1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
Return-Path: <alicexbt@protonmail.com>
Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
by lists.linuxfoundation.org (Postfix) with ESMTP id 03028C002D
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 5 Jul 2022 20:30:31 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp1.osuosl.org (Postfix) with ESMTP id BE19881AEA
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 5 Jul 2022 20:30:31 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org BE19881AEA
Authentication-Results: smtp1.osuosl.org;
dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com
header.a=rsa-sha256 header.s=protonmail3 header.b=hRPIK7I+
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URI_DOTEDU=0.001]
autolearn=ham autolearn_force=no
Received: from smtp1.osuosl.org ([127.0.0.1])
by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id axZlCzmJtGMd
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 5 Jul 2022 20:30:30 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org CE78981AD1
Received: from mail-40130.protonmail.ch (mail-40130.protonmail.ch
[185.70.40.130])
by smtp1.osuosl.org (Postfix) with ESMTPS id CE78981AD1
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 5 Jul 2022 20:30:29 +0000 (UTC)
Date: Tue, 05 Jul 2022 20:30:24 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=protonmail3; t=1657053026; x=1657312226;
bh=pESyCll7FT6MsMWZXMtceCSt8P6fYsPz+nhvyqqxMU0=;
h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To:
References:Feedback-ID:From:To:Cc:Date:Subject:Reply-To:
Feedback-ID:Message-ID;
b=hRPIK7I+EcLVnHt96gOtA8v33LnKeTl6hOYHUsdNB3ni4CEzSQdycTX5reJNQYCeP
wnRHvIuh6Fvz4laQ4W4y1IZzX8guKD3bGYJHwgvc448MM0w/lIAr2iPdfsZZGtIdJ3
ir/0A0lDqxL+PUqeRiUDb4fhWuSgQXXiEPYPkFOGbNzO7Rz/n0OXzf2itI3jA8MUZB
5M3AKPzco1OiDHmUE6+LPTVBsR8+3B6ZrFk4DvEp7BTkpoV2gmJz0TS5uwCYkrwuOn
Ytqg+rwYXv8FoHaYo6F20e04aG7gWPvpK/xYOo0g4mAYC6iEuQMhxl2tZSsjrBFciU
kphvMq2jf51BA==
To: Elias Rohrer <btcdevml@tnull.de>
From: alicexbt <alicexbt@protonmail.com>
Reply-To: alicexbt <alicexbt@protonmail.com>
Message-ID: <eF_rgj57EQkCwsazacWVA6XeLZHXJVAP7RUpHLCeBWOjEJ-L9RPYqQZ0HVzqxCEkWrGMp66qP_aEzugCJokvFHFhp4phrtwzogI-2CZxljA=@protonmail.com>
In-Reply-To: <31411E6C-B1BF-45B7-848A-0AC8ECDFFCB3@tnull.de>
References: <dEY4dMW9awXrHkDOv-V7OSpjaPXHONVAaCSQ63gq1lQN0jWqJfeSoB4zlAwTn5I7J2L_YmzwcL_O6SbY9MBPnG845D8wmkauQzXeaD7VykA=@protonmail.com>
<31411E6C-B1BF-45B7-848A-0AC8ECDFFCB3@tnull.de>
Feedback-ID: 40602938:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Wed, 06 Jul 2022 07:41:23 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] BGP hijacking on Bitcoin p2p network
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2022 20:30:32 -0000
Hi Elias,
Thanks for sharing the links.
I have also started working on a simple chrome extension which connects to =
local bitcoin core and checks IP address of all peers for prefix length and=
other things. I would highlight peers with different colors based on certa=
in things in this extension.
https://github.com/1440000bytes/bitcoin-core-extension
/dev/fd0
Sent with Proton Mail secure email.
------- Original Message -------
On Friday, June 10th, 2022 at 6:44 AM, Elias Rohrer <btcdevml@tnull.de> wro=
te:
> Hi alicexbt,
>
> Routing attacks have actually been studied quite a bit in literature.
>
> You may be interested in the research articles of Maria Apostolaki et al.=
[1,2], Muoi Tran et al.[3], and related works.
>
> Best,
>
> Elias
>
> 1: https://arxiv.org/pdf/1605.07524.pdf
> [2]: https://arxiv.org/pdf/1808.06254.pdf
> [3]: https://allquantor.at/blockchainbib/pdf/tran2020stealthier.pdf
>
> On 9 Jun 2022, at 20:24, alicexbt via bitcoin-dev wrote:
>
> > Hi Bitcoin Developers,
> >
> > Based on this answer from 2014, bitcoin nodes are vulnerable to BGP hij=
acking. There was an incident in March 2022, twitter prefix was hijacked an=
d details are shared in 2 blog posts:
> >
> > https://isc.sans.edu/diary/rss/28488
> >
> > https://www.manrs.org/2022/03/lesson-learned-twitter-shored-up-its-rout=
ing-security/
> >
> > 'nusenu' had written an article about Tor network being vulnerable to B=
GP hijacking attacks: https://nusenu.medium.com/how-vulnerable-is-the-tor-n=
etwork-to-bgp-hijacking-attacks-56d3b2ebfd92
> >
> > After doing some research I found that RPKI ROA and BGP prefix length c=
an help against BGP hijacking attacks. I checked BGP prefix length and RPKI=
ROA for first 10 IP addresses returned in `getnodeaddresses` in bitcoin co=
re and it had vulnerable results.
> >
> > https://i.stack.imgur.com/KD7jH.png
> >
> > Has anyone written a detailed blog post or research article like nusenu=
? If not I would be interested to write one in next couple of weeks?
> > Looking for some "technical" feedback, links if this was already discus=
sed in past with some solutions.
> >
> > /dev/fd0
> >
> > Sent with Proton Mail secure email.
> >
> > _______________________________________________
> > bitcoin-dev mailing list
> > bitcoin-dev@lists.linuxfoundation.org
> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
|
