1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <neil@asdf.co.nz>) id 1XCbW1-00070C-7I
for bitcoin-development@lists.sourceforge.net;
Wed, 30 Jul 2014 21:34:29 +0000
X-ACL-Warn:
Received: from mail-ob0-f172.google.com ([209.85.214.172])
by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1XCbVz-0005oL-Ol
for bitcoin-development@lists.sourceforge.net;
Wed, 30 Jul 2014 21:34:29 +0000
Received: by mail-ob0-f172.google.com with SMTP id wn1so962642obc.3
for <bitcoin-development@lists.sourceforge.net>;
Wed, 30 Jul 2014 14:34:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc:content-type;
bh=sUpFFOMqrMPRb6gQBVIi75D4HWQzA05luadPNmOitZw=;
b=SroLHPLEXjzW2Ks6kInBRY3KKZX7tpOTC3WkMVj3vQhfs+lJWZnml1ifbCHvZiPWIC
UjaiMW6iuupQAn7K2bSuMvrZVAlh6ibsyVyrJY8a8wK96Q15eEUcDeCi1R51LqWfHF3+
OvBrGexZzfSp07DuDlxaDZUkd0BdsgBx3uroZ7CuzOqhaYQL/zXhGr58F8Z22/bcyqSu
fiQ4wEVL6MJ6QDixMwvcdHk8VXzKjOTdeeeOfq5NXQDpVmZ9aHKyxz1AjIQhwRcr8VLL
LEY+B4wfZykQ37Rc5vqpk1ywpYq7zA1SUkQklmq1Z/KHAE0m0WH4rtlrou03KzTNzb4z
1LXA==
X-Gm-Message-State: ALoCoQketWKr43iV4gZ0jrwYcb6wwmmbMhilMCg8eW/r+zfqRs4cjP1d6B5tdEstk/fXC31v2Tf0
X-Received: by 10.182.114.131 with SMTP id jg3mr9847906obb.9.1406754251715;
Wed, 30 Jul 2014 14:04:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.168.34 with HTTP; Wed, 30 Jul 2014 14:03:31 -0700 (PDT)
X-Originating-IP: [202.56.47.34]
In-Reply-To: <CAPg+sBhmkcW-7TYQ7TxAYvMsLrckcja+wPDow80a9Yoo1KdgMw@mail.gmail.com>
References: <CAJHLa0O1EP8aUn4KLbo3OvzjgVfF8onrMjNnkRAnuWHwbofWBQ@mail.gmail.com>
<CA+s+GJDUbm7Z9FeQr1otuEPXn0RRq+KL=kS3GJT3j3TeWz_n5Q@mail.gmail.com>
<CAPg+sBhmkcW-7TYQ7TxAYvMsLrckcja+wPDow80a9Yoo1KdgMw@mail.gmail.com>
From: Neil Fincham <neil@asdf.co.nz>
Date: Thu, 31 Jul 2014 09:03:31 +1200
Message-ID: <CAH+ZByEFqBmUvA_ZO_8MzaYvfUopHY1x=rGaMeq8fL4_2q1uJg@mail.gmail.com>
To: Pieter Wuille <pieter.wuille@gmail.com>
Content-Type: multipart/alternative; boundary=001a11c2e39675c81404ff6f7fbf
X-Spam-Score: 1.0 (+)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
1.0 HTML_MESSAGE BODY: HTML included in message
X-Headers-End: 1XCbVz-0005oL-Ol
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Abusive and broken bitcoin seeders
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2014 21:34:29 -0000
--001a11c2e39675c81404ff6f7fbf
Content-Type: text/plain; charset=UTF-8
I am also seeing these quite bit on my p2pool box.
Right now it is just a bit of (mostly) harmless spam but in the future I
can see this kind of thing being used in DDOS attacks and "deep scans" to
gather information to be used to harm the bitcoin network. We could easily
block them but then they would just start to spoof regular clients.
We cannot even authenticate them by asking something that only a full
client would know because that would catch out clients sync'ing the
blockchain and SPV clients.
I suspect it is something that is going to have to be dealt with in the
future (I just don't know how yet). We could start by dropping connections
that send incorrect information (IP addresses of 0.0.0.0 or our own IP).
