|
Title: netstat -> crawl-88-198-62-1:17343 on port 8333 Post by: Nite69 on February 15, 2014, 01:38:16 PM Interesting.. I currently don't have bitcoin client running, but when I do netstat, I see a lot of connections to bitcoin port, and majority of them seems to be from a DNS starting with "crawl-". Some kind of DDNS attack? Of course, since thetre is nothing runinng, most of them is in a close-wait state.
Similar experiences? Edit: Some more info; actually I *did* have bitcoin-qt running. Sometimes when I exit, it just leaves the process on. And seems like it works as a honeypot at that stage :-\ After I killed the bitcoin-qt process, all the (jammed) connections disappeared. Title: Re: netstat -> crawl-88-198-62-1:17343 on port 8333 Post by: murkster on February 16, 2014, 09:45:59 AM From my limited experience host names that begin with crawl are from search engines?
Some development to map the bitcoin distributed network? Seems odd to have a lot of 'random' IPs with a crawl prefix?? (Did you perform an whois on any?) As long as they got closed when the client (stuck in background) closed all is ok for your system. Interesting though.... Cheers... Just did a goog on the address, check this. Bitnodes.io/dashboard Title: Re: netstat -> crawl-88-198-62-1:17343 on port 8333 Post by: Nite69 on February 16, 2014, 12:20:08 PM Yes, they seemed to be from bitnodes.io. I currently have a couple of bitnodes.io connections also on.
But why they were the only one to stay when bitcoin-qt was jammed? Not a normal bitcoin client? Also they seems to have *a lot* of connections. Well, this is not an accusation, but if I were to use malleability hack, I would, of course, have a lot of connections. Hmm.. maybe I would not have them under the same dns host :-\ Title: Re: netstat -> crawl-88-198-62-1:17343 on port 8333 Post by: murkster on February 18, 2014, 10:09:43 AM Good point, something to keep an eye on.
thanks for making us aware.. :) M.... Title: Re: netstat -> crawl-88-198-62-1:17343 on port 8333 Post by: Nite69 on February 19, 2014, 10:33:21 AM Lol, maybe this is just a very clever commercial from bitnodes.io :-D
Title: Re: netstat -> crawl-88-198-62-1:17343 on port 8333 Post by: disclosure on February 25, 2014, 12:06:50 PM I believe this is coming from my crawler for http://getaddr.bitnodes.io/. The crawler is a custom Python script developed to get an estimate of the size of the Bitcoin network at any one time. It simply sends getaddr message recursively to all reachable nodes in the network and keeps the connection active using ping message. The crawler should only maintain 1 OPEN state connection with your node. From your post, it seems like you are seeing multiple CLOSE_WAIT between your node and the crawler after you have closed your Bitcoin-Qt? Do you mind sending me a PM of the list of related CLOSE_WAIT so I can check on this further?
Title: Re: netstat -> crawl-88-198-62-1:17343 on port 8333 Post by: Nite69 on March 07, 2014, 11:17:01 AM I believe this is coming from my crawler for http://getaddr.bitnodes.io/. The crawler is a custom Python script developed to get an estimate of the size of the Bitcoin network at any one time. It simply sends getaddr message recursively to all reachable nodes in the network and keeps the connection active using ping message. The crawler should only maintain 1 OPEN state connection with your node. From your post, it seems like you are seeing multiple CLOSE_WAIT between your node and the crawler after you have closed your Bitcoin-Qt? Do you mind sending me a PM of the list of related CLOSE_WAIT so I can check on this further? I don't have the list any more.. but it is related to some bug on the bitcoin-qt. Sometimes when I quit, it seems to quit but leaves a process running. If I kill the process, it will close all sockets just as it should. Maybe the zombie bitcoin-qt process stays listening to sockets, but does not reply when a connection is made? |