A frequently touted feature of distributed networks is resilience; if one Bitcoin node fails then there are thousands of other nodes left operating to ensure the continuation of the network. However, just like other network implementations, distributed networks are vulnerable to DoS (Denial of Service) attacks.
These attacks are at first glance perhaps not as dangerous as attacks we’ve
previously covered, such as Sybil or Double Spend attacks, as they are rarely used to steal funds or alter transaction history (although a DoS attack can be used to weaken the network as a precursor to other attacks). However, they are a constant danger in their own right.
A DoS attack is an attack on a network or machine that aims to either temporarily or permanently remove the network’s ability to operate. This attack on a distributed permissionless network (permissioned networks can simply remove offenders) is achieved by flooding the network in one of a number of ways:
A sufficient amount of these extra or harder to process blocks leads to a buildup of pending blocks (and transactions) as miners struggle to keep pace.
DoS attacks disrupt or bring to a halt service delivery, which can erode trust and ultimately prevent users from accessing and using the network. Executed on a sufficient scale an attack will lead to longer processing times combined with higher fees (as users pay more to get their transactions confirmed quicker than spam transactions).
These attacks can have a significant impact. For example, a DoS attack from June to September 2015 flooded the Bitcoin network with hundreds of thousands of spam transactions which took up to 20 seconds to confirm per transaction. This was estimated by Baqer, Huang, McCoy and Weaver to have caused an increase in processing legitimate transactions from 0.33 to 2.67 hours while “average non-spam transaction fees also surged...51%”. The cost of the attack was estimated at just $49,000, highlighting the low resources required.
Other networks have also fallen prey, for example:
DoS attacks also lead to longer synchronization times and increased resource requirements (such as wasted hard drive space) for nodes. Not all nodes can handle these increased resource requirements and are forced offline as a result. Nodes can also be targeted directly, a particularly problematic attack for networks with limited numbers of ‘full’ nodes. As a Delegated Proof of Stake (DPoS) system generally has a small amount of elected leaders (as little as 11), simultaneously taking out enough validators could cause severe disruption. A DoS attack could also be launched against elected leaders so they are forced offline, allowing the attacker to be elected instead.
A DoS attack could also target mining pools in a Proof of Work implementation. This could either be to reduce the total mining power available in order to make it easier for a malicious actor to mine the block reward themselves, or to decrease the total hashpower of the network to make 51% attacks an easier and cheaper proposition.
Finally, the wider ecosystem forms an additional attack vector. For example, a DoS attack against the Bitcoin network took on the form of ‘Transaction Malleability,’ which is where an attacker changes the transaction ID of a valid transaction and transmits that modified transaction. This causes difficulties for exchanges who are no longer able to be confident that a transaction is valid. This, as happened with Bitcoin, can cause exchanges to block transactions and bring the network to a halt.
Most permissionless distributed networks such as Bitcoin have inbuilt mechanisms to counter DoS attacks. They charge fees for transactions, making it costly for would be bad actors to launch assaults via spam transactions. Most also have the ability to automatically kick suspected bad nodes, either by banning them from the network, or by refusing to accept a node’s connections. They might also limit the blocksize or ignore certain atypical transactions for which no honest actor would likely have a use for.
Networks can also plug holes following attacks. For example, Ethereum removed the specific transaction that allowed for the spate of cheap but complex spam transactions, while Monero increased the minimum transaction fee from 0.005 XMR to 0.1 to increase the cost of continuing the attack.
However, as with DDoS or DoS attacks against other forms of networks and machines, the attack tends to be cheap and easy to deploy, and preventing them can be difficult. Permissionless distributed networks are also often unable to discern between spam and legitimate transactions or take action given their censorship resistant nature.
As with 51% attacks, preventing DoS attacks completely may not be possible. Rather, the goal is to ensure would be attackers must expend sufficiently high amounts of resources to make attacks economically unviable.