Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Merits 1 from 1 user
Re: Sipa what have you done ?
by
jonas.schnelli
on 12/07/2015, 20:34:01 UTC
⭐ Merited by ABCbits (1)
Yes. I'm talking about sipas public dns seeder (https://github.com/sipa/bitcoin-seeder).

I had to pragmatically change the function CNetAddr::IsReserved() to:

Code:
bool CNetAddr::IsReserved() const
{
  return IsIPv4() && (
                      GetByte(3) == 1 ||
                      (GetByte(3) == 192 && GetByte(2) >= 70) ||
                      (GetByte(3) == 200 && GetByte(2) == 1 && GetByte(1) == 1) ||
                      (GetByte(3) == 220 && GetByte(2) == 152 && GetByte(1) == 162) ||
                      GetByte(3) == 25 ||
                      GetByte(3) == 89 ||
                      GetByte(3) == 51 ||
                      GetByte(3) == 220 ||
                      GetByte(3) == 9 ||
                      GetByte(3) == 254 ||
                      GetByte(3) == 255 );
}

Hetzner (the datacenter provider) was informing me about some detected unallowed netscans:

Code:
##########################################################################
#               Netscan detected from host    176.9.45.239               #
##########################################################################

time                protocol src_ip src_port          dest_ip dest_port
---------------------------------------------------------------------------
Sun May 10 07:22:22 2015 TCP    176.9.45.239 44590 =>    252.0.25.152 18333
Sun May 10 07:22:23 2015 TCP    176.9.45.239 44590 =>    252.0.25.152 18333
Sun May 10 07:22:25 2015 TCP    176.9.45.239 44590 =>    252.0.25.152 18333
Sun May 10 07:15:54 2015 TCP    176.9.45.239 42666 =>    9.45.203.212 9333
...

Because the crawler/seeder uses getaddr it might retrieve IPs from a non-routable range.
So it very likely that a host running sipas seeder might be seen as botnet or server/IP that acts like a botnet controller.