From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XCbW1-00070C-7I for bitcoin-development@lists.sourceforge.net; Wed, 30 Jul 2014 21:34:29 +0000 X-ACL-Warn: Received: from mail-ob0-f172.google.com ([209.85.214.172]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XCbVz-0005oL-Ol for bitcoin-development@lists.sourceforge.net; Wed, 30 Jul 2014 21:34:29 +0000 Received: by mail-ob0-f172.google.com with SMTP id wn1so962642obc.3 for ; Wed, 30 Jul 2014 14:34:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=sUpFFOMqrMPRb6gQBVIi75D4HWQzA05luadPNmOitZw=; b=SroLHPLEXjzW2Ks6kInBRY3KKZX7tpOTC3WkMVj3vQhfs+lJWZnml1ifbCHvZiPWIC UjaiMW6iuupQAn7K2bSuMvrZVAlh6ibsyVyrJY8a8wK96Q15eEUcDeCi1R51LqWfHF3+ OvBrGexZzfSp07DuDlxaDZUkd0BdsgBx3uroZ7CuzOqhaYQL/zXhGr58F8Z22/bcyqSu fiQ4wEVL6MJ6QDixMwvcdHk8VXzKjOTdeeeOfq5NXQDpVmZ9aHKyxz1AjIQhwRcr8VLL LEY+B4wfZykQ37Rc5vqpk1ywpYq7zA1SUkQklmq1Z/KHAE0m0WH4rtlrou03KzTNzb4z 1LXA== X-Gm-Message-State: ALoCoQketWKr43iV4gZ0jrwYcb6wwmmbMhilMCg8eW/r+zfqRs4cjP1d6B5tdEstk/fXC31v2Tf0 X-Received: by 10.182.114.131 with SMTP id jg3mr9847906obb.9.1406754251715; Wed, 30 Jul 2014 14:04:11 -0700 (PDT) MIME-Version: 1.0 Received: by 10.76.168.34 with HTTP; Wed, 30 Jul 2014 14:03:31 -0700 (PDT) X-Originating-IP: [202.56.47.34] In-Reply-To: References: From: Neil Fincham Date: Thu, 31 Jul 2014 09:03:31 +1200 Message-ID: To: Pieter Wuille Content-Type: multipart/alternative; boundary=001a11c2e39675c81404ff6f7fbf X-Spam-Score: 1.0 (+) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1XCbVz-0005oL-Ol Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Abusive and broken bitcoin seeders X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2014 21:34:29 -0000 --001a11c2e39675c81404ff6f7fbf Content-Type: text/plain; charset=UTF-8 I am also seeing these quite bit on my p2pool box. Right now it is just a bit of (mostly) harmless spam but in the future I can see this kind of thing being used in DDOS attacks and "deep scans" to gather information to be used to harm the bitcoin network. We could easily block them but then they would just start to spoof regular clients. We cannot even authenticate them by asking something that only a full client would know because that would catch out clients sync'ing the blockchain and SPV clients. I suspect it is something that is going to have to be dealt with in the future (I just don't know how yet). We could start by dropping connections that send incorrect information (IP addresses of 0.0.0.0 or our own IP). Neil On 31 July 2014 01:57, Pieter Wuille wrote: > At least my crawler (bitcoin-seeder:0.01) software shouldn't reconnect > more frequently than once every 15 minutes. But maybe the two > connections you saw were instances? > > On Wed, Jul 30, 2014 at 3:50 PM, Wladimir wrote: > >> The version message helpfully tells me my own IP address but not theirs > ;p > > > > Try -logips. Logging peer IPs was disabled by default after #3764. > > > > BTW I'm seeing the same abusive behavior. Who is running these? Why do > > the requests need to be so frequent? > > > > Wladimir > > > > > ------------------------------------------------------------------------------ > > Infragistics Professional > > Build stunning WinForms apps today! > > Reboot your WinForms applications with our WinForms controls. > > Build a bridge from your legacy apps to the future. > > > http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk > > _______________________________________________ > > Bitcoin-development mailing list > > Bitcoin-development@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > ------------------------------------------------------------------------------ > Infragistics Professional > Build stunning WinForms apps today! > Reboot your WinForms applications with our WinForms controls. > Build a bridge from your legacy apps to the future. > > http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > --001a11c2e39675c81404ff6f7fbf Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I am also seeing these quite bit on my p2pool box.
Right now it is just a bit of (mostly) harmless spam but in the= future I can see this kind of thing being used in DDOS attacks and "d= eep scans" to gather information to be used to harm the bitcoin networ= k. =C2=A0We could easily block them but then they would just start to spoof= regular clients.

We cannot even authenticate them by asking something th= at only a full client would know because that would catch out clients sync&= #39;ing the blockchain and SPV clients.

I suspect = it is something that is going to have to be dealt with in the future (I jus= t don't know how yet). =C2=A0We could start by dropping connections tha= t send incorrect information (IP addresses of 0.0.0.0 or our own IP).

Neil


On 31 July 2014 01:57, Pieter Wuille <pieter.= wuille@gmail.com> wrote:
At least my crawler (bitcoin-seeder:0.01) so= ftware shouldn't reconnect
more frequently than once every 15 minutes. But maybe the two
connections you saw were instances?

On Wed, Jul 30, 2014 at 3:50 PM, Wladimir <laanwj@gmail.com> wrote:
>> The version message helpfully tells me my own IP address but not t= heirs ;p
>
> Try -logips. Logging peer IPs was disabled by default after #3764.
>
> BTW I'm seeing the same abusive behavior. Who is running these? Wh= y do
> the requests need to be so frequent?
>
> Wladimir
>
> ----------------------------------------------------------------------= --------
> Infragistics Professional
> Build stunning WinForms apps today!
> Reboot your WinForms applications with our WinForms controls.
> Build a bridge from your legacy apps to the future.
> http://pubads.g.doubleclick.ne= t/gampad/clk?id=3D153845071&iu=3D/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-d= evelopment@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitco= in-development

---------------------------------------------------------------------------= ---
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gam= pad/clk?id=3D153845071&iu=3D/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment

--001a11c2e39675c81404ff6f7fbf--