Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Merits 27 from 6 users
Re: Loads of fake peers advertised on bitcoin network
by
vasild
on 14/07/2021, 11:07:54 UTC
⭐ Merited by ETFbitcoin (9) ,piotr_n (5) ,o_e_l_e_o (4) ,NotATether (3) ,Coding Enthusiast (3) ,DdmrDdmr (3)
Quote from: piotr_n on July 13, 2021, 03:13:17 PM
What is the core's algorithm for selecting addresses to return after receiving getaddr request?

It starts from here:
https://github.com/bitcoin/bitcoin/blob/531c2b7c04898f5a2097f44e8c12bfb2f53aaf9b/src/net_processing.cpp#L3681

Quote from: piotr_n on July 13, 2021, 03:13:17 PM
Does it only pick those from the "tried" buckets?

No. But it deliberately avoids addresses it has tried to connect without success and some other "terrible" ones:
https://github.com/bitcoin/bitcoin/blob/531c2b7c04898f5a2097f44e8c12bfb2f53aaf9b/src/addrman.cpp#L46
called from here:
https://github.com/bitcoin/bitcoin/blob/531c2b7c04898f5a2097f44e8c12bfb2f53aaf9b/src/addrman.cpp#L571
`vRandom` contains all addresses, both "new" and "tried".

Quote from: piotr_n on July 13, 2021, 03:13:17 PM
Same for sending spontaneous addr messages: does it have to "try" it first, before it can route a new addr to its peeers?
I am not completely sure, but it seems like I'm getting (most of) those fake addresses from a legit bitcoin core peers.
I have a suspicion that because of the algorithm bitcoin core uses for routing new addresses, it's somehow facilitating this problem.

Here is what happens when an `addr` message is received:
https://github.com/bitcoin/bitcoin/blob/531c2b7c04898f5a2097f44e8c12bfb2f53aaf9b/src/net_processing.cpp#L2753
under some conditions, every address from the `addr` message is relayed to ~2 other, random peers:
https://github.com/bitcoin/bitcoin/blob/531c2b7c04898f5a2097f44e8c12bfb2f53aaf9b/src/net_processing.cpp#L2801

No attempt is made to verify that a bitcoin client is listening on that address by connecting to it. That would be too slow and create another problem - DoS by sending the victim's address to e.g. 10k bitcoin nodes, all of them rushing immediately to verify if somebody is listening there. Also, it could be that the address is of a legit node, which is just shut down temporarily.

Quote from: ETFbitcoin on July 13, 2021, 11:16:05 AM
You shouldn't assume everyone use Bitcoin Core. OP is developer of alternative full node client, so it's likely he's talking about his gocoin node.

I don't. I assumed it is Bitcoin Core because the post reads like "I have 700k addresses ... does Bitcoin Core have limit...". Thanks for the clarification!