1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <bitcoin-list@bluematt.me>) id 1Y2RSR-0002rh-8V
for bitcoin-development@lists.sourceforge.net;
Sat, 20 Dec 2014 21:21:03 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of bluematt.me
designates 192.241.179.72 as permitted sender)
client-ip=192.241.179.72; envelope-from=bitcoin-list@bluematt.me;
helo=mail.bluematt.me;
Received: from mail.bluematt.me ([192.241.179.72])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.76) id 1Y2RSP-00038r-Vn
for bitcoin-development@lists.sourceforge.net;
Sat, 20 Dec 2014 21:21:03 +0000
Received: from [172.17.0.2] (gw.vpn.bluematt.me [162.243.132.6])
by mail.bluematt.me (Postfix) with ESMTPSA id F180B5187C
for <bitcoin-development@lists.sourceforge.net>;
Sat, 20 Dec 2014 21:20:55 +0000 (UTC)
Message-ID: <5495E835.2080802@bluematt.me>
Date: Sat, 20 Dec 2014 21:20:53 +0000
From: Matt Corallo <bitcoin-list@bluematt.me>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: bitcoin-development@lists.sourceforge.net
References: <CAB2qGxXDtxWxyLUCEZ9XQ4nP0U-Cj5Xiz9ac=vot1H+wzRCHrA@mail.gmail.com> <54953A11.1060202@bluematt.me> <20141220100816.GD7902@giles.gnomon.org.uk>
<op.xq5yue2cyldrnw@laptop-air>
In-Reply-To: <op.xq5yue2cyldrnw@laptop-air>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
X-Headers-End: 1Y2RSP-00038r-Vn
Subject: Re: [Bitcoin-development] Area of Focus
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sat, 20 Dec 2014 21:21:03 -0000
Well, some ISPs, when they see an IP address serving malware, will
(apparently) simply replace DNS results for anything returning that IP
with a warning page.
One solutions is to just blindly block everything with HTTP(S), as
Christian has done, but this is a rather ugly solution, since many
perfectly good nodes will get caught in the crossfire. Hiding what
actual IPs we're returning in the results seems much cleaner, despite
being an ugly hack.
On 12/20/14 11:14, Jeremy Spilman wrote:
> On Sat, Dec 20, 2014 at 08:57:53AM +0000, Matt Corallo wrote:
>>> There was recently some discussion around dnsseeds. Currently some
>>> dnsseeds are getting blocked by ISPs because the hosts they pick up
>>> (which run bitcoin core nodes) often run rather web servers alongside
>>> which serve malware or whatever else and thus end up on IP-based malware
>>> blacklists.
>
> On Sat, 20 Dec 2014 02:08:17 -0800, Roy Badami <roy@gnomon.org.uk> wrote:
>> Why would we want to have anything to do with people who are hosting
>> malware? Or do I misunderstand?
>
> It sounds like Matt is saying the nodes the dnsseed is pointing to as
> valid full nodes, that those IPs are hosting the malware. Since the
> dnsseed picks up any stable nodes it can find without auditing, it's
> perhaps not surprising some servers in the world are running a full node
> and a malware server together.
>
> I guess what confused me about this though, how are ISPs reading the
> dnsseed's node list, scanning *those* IPs for malware, and then ending up
> blocking the dnsseed? Seems like a pretty winding path to end up blocking
> a DNS server?
>
> Since when do ISPs null-route a DNS server for happening to resolve some
> domains to IPs which happen to also be hosting some malware? Null-route
> those endpoint IPs sure, but the DNS server too? I guess there was that
> incident of Microsoft taking over No-IP.com -- are dnsseeds being blocked
> ostensibly because they are acting as dyanamic DNS infrastructure for
> malware sites?
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
|
