Systematic process to ban malicious nodes

Github issue: https://github.com/nanocurrency/nano-node/issues/2238

Although every component of the Nano protocol is designed to maximize efficiency by using the least amount of resources possible, in order to protect nodes against specialized Denial of Service (DoS) attacks, a process should be established to systematically ban malicious nodes (peers).

In this context, a malicious node is any node that sends junk data, such as:

  • Invalid packets (messages which cannot be deserialized)
  • Invalid blocks and votes (difficulty below threshold, invalid signature)
  • Blocks that cannot fit the ledger
  • Bad bootstrap requests and responses
  • Duplicate data, requests

Existing approaches [1] use a system to continuously score peers and disconnect them once a threshold is reached.

One of the open questions is how long to block peers, and if it should only be done locally by each node.

[1] https://en.bitcoin.it/wiki/Weaknesses#Might_be_a_problem

3 Likes

Another problem is how to handle IPv6, specifically how large of IP blocks to ban there. Banning individual IPv6 addresses does next to nothing for most residential networks, but banning a subnet may also ban adjacent cloud servers. Perhaps a gradually adjusting subnet size ban could be used.

2 Likes

Is it reasonable to block a peer that is propagating transactions at an abnormally high rate?
Presumably the spammer has to publish from their own nodes if they want to accomplish very high transaction volumes.
You may immediately run into issues of some secondary propagating nodes being blocked too, but I wonder if this could be minimised.

My opinion is no, it is not reasonable to block a peer that is propagating at an abnormally high rate. The indicators of malicious nodes that @Dotcom mentions are just that, interpreted in no other way than malicious. Spamming, while it can be malicious, is using the network as designed. We have POW difficult to combat spam.

In that vein, however, I am highly skeptical of any blocking/banning of nodes regardless of data sent. First, the filters in place to get junk out early should be efficient. And second, it becomes a cat and mouse game that only complicates the network.

The Nano network should operate on Zero trust. Assume any inbound node traffic is malicious ... filter and move along smartly.

Note: if there are metrics proving network impacts from malicious (not spam) behaviors, would love to see

1 Like