Skip to content

Header Spam Protection Improvements
Compare
Choose a tag to compare
@proletesseract proletesseract released this 08 Feb 20:19
· 250 commits to master since this release
4.7.3
0e32a19
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This release only features one merged pull request, but it is an important security patch. It is recommended for all stakers and economic nodes to update immediately to ensure network stability. Everyone else running NavCoin Core is recommended to upgrade as soon as possible, even if you're not staking.

Anti Header Spam v2

<Pull Request 656>
<Commit 5f11875>

Introduces a new anti header spam system which improves the previous implementation and addresses the art-of-bug reports.

Features:

  • Every time a header or block is received from another peer, its hash is added to a points list associated with the peer.
  • Peers are discerned by their ip address, this means peers sharing ip address will also share the same points list. This can be changed with -headerspamfilterignoreport (default: true).
  • Before proceeding with the block or headers validation, the points list will be cleared removing all the hashes of blocks whose scripts have already been correctly validated.
  • The peer is banned if the size of the points list is greater than MAX_HEADERS_RESULTS*2 once cleared of already validated blocks.
  • The maximum allowed size of the points list can be changed using the -headerspamfiltermaxsize parameter.
  • The log category headerspam has been added, which prints to the log the current size of a peers points list.
  • When -debug=bench is specified, execution time for the updateState function is logged.

Considerations

  • The maximum size of the points list by default is 4,000. With a block time of 30 seconds, NavCoin sees an average of 2,880 blocks per day. A maximum value of 4000 is roughly one and a half times more than the count of blocks a peer needs to be behind the chain tip to be in Initial Block Download mode. When on IBD, the header spam filter is turned off. This ensures that normal synchronisation is not affected by this filter.
  • An attacker would be able to exhaust 32 bytes from the hash inserted in the points list + 181 bytes from the CBlockIndex inserted in mapBlockIndex for every invalid header/block before being banned. The points list is cleared when the attacker is banned, but those headers are not removed from mapBlockIndex or the hard disk in the current implementation. The size of CBlockIndex has been measured with:
    CBlockIndex* pindex = new CBlockIndex();
    CDataStream ssPeers(SER_DISK, CLIENT_VERSION);
    ss << CDiskBlockIndex(pindex);
    std::vector<unsigned char>vch(ss.begin(), ss.end());
    std::cout << to_string(vch.size()) << std::endl;
  • The default maximum value means that a single malicious peer with a unique IP can exhaust at max 3,999*213=831 kilobytes without being banned or 4,000*181=707 kilobytes being banned.

For additional information about new features, check https://navcoin.org/en/notices/

Assets 16