Neil
On 31 July 2014 01:57, Pieter Wuille <pieter.wuille@gmail.com> wrote:
> At least my crawler (bitcoin-seeder:0.01) software shouldn't reconnect
> more frequently than once every 15 minutes. But maybe the two
> connections you saw were instances?
>
> On Wed, Jul 30, 2014 at 3:50 PM, Wladimir <laanwj@gmail.com> wrote:
> >> The version message helpfully tells me my own IP address but not theirs
> ;p
> >
> > Try -logips. Logging peer IPs was disabled by default after #3764.
> >
> > BTW I'm seeing the same abusive behavior. Who is running these? Why do
> > the requests need to be so frequent?
> >
> > Wladimir
> >
> >
> ------------------------------------------------------------------------------
> > Infragistics Professional
> > Build stunning WinForms apps today!
> > Reboot your WinForms applications with our WinForms controls.
> > Build a bridge from your legacy apps to the future.
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Bitcoin-development mailing list
> > Bitcoin-development@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
> ------------------------------------------------------------------------------
> Infragistics Professional
> Build stunning WinForms apps today!
> Reboot your WinForms applications with our WinForms controls.
> Build a bridge from your legacy apps to the future.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
--001a11c2e39675c81404ff6f7fbf
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">I am also seeing these quite bit on my p2pool box.<div><br=
></div><div>Right now it is just a bit of (mostly) harmless spam but in the=
future I can see this kind of thing being used in DDOS attacks and "d=
eep scans" to gather information to be used to harm the bitcoin networ=
k. =C2=A0We could easily block them but then they would just start to spoof=
regular clients.</div>
<div><br></div><div>We cannot even authenticate them by asking something th=
at only a full client would know because that would catch out clients sync&=
#39;ing the blockchain and SPV clients.</div><div><br></div><div>I suspect =
it is something that is going to have to be dealt with in the future (I jus=
t don't know how yet). =C2=A0We could start by dropping connections tha=
t send incorrect information (IP addresses of 0.0.0.0 or our own IP).</div>
<div><br></div><div>Neil</div></div><div class=3D"gmail_extra"><br><br><div=
class=3D"gmail_quote">On 31 July 2014 01:57, Pieter Wuille <span dir=3D"lt=
r"><<a href=3D"mailto:pieter.wuille@gmail.com" target=3D"_blank">pieter.=
wuille@gmail.com</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">At least my crawler (bitcoin-seeder:0.01) so=
ftware shouldn't reconnect<br>
more frequently than once every 15 minutes. But maybe the two<br>
connections you saw were instances?<br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
On Wed, Jul 30, 2014 at 3:50 PM, Wladimir <<a href=3D"mailto:laanwj@gmai=
l.com">laanwj@gmail.com</a>> wrote:<br>
>> The version message helpfully tells me my own IP address but not t=
heirs ;p<br>
><br>
> Try -logips. Logging peer IPs was disabled by default after #3764.<br>
><br>
> BTW I'm seeing the same abusive behavior. Who is running these? Wh=
y do<br>
> the requests need to be so frequent?<br>
><br>
> Wladimir<br>
><br>
> ----------------------------------------------------------------------=
--------<br>
> Infragistics Professional<br>
> Build stunning WinForms apps today!<br>
> Reboot your WinForms applications with our WinForms controls.<br>
> Build a bridge from your legacy apps to the future.<br>
> <a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D153845071&a=
mp;iu=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.ne=
t/gampad/clk?id=3D153845071&iu=3D/4140/ostg.clktrk</a><br>
> _______________________________________________<br>
> Bitcoin-development mailing list<br>
> <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-d=
evelopment@lists.sourceforge.net</a><br>
> <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-develo=
pment" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitco=
in-development</a><br>
<br>
---------------------------------------------------------------------------=
---<br>
Infragistics Professional<br>
Build stunning WinForms apps today!<br>
Reboot your WinForms applications with our WinForms controls.<br>
Build a bridge from your legacy apps to the future.<br>
<a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D153845071&iu=
=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam=
pad/clk?id=3D153845071&iu=3D/4140/ostg.clktrk</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</div></div></blockquote></div><br></div>
--001a11c2e39675c81404ff6f7fbf--
|