public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Jeremy <jlrubin@MIT.EDU>
To: Jeremy <jlrubin@mit.edu>, btcsf@omni.poc.net
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>, alex@stamos.org
Subject: Re: [Bitcoin-development] Abnormally Large Tor node accepting only Bitcoin traffic
Date: Sun, 27 Jul 2014 22:17:19 -0400	[thread overview]
Message-ID: <CAD5xwhhf=RPXaF-zztUcnfM7st7g0yVG=pREWBLKxkZEgUA_Ug@mail.gmail.com> (raw)
In-Reply-To: <CAD5xwhhKKooGBfSY3nZzMmS=3WD=EdX9FQ7mZtQL3fkikuwyLg@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 969 bytes --]

Credit to Anatole Shaw for discovering.


On Sun, Jul 27, 2014 at 10:12 PM, Jeremy <jlrubin@mit.edu> wrote:

> Hey,
>
> There is a potential network exploit going on. In the last three days, a
> node (unnamed) came online and is now processing the most traffic out of
> any tor node -- and it is mostly plaintext Bitcoin traffic.
>
>
> http://torstatus.blutmagie.de/router_detail.php?FP=0d6d2caafbb32ba85ee5162395f610ae42930124
>
> Alex Stamos (cc'ed) and I have been discussing on twitter what this could
> mean, wanted to raise it to the attention of this group for discussion.
>
> What we know so far:
>
> - Only port 8333 is open
> - The node has been up for 3 days, and is doing a lot of bandwidth, mostly
> plaintext Bitcoin traffic
> - This is probably pretty expensive to run? Alex suggests that the most
> expensive server at the company hosting is 299€/mo with 50TB of traffic
>
>
> --
> Jeremy Rubin
>



-- 
Jeremy Rubin

[-- Attachment #2: Type: text/html, Size: 2466 bytes --]

  reply	other threads:[~2014-07-28  2:17 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-07-28  2:12 [Bitcoin-development] Abnormally Large Tor node accepting only Bitcoin traffic Jeremy
2014-07-28  2:17 ` Jeremy [this message]
2014-07-28  2:29 ` Gregory Maxwell
2014-07-28  2:40 ` Peter Todd
2014-07-28  2:45   ` Gregory Maxwell
2014-07-28  2:49     ` Michael Wozniak
2014-07-28  2:54       ` mbde
2014-07-28  3:44         ` Gregory Maxwell
2014-07-28  7:41           ` Drak
2014-07-28 10:16           ` Mike Hearn
2014-07-28 11:28             ` Peter Todd
2014-07-28 12:31               ` Robert McKay
2014-07-28 14:08                 ` Gregory Maxwell
2014-07-28 16:13                   ` s7r
2014-07-28 11:37           ` s7r
2014-07-28  3:13       ` Robert McKay
2014-07-28  3:07     ` Gregory Maxwell
2014-07-28  3:12 Anatole Shaw

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAD5xwhhf=RPXaF-zztUcnfM7st7g0yVG=pREWBLKxkZEgUA_Ug@mail.gmail.com' \
    --to=jlrubin@mit.edu \
    --cc=alex@stamos.org \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=btcsf@omni.poc.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox