82 sats \ 8 replies \ @nullcount 20 Jun 2022
LN has the same vulnerability. Except its worse since there's an incentive to spam the network with probes.
reply
7 sats \ 7 replies \ @kr 20 Jun 2022
how come there hasn’t been a widespread attack like this on Lightning yet?
reply
128 sats \ 6 replies \ @nullcount 20 Jun 2022
Its already constantly being "attacked" with probes. As the number of attackers scales linearly, the number of probes scales exponentially. Nodes running old version of LND are already crashing because of a bloated channels.db from all the failed route events.
The bandwidth consumed is still relatively low, but it won't be long before many node's connections are saturated with bogus forward requests.
Bandwidth isn't even the limiting factor. More likely its the number of in flight HTLC slots on a channel. If these probes are designed to not fail quickly, then the ability to DOS the network is even easier.
reply
10 sats \ 5 replies \ @kr 20 Jun 2022
appreciate the insight. what is the worst-case scenario if an attacker tries to harm the lightning network?
said differently, if you were trying to inflict the most damage possible, how would you attack the lightning network?
reply
1583 sats \ 4 replies \ @nullcount 20 Jun 2022
A single actor could disable a few high throughput channels and increase average fee for everyone transacting during the attack.
If the attacker could specifically target nodes known to run LND, then they could sustain a constant probe attack, forcing the node to log every attempt until the node's disk filled up causing a system crash.
Repeat until a majority of nodes are offline. However, sophisticated node operators can defend this attack.
The systemic issue is that every actor on the network is incentiviced to attack it in order to build a higher resolution map of the network (one that includes channel balance estimates). This additional data gained from spamming could be used to make payment routes more efficiently or to surveil the network and identify payment flows.
IMO the protocol needs to allow charging a fee for attempted payments, not just successful ones.
That way, nodes that charge an "attempt fee" would be probed less. However, it creates a new dynamic where honest senders want to prioritize routes that they think will succeed, instead of just brute-forcing routes until success. Or maybe they just avoid nodes charging attempt fees altogether.
Nodes could adopt a change to their channel policy where they dynamically set MAX_HTLC depending on the local balance in their channel. This would let the network know an estimate of their true balance without needing to be probed. Its a voluntary disclosure that could result in more routes if peers are trying to avoid fees from attempted routes.
But updating the MAX_HTLC policy too frequently will contribute to gossip spam (another DOS vector).
If gossip is spammed too much, payments could fail because the sender did not include adequate fees to pay intermediate nodes along a route. This is because the fee policy change was delayed in propagating thru the network and the sender was using the old fee when they built the onion.
It already takes about 10 minutes for a policy change to propagate. When you change your channel policy, you're effectively disabling it for up to 10 mins. Its currently free to spam gossip as much as you want, thus increasing this "cooldown" time for everyone.
IMO the gossip protocol should limit the relaying of policy updates if the node is updating too frequently. Maybe a node should be allowed 1 batch update per day, for example.
Each solution has a whole set of new issues it introduces. Nothing is likely to change until DOS becomes a common occurance. Even then, Tor gets DOS'd all the time and the maintainers have expressed no desire to address it.
LN is still nascent. If an attacker wanted to cause as much chaos as possible, they would wait until major institutions and global trade depends on LN, then attack.
I'll argue that, as early adopters, its our duty to exploit the network in any way we can while its young and still capable of change.
reply
30 sats \ 0 replies \ @kr 20 Jun 2022
incredibly thorough response, take my sats!
reply
0 sats \ 1 reply \ @Undisciplined 20 Jun
Top comment two years ago!
reply
0 sats \ 0 replies \ @Undisciplined 21 Jun
Two days in a row!
reply
0 sats \ 0 replies \ @CheezeGrater 21 Jun 2022
Thanks, never knew about this.
reply
111 sats \ 1 reply \ @cryptocoin 20 Jun 2022
That alert has been up since June 9th.
However just recently admins for both Bisq and RoboSats have reported their services have been impacted.
reply
20 sats \ 0 replies \ @shyfire OP 20 Jun 2022
Oh wow, I just saw that now.
reply
11 sats \ 1 reply \ @shyfire OP 20 Jun 2022
Anyone know whether it's possible to run a full node under both TOR and I2P at the same time?
reply
40 sats \ 0 replies \ @Taranis 21 Jun 2022
yes, it is possible.
bitcoin over Tor:
https://youtu.be/57GW5Q2jdvw
bitcoin over i2p: https://youtu.be/2kyt6O-T0nA
reply
1 sat \ 0 replies \ @kr 20 Jun 2022
how long do these attacks typically last? what is the end-goal for the attacker?
this seems like a big deal, but i have no technical knowledge of tor or ddos attacks. can you recommend any resources to read up on why these attacks happen and what success looks like for the attacker?
reply
0 sats \ 1 reply \ @Undisciplined 20 Jun
Congratulations! This was the top post of the day two years ago.
reply
0 sats \ 0 replies \ @Undisciplined 21 Jun
Two days in a row!
reply
0 sats \ 9 replies \ @tomlaies 20 Jun 2022
that's crazy - if you think about who would have incentives/ a motive to do so. I can only think about governments or anti-piracy companies...
reply
9 sats \ 1 reply \ @shyfire OP 20 Jun 2022
My vote is that it's a Chainalysis company doing this :P
reply
0 sats \ 0 replies \ @tomlaies 21 Jun 2022
oh, that makes a lot of sense as well
reply
1 sat \ 1 reply \ @itsrealfake 20 Jun 2022
govts & anti-privacy actors... that's a pretty big list.
reply
11 sats \ 0 replies \ @shyfire OP 20 Jun 2022
We should add Chainalysis companies to the list :)
reply
0 sats \ 2 replies \ @kr 20 Jun 2022
how expensive is it to run a ddos attack like this?
reply
75 sats \ 1 reply \ @tomlaies 20 Jun 2022
I don't know the exact prices but I know there are ready to buy botnets on the Darkweb. So it's actually quite commoditized - and there are many +3 year old android phones that don't get security updates anymore, it's not a rare resource.
If a major player does so, they probably need to pay a law firm which in turn uses an IT service shell company which costs a lot - I'm speculating here, this is far from any evidence that this happened.
.
reply
22 sats \ 0 replies \ @kr 20 Jun 2022
appreciate the insight!
reply
0 sats \ 1 reply \ @CheezeGrater 20 Jun 2022
China?
reply
0 sats \ 0 replies \ @kilianbuhn 20 Jun 2022
Netflix & Disney & Warner Music maybe 🤔
reply
0 sats \ 0 replies \ @02457557a8 23 Jun 2022 freebie
Spun up a proxy here to do my part