|
Title: IRC channel - single point of failure? Post by: ryukafalz on May 18, 2011, 12:37:34 AM Alright, so I'm excited at the possibilities Bitcoin offers (and I'll be holding on to my meager 4.5 bitcoins) but I've noticed something that few people seem to talk about. Isn't the IRC channel used for bootstrapping a single point of failure? Wouldn't the loss of this channel result in an inability for new clients to connect? I can see the advantages of having a distributed, peer to peer system, but from what I can tell... Bitcoin isn't entirely distributed.
Especially... what happens if the IRC channel gets hijacked? If the hijacker can control which clients can connect and which can't... well, they don't necessarily need to have more power than the entire network if they control which machines make up the network, right? I don't know much about how the software works, but these are just a few concerns I have about the system. EDIT: Question #1 (loss of connectivity) has been addressed. I'm still curious about question #2 (malicious IRC channel). Title: Re: IRC channel - single point of failure? Post by: theboos on May 18, 2011, 12:55:22 AM I asked a variation of this here: http://forum.bitcoin.org/index.php?topic=4072 (http://forum.bitcoin.org/index.php?topic=4072)
Title: Re: IRC channel - single point of failure? Post by: ryukafalz on May 18, 2011, 01:01:21 AM Ah, so there are hardcoded nodes... that answers one question, thank you. As long as the list of reliable nodes is kept up to date with each version, well, that's really the best you can do, I suppose.
Derp, should've read the FAQ a bit more closely. I'd still like to know what sort of damage someone in control of the IRC channel could do, though... if anyone knows... Title: Re: IRC channel - single point of failure? Post by: MoonShadow on May 18, 2011, 01:03:23 AM Alright, so I'm excited at the possibilities Bitcoin offers (and I'll be holding on to my meager 4.5 bitcoins) but I've noticed something that few people seem to talk about. Isn't the IRC channel used for bootstrapping a single point of failure? Wouldn't the loss of this channel result in an inability for new clients to connect? No. At worst, the loss of the IRC channel would delay the bootstrapping of a new client, but not prevent it. Any client that has already bootstrapped successfully would not need access to IRC in any case. I've personally tested this, because when I am at work, IRC is blocked by my employer's firewall. The IRC channel provides quick access to peer discovery, but there is a built in default list of persistant clients to attempt a connection to if IRC isn't accessible, and once a client is bootstrapped it keeps a record of past connections and can search through those for viable peers upon restart. Also, if IRC is blocked and the entire built-in list of peers is blocked or hacked, the client can be started with a switch to connect to any other peer that the IP address is known. Which would permit existing users to post IP addresses for bootstrapping on any Internet forum such as this one, and create a set of moving targets for the attackers to pursue. Title: Re: IRC channel - single point of failure? Post by: theymos on May 18, 2011, 01:09:45 AM I wonder if whoever controls IRC could fill all nodes' peer tables with junk IP addresses.
Title: Re: IRC channel - single point of failure? Post by: Stephen Gornick on May 18, 2011, 01:11:06 AM Isn't the IRC channel used for bootstrapping a single point of failure? Wouldn't the loss of this channel result in an inability for new clients to connect? A new client installation attempts to bootstrap from IRC but if that fails, then a hard-coded list of seed nodes in the client is used. Additionally, there is a -dnsseed command line argument which causes bitcoin to read P2P node addresses from DNS A records retrieved via lookups against a precompiled list of DNS names. - http://forum.bitcoin.org/?topic=4313.0 (http://forum.bitcoin.org/?topic=4313.0) A vulnerability from "cancer nodes" is described here: - http://en.bitcoin.it/wiki/Weaknesses#Cancer_nodes (http://en.bitcoin.it/wiki/Weaknesses#Cancer_nodes) Title: Re: IRC channel - single point of failure? Post by: Stephen Gornick on May 18, 2011, 01:17:28 AM As long as the list of reliable nodes is kept up to date with each version, I don't know if that's been updated since 0.3.20. There's a scapy script that can be used (after updating with a current list from the net.cpp source) to test: http://github.com/bitcoin/bitcoin/issues/22 (http://github.com/bitcoin/bitcoin/issues/22) Title: Re: IRC channel - single point of failure? Post by: ryukafalz on May 18, 2011, 01:23:48 AM Does an existing client installation (one that has already bootstrapped from the IRC channel) ever reconnect to IRC?
Title: Re: IRC channel - single point of failure? Post by: MoonShadow on May 18, 2011, 03:18:08 AM Does an existing client installation (one that has already bootstrapped from the IRC channel) ever reconnect to IRC? Unless you are using a "shy" client, one modified to not use IRC and be otherwise cautious about accepting new connections, then yes; the vanillia client will attempt to announce it's own IP address on the IRC channel so that other peers can easily find it. I'm pretty sure that a "shy" client has already been developed that functions in a "darknet" fashion, only accepting connections or attempting connections with nodes that have previously been approved by the user manually. These are not likely to show up on any graph or poll of the nodes, and certainly some exist behind Tor or I2P anyway. The point of the shy clients is to have one or more nodes that has the full blockchain on the p2p network that is intentionally difficult for a malicious node to locate. Thereby protecting the blockchain, and the shy client's owner, from direct attacks online or in meatspace. |