In computing, denial of service attack (DoS attack;UK: /dɒs/ Dos United States: /dɑːs/ dozen(1)) is a cyberattack in which the perpetrator attempts to make a machine or network resource unavailable to a targeted user by temporarily or indefinitely disrupting the service of hosts connected to the network. – Wikipedia definition of denial of service attack.
This is a very basic concept. Someone uses their resources to interfere with the functioning of other machines on the network.
DoS attacks have been a problem for as long as the Internet has existed. One of the commonly discussed “first distributed denial of service (DDoS) attacks” was against Internet Service Provider (ISP) Panix in the mid-90s. Of course, there were many technical examples with older Internet services, but this was one of the first major examples of such an attack on the modern World Wide Web.
In this attack, a number of computers initiated a Transmission Control Protocol (TCP) connection with an ISP server, but did not complete the handshake protocol that completes the connection. This consumes server resources for managing network connections and prevents legitimate users from accessing the Internet through the ISP's servers.
Since this “first” DDoS attack, DDoS attacks have been as common on the Internet as natural storms, and it is a regular occurrence that extensive Internet infrastructure has been built to protect against them.
blockchain
Blockchain is one of Bitcoin's core components and a necessary dependency for Bitcoin's functionality as a distributed ledger. Many in the field would refer to so-called “spam” transactions as a DoS attack on the Bitcoin blockchain. To call it that, we need to define the “service” that blockchain provides as a system and explain how spam transactions are denying that service to others in a way that was not intended by the system's design.
Most people who believe spam is a DoS attack will say something like, “The service that blockchain provides is processing financial transactions, and spam is taking space away from the people who are trying to do that.” The problem is that that's not a service that blockchain provides.
The services we actually provide are as follows: Any Consensus-enabled transactions via real-time auctions that are settled periodically each time a miner finds a block. If a transaction is consensus valid and miners bid a high enough fee to include the transaction in a block, then they are using the services provided by the blockchain as designed.
This was a conscious design decision made over the years during the “block size wars” and was ultimately determined by the activation of Segregated Witness and the refusal to increase Segwit2x's block size through a hard fork pushed by the major companies at the time. The blockchain works by prioritizing transactions with the highest bid fees, allowing users to freely participate in those auctions. This is a method of allocating block space, with global limits to protect verifiability and free market pricing mechanisms.
If a transaction that some people arbitrarily define as “spam” is won in this public auction, it is not a blockchain DoS. Users use the resources as they should and participate in auctions with other users.
relay network
Many, if not most, Bitcoin nodes provide transaction relay as a service to the rest of the network. When you broadcast a transaction to peers on the network, the transaction is forwarded to the peers. Because the peering logic that decides which nodes to peer with maintains a wide range of connections, this service allows transactions to propagate throughout the network very quickly, and in particular allows transactions to propagate to all mining nodes.
Another service is block relay, which propagates valid blocks in the same way when they are found. It has been highly optimized over the years to the point that in most cases the entire block is never actually relayed, just a quick “sketches” of the block header and the transactions it contains, which can now be reconstructed from its own pool of memory. In other words, block relay optimization relies on transaction relays functioning properly and propagating all valid and potentially mined transactions.
If a node does not already have a transaction in a block in its memory pool, it must request a transaction from a neighboring node, which takes more time to validate the block in the process. It also explicitly forwards those transactions along with the block sketch to other peers in case the transactions are not found, wasting bandwidth. The more nodes that filter transactions that are classified as spam, the longer it takes for blocks containing those filtered transactions to propagate throughout the network.
Transaction filtering actively attempts to disrupt both of these services. If transaction relays fail miserably to prevent propagation to miners, and in the case of block propagation with a small but noticeable performance penalty, more nodes on the network will end up filtering transactions.
These node policies have the express purpose of degrading the network service of propagating transactions to miners and the rest of the network, and degrading block propagation is seen as a penalty to miners that choose to include valid transactions that they are filtering. They attempt to create a service degradation as a goal and view other service degradation resulting from that attempt as a positive.
This is actually a DoS attack and actually degrades network service, contrary to the system's design.
Where do we go from here?
The whole Knots vs. Core or “spammer” vs. “filter” saga is nothing more than a miserably ineffective and failed DoS attack on the Bitcoin network. Filters do nothing to prevent filtered transactions from being included in blocks. The goal of disrupting transaction propagation to miners has not been entirely successful, and block relay degradation has been limited to a degree that does not hinder miners.
I see this as a major demonstration of Bitcoin's robustness and resilience against censorship and disruption attempts at the level of the Bitcoin network itself.
So what do you do now?
The BIP, by anonymous authors, has been proposed to enact a temporary soft fork that will expire in approximately one year, and the consensus on various ways to include “spam” in Bitcoin transactions will be invalidated for that period. After realizing that DoS attacks against peer-to-peer networks were a total failure, many of the filter's proponents moved on to the consensus changes they had been saying were needed for more than two years.
Will this really solve the problem? No, it's not. If people trying to “spam” this forked network actually run an implementation, they will simply be forced to use fake ScriptPubKeys to encode data in unusable outputs that bloat the UTXO set.
Therefore, even if this fork responds to overwhelming support, is successfully activated, and does not result in a chain split, it will still fail to achieve its stated goals and “spammers” will be left with no choice but to send “spam” in the most damaging way to the network.
This post, “Bitcoin Knot Was Nothing More than a Denial of Service Attack on Bitcoin” first appeared in Bitcoin Magazine and was written by Shinobi.
