Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 03028C002D for ; Tue, 5 Jul 2022 20:30:31 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id BE19881AEA for ; Tue, 5 Jul 2022 20:30:31 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org BE19881AEA Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com header.a=rsa-sha256 header.s=protonmail3 header.b=hRPIK7I+ X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.1 X-Spam-Level: X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URI_DOTEDU=0.001] autolearn=ham autolearn_force=no Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id axZlCzmJtGMd for ; Tue, 5 Jul 2022 20:30:30 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org CE78981AD1 Received: from mail-40130.protonmail.ch (mail-40130.protonmail.ch [185.70.40.130]) by smtp1.osuosl.org (Postfix) with ESMTPS id CE78981AD1 for ; Tue, 5 Jul 2022 20:30:29 +0000 (UTC) Date: Tue, 05 Jul 2022 20:30:24 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1657053026; x=1657312226; bh=pESyCll7FT6MsMWZXMtceCSt8P6fYsPz+nhvyqqxMU0=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To: References:Feedback-ID:From:To:Cc:Date:Subject:Reply-To: Feedback-ID:Message-ID; b=hRPIK7I+EcLVnHt96gOtA8v33LnKeTl6hOYHUsdNB3ni4CEzSQdycTX5reJNQYCeP wnRHvIuh6Fvz4laQ4W4y1IZzX8guKD3bGYJHwgvc448MM0w/lIAr2iPdfsZZGtIdJ3 ir/0A0lDqxL+PUqeRiUDb4fhWuSgQXXiEPYPkFOGbNzO7Rz/n0OXzf2itI3jA8MUZB 5M3AKPzco1OiDHmUE6+LPTVBsR8+3B6ZrFk4DvEp7BTkpoV2gmJz0TS5uwCYkrwuOn Ytqg+rwYXv8FoHaYo6F20e04aG7gWPvpK/xYOo0g4mAYC6iEuQMhxl2tZSsjrBFciU kphvMq2jf51BA== To: Elias Rohrer From: alicexbt Reply-To: alicexbt Message-ID: In-Reply-To: <31411E6C-B1BF-45B7-848A-0AC8ECDFFCB3@tnull.de> References: <31411E6C-B1BF-45B7-848A-0AC8ECDFFCB3@tnull.de> Feedback-ID: 40602938:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Wed, 06 Jul 2022 07:41:23 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] BGP hijacking on Bitcoin p2p network X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jul 2022 20:30:32 -0000 Hi Elias, Thanks for sharing the links. I have also started working on a simple chrome extension which connects to = local bitcoin core and checks IP address of all peers for prefix length and= other things. I would highlight peers with different colors based on certa= in things in this extension. https://github.com/1440000bytes/bitcoin-core-extension /dev/fd0 Sent with Proton Mail secure email. ------- Original Message ------- On Friday, June 10th, 2022 at 6:44 AM, Elias Rohrer wro= te: > Hi alicexbt, > > Routing attacks have actually been studied quite a bit in literature. > > You may be interested in the research articles of Maria Apostolaki et al.= [1,2], Muoi Tran et al.[3], and related works. > > Best, > > Elias > > 1: https://arxiv.org/pdf/1605.07524.pdf > [2]: https://arxiv.org/pdf/1808.06254.pdf > [3]: https://allquantor.at/blockchainbib/pdf/tran2020stealthier.pdf > > On 9 Jun 2022, at 20:24, alicexbt via bitcoin-dev wrote: > > > Hi Bitcoin Developers, > > > > Based on this answer from 2014, bitcoin nodes are vulnerable to BGP hij= acking. There was an incident in March 2022, twitter prefix was hijacked an= d details are shared in 2 blog posts: > > > > https://isc.sans.edu/diary/rss/28488 > > > > https://www.manrs.org/2022/03/lesson-learned-twitter-shored-up-its-rout= ing-security/ > > > > 'nusenu' had written an article about Tor network being vulnerable to B= GP hijacking attacks: https://nusenu.medium.com/how-vulnerable-is-the-tor-n= etwork-to-bgp-hijacking-attacks-56d3b2ebfd92 > > > > After doing some research I found that RPKI ROA and BGP prefix length c= an help against BGP hijacking attacks. I checked BGP prefix length and RPKI= ROA for first 10 IP addresses returned in `getnodeaddresses` in bitcoin co= re and it had vulnerable results. > > > > https://i.stack.imgur.com/KD7jH.png > > > > Has anyone written a detailed blog post or research article like nusenu= ? If not I would be interested to write one in next couple of weeks? > > Looking for some "technical" feedback, links if this was already discus= sed in past with some solutions. > > > > /dev/fd0 > > > > Sent with Proton Mail secure email. > > > > _______________________________________________ > > bitcoin-dev mailing list > > bitcoin-dev@lists.linuxfoundation.org > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev