Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: Any reason to allow multiple incoming connections from same peer?
by
zvs
on 01/09/2014, 11:38:21 UTC
Quote from: wumpus on September 01, 2014, 11:20:51 AM
I've noticed this as well, collected some information here:
https://gist.github.com/laanwj/2a89da909bf161c7e4c2

* It appears that all the hosts are from Linode, and that they open multiple connections (about 5-6)
* They claim NODE_NETWORK, but none of them has a sync height, so they're not actually requesting blocks (and will probably also not respond to getblocks requests, although I haven't tried)
* I've enabled verbose logging for them, and from what I've seen they don't ever emit any commands apart from pong and version. They just listen for invs.
* They do not accept incoming connections at least on the standard ports.


Yeah, I noticed that also, w/ tcpdump.  Doesn't seem *especially* malicious, though I assume it has an impact on the 'anonymity' of it all. 

At least it's not like those 'BQS' or other randoms that spam out the:

2014-08-27 16:16:47 ProcessMessages(ping, 0 bytes) : Exception 'CDataStream::read() : end of data' caught, normally caused by a message being shorter than its stated length
2014-08-27 16:16:47 ProcessMessage(ping, 0 bytes) FAILED peer=1124
2014-08-27 16:25:49 ProcessMessages(ping, 0 bytes) : Exception 'CDataStream::read() : end of data' caught, normally caused by a message being shorter than its stated length
2014-08-27 16:25:49 ProcessMessage(ping, 0 bytes) FAILED peer=1124
2014-08-27 16:34:50 ProcessMessages(ping, 0 bytes) : Exception 'CDataStream::read() : end of data' caught, normally caused by a message being shorter than its stated length
2014-08-27 16:34:50 ProcessMessage(ping, 0 bytes) FAILED peer=1124
2014-08-27 16:43:51 ProcessMessages(ping, 0 bytes) : Exception 'CDataStream::read() : end of data' caught, normally caused by a message being shorter than its stated length
2014-08-27 16:43:51 ProcessMessage(ping, 0 bytes) FAILED peer=1124

Either way, someone must be monitoring them.... since it took about an hour for activity to resume once I removed my firewall & they have stopped attempting to connect to my IP now after about an hour of having a constant tcpkill going, which I'm going to stop now..

I went ahead and just limited 8333 to one connection per IP, but they could still connect 11 times.

It was;

178.79.154.55
106.186.114.132
66.228.48.107
106.187.41.230
106.185.29.252
212.71.232.172
69.164.193.247
198.58.100.65
178.79.136.72
106.187.41.230
23.239.28.53

all Linode