Bitcoin Forum

Just received an email from AT&T stating an IP I was using is suspected of being part of a botnet because of the irc activity. I don't fully understand the irc bootstrapping part. Can someone explain it? What should I tell them?

Tell them nothing?

The bitcoin client just use irc to find some nodes and connect with them, much quicker than having to search for nodes using the normal p2p system.

After that it of course find other nodes with the normal system and of course the client would work without the irc bootstrap but would take more time to find nodes when you launch it.

Anyway, it's perfectly legal, so not your problem what they suspect

Just be honest:  Tell them that open source project Bitcoin uses IRC for P2P network bootstrapping.

You can disable this with -noirc.

Thank you jgarzik, I did not know of the -noirc option.

Gabi, I can't tell them nothing or they may suspend my internet services. I know bitcoin isnt illegal, I just wanted to be as discrete as possible.

I don't usually leave any *coin clients running except lately as I've been solo-mining *coins. I noticed when I first started using bitcoin or any coin that my modem's firewall log gets flooded with port scan activity. It makes it hard to know when I actually am being scanned and not just from bitcoin. No other application does this.

EDIT: just tested the -noirc option and it works perfect thanks!

Are you sure it's just bitcoin traffic that set off this alarm?

My understanding is that the client makes one quick IRC request when it starts up, and that's it.  So unless you're starting up bitcoin thousands of times a day, it seems strange that you would trigger a bot-net alert, and stranger that no-one else with AT&T has reported the same problem.

glad my isp don't care about anything, bandwidth limits, servers, i just love them :D.

Can't you use another internet service provider? Maybe one that doesn't check how many times you use irc?

Bitcoin stays connected to IRC.

There are no other providers here or I would consider switching. My bandwith is not capped or limited by them in anyway. That only applies to certain customers. This is from bitcoin traffic. I am not part of a botnet or do anything that would resemble that. The last few days or weeks actually, I have started using multiple clients from all the other forks and have been opening/closing them a lot. And have been solo-mining i0coins on and off a lot switching back and forth based on difficulty and profit.

Really? We're in our last month of warnings for bandwidth overages (house full of habitual Netflix/Steam users) before we switch to another provider. I didn't know AT&T had any offerings that we're bandwidth quota'd.

AT&T haven't bugged me about it, but I think I have noirc in my configs anyway. Once you've run it the first time, unless you leave it offline a while it'll probably get back on the network fine.

If you're setting up a client from scratch and have any concerns about the IRC issue, you can, in addition to using -noirc to stop connection, use the -addnode switch along with one of the fallback nodes listed on the Bitcoin wiki to get yourself a bootstrap list of addresses to connect to for the block chain. This can also get you back on if you are trying to use -noirc despite not having connected in ages.

You only need to be able to connect to one static node to find other static and dynamic nodes and end up well-connected.

I have it figured out now and adjusted my configs. I think I understand the IRC part better now. If AT&T responds with anything I will post back.

Got the same e-mail from the a**-holes at AT&T.  The only option that they give me in their email is to acknowledge an "infection" and that I will deal with it.

Thanks jgarzik for the advice on how to disable use of IRC.

This is the bullshit that happens when companies have no idea that technology has legitimate uses. If the RIAA had their way, they would ban the internet.

Don't forget recordable media. Because we all know RIAA is about to go to bankrupt because blank CD-Rs exist. :P

Reply:  "Thank you for your concern.  I have taken care of the problem."

It's not even lying, really.  -noirc takes care of the problem.  :)


You may want to run bitcoin through TOR or another encrypting proxy if you don't want AT&T nosing around in your affairs.

never was a problem

if at&t thinks bitcoin is slowing down their network, then they need some serious help.

Why he should use -noirc? The irc bootstrapping is totally legal. I doubt they can force you to disable it, contact a lawyer... ::)

But you guys sure have weird internet service provider. Bandwidth problems? I have my connection, 7megabit download and 1megabit upload and i can use it as i wish, 24/24, forever.

AT&T isn't the only ISP that does this, I've seen time warner do it in many markets, and I've seen smaller mom and pop ISPs do it back in the day.

They are not spying on the connections (they just hand it all over to the NSA for that ;) ).

To be honest I am glad they have these automated systems looking for common bot nets. There are many users (not the OP) who NEED to be told when their machines have been compromised or they will never know.

He can simply reply to them letting them know that his machine is not knowingly compromised and that connection is indeed authorized from him. They saw what looked like a botnet fingerprint and warned him... the reason why they want a reply is so they CAN shut it down if they get none (aka noone is home/bogus account/etc)... would you rather they just let a ton of DOS attacks originate from their users?

You can also place:
noirc=1
in your bitcoin.conf if you don't want to use the command line option.

i think there needs to be a court ruling that deals with all these rouge isps in the US.

forbid monitoring any lines, just like phone tapping(although they happen too)
no limits or reasonable bandwidth limits (i think 500 or 600gb is fair for a 20megabit line, lets be honest here, 300 gigs is silly, and can be easily met.)
allow customers to run anything they like on their connections, whether it be servers or bitcoin or BT, as long as its legal.
does that silly law still exist where you cant import/export certain cryptography outside the US? they have no place to make these decisions.