node by flooding it with data?

What happens if someone starts flooding the network with legitimate, yet nonsense, transactions? For example, sending bitcoins from A -> B -> C -> A -> B -> C -> A and so on in a rapid pace.

Answer

The network has a moderate amount of protection against DoS attacks. If you flooded a single node with data from a single source, it would just drop you. You could reconnect, of course. You would need a lot of resources and effort to knock out a node, but it’s possible to knock out a single node by overloading it.

The owner of an attacked node could simply stop accepting incoming connections and he could still operate. He still might, by sheer bad luck, make some outgoing connections to malicious nodes. But he’d quickly close all such connections and be left only with connections to non-malicious nodes.

Transaction flooding is perhaps the DoS attack for which the network is currently best defended. Trying to flood the network with legitimate, but nonsense transactions won’t work very well. To form such a transaction, you have to claim some coins. The network will only maintain one transaction that claims a given output. And to claim newer output generally requires a transaction fee.

It’s hard to imagine any scenario in which an attacker could maintain a significant number of concurrently valid transactions without paying large transaction fees. And even if he could, as soon as those were accepted, he’d need to be able to claim additional transaction outputs to keep up the flood. The outputs of the transaction from earlier in the flood would be too new to spend without fees.

In any event, the harm would be minimal. If this were working to cause harm, that would mean legitimate transactions wouldn’t be going through. This means their coins would be getting older and older while the attack had to consist of newer and newer transaction outputs. Soon, the legitimate transactions would win.

Leave a Reply

Your email address will not be published. Required fields are marked *