Bitcoin Forum
August 14, 2022, 06:18