It seems the DoS Attack on testnet

The zcashd could not sync blocks data after it started serval hours. And it seems not mining coin, because it used CPU very low. Normaly CPU used should be 100%.
I need to reboot the computer and restart zcashd, then it will sync blocks.
I found this problem twice today.

root@zec01:/home/zheng# ./zcash/src/zcash-cli getinfo
“version” : 110200,
“protocolversion” : 170002,
“walletversion” : 60000,
“balance” : 204.63350000,
“blocks” : 5753,
“timeoffset” : 0,
“connections” : 1,
“proxy” : “”,
“difficulty” : 1.00000000,
“testnet” : true,
“keypoololdest” : 1471326755,
“keypoolsize” : 84,
“unlocked_until” : 0,
“paytxfee” : 0.00000000,
“relayfee” : 0.00005000,
“errors” : “WARNING: check your network connection, 58 blocks received in the last 4 hours (96 expected)”

1014 root 20 0 1221288 15396 7052 S 1.0 0.8 97:08.53 zcashd


The DoS problem (I would not call it an attack unless someone knows that it is) seems to blocking new miners from joining. I do not know if it would be affecting you.

1 Like

Actually I would categorize the DoS problem as an Attack. It is specifically malicious in nature and designed to stop legitimate users from joining the Zcash Testnet. Just imagine if this was the live Network, it would literally be costing people money.

I have seen the developers chat and I know they are working on fixes to keep it from happening in the future. Hopefully we will see some of the additional DoS mitigations incorporated into the next z9 release.


I had only seen in Github a belief that it was a programming error, possibly the exclusion of a known way to stop an expected type of attack. A successful attack now is a great gift, enabling holes in the programming to be fixed before it really matters.


Either way, someone is purposely placing fake peers onto the network to stop legitimate users from connecting. If it had been simply a coding overlook we may not have seen it.

As you mentioned; thanks to the malicious 3rd party we are now aware of the problem and can take steps to fix it.


With all the messing-around with testnet3 I and others have done, I wonder if a bad peers.dat file(s) was an accident. If the DoS is about the peers.dat file, then it may be only what str4d pointed out several days ago, i.e., that there are no bootstrapping nodes yet (which I believe means there is only 1 “seed” node at leastauthority with known good peers whereas bitcoin has many that a new miner can check).

Dos attack! I personally see no use of attacking a testnet, a productive target is likely to be the real deal!

Wondering, if this is part of the Audit Zooko talked about?

The DoS attacks on the Testnet are not planned by the Zcash team, nor are they a result of legitimate users editing their files.

The strange peer behavior was noticed on the Testnet and this issue was created on github:

You can see by the notes that the team was not expecting the behavior. Also note the Block # that the machines were advertising “1337” = leet. This disruption has actually helped the team identify a potential weakness which will now be patched.

This shows why Testnets are such an important tool in development.

1 Like

Whether they intended to or not, the attackers have served the network.

1 Like

I just found out that most of mine were on block 5036-ish while the legitimate one is currently on 6236. I thought they were all on correctly 2 days ago.

On GitHub? That’s the only discourse I’ve found. Is there an active Slack or something? Or an active IRC? I’d love to be able to follow more closely.

We have development chat in #zcash-dev on OFTC, FreeNode, Irc2P, and in Slack (which you can get an invite for at ).

1 Like

Hello, new to zcash just got up and running. Does this look right to you guys?

"version" : 110200,
"protocolversion" : 170002,
"walletversion" : 60000,
"balance" : 0.00000000,
"blocks" : 2,
"timeoffset" : 0,
"connections" : 0,
"proxy" : "",
"difficulty" : 1.00000000,
"testnet" : true,
"keypoololdest" : 1471543262,
"keypoolsize" : 101,
"paytxfee" : 0.00000000,
"relayfee" : 0.00005000,
"errors" : "WARNING: check your network connection, 0 blocks received in the last 4 hours (96 expected)"

Thanks im also new to linux so confused on many levels here.

That does appear that you have installed correctly and have a running Zcashd. Congrats, you’ve done the hard part! However you are not connected to the main blockchain.

The current DoS attack is still preventing many users of the current version z8 from connecting. They are working on a patch which will hopefully be included in the next Alpha version z9.

Thanks Shawn thats kinda what I was wondering. So really no point in running at the moment then? Also might not be the place to ask but since i installed I have had my computer completely freeze maybe 4 times in the past two hours hasn’t done it before the zcash install. Any Ideas or any know issues with that.

You are actually still doing the work of mining, it’s just not getting confirmations from the correct Blockchain. You have essentially created your own blockchain. Even if you were on the Testnet the coins you find will be erased when the official launch of the Genesis Block takes place.

You can still use your install for benchmarking your computer and getting familiar with the commands/interface.

As for the freezing, it depends on the power/configuration of your hardware, Zcash is CPU and memory hard, so if you have little RAM or a slower CPU and are trying to multitask while Zcash is running you may bog down the computer to the point of freezing.

hey, thanks again. I’m showing over 7gb of memory and 621 gb of disk space. and the processor is Intel® Core™ i7 CPU Q 740 @ 1.73GHz × 8 . Does this seem on the low end to run zcash?

I have a similar machine I’ve been testing. Put gen=1 and genproclimit=3 in .zcash/zcash.conf to run 3 of your 4 cores when you run zcash -daemon. The 8 hyperthreads are not real. Leave 1 core free to do regular work at the same time. It’s my slowest machine, but it’s the desktop I use everyday. Get someone else’s .zcash/testnet3 folder from here Z8 .conf file changes and connection issues? - #14 by waterhole

Delete yours ( rm -rf .zcash/testnet3 ) then copy over theirs and be sure to delete their wallet.dat if it is included to keep from messing things up. Do not run as root or use sudo, or you’ll have to start over. Your connections line from the getinfo results above should then say 1 and current block is about 7200 when you are on the main testnet. You’ll get about 5 blocks per day the way things are right now, between 2 and 8 blocks (90% probability). A higher-end new machine will get nearly 1 per hour.


Note that the problem discussed in this thread has been fixed in the current z9 release. It was not a DoS attack; see Decrease MAX_HEADERS_RESULTS · Issue #1289 · zcash/zcash · GitHub for details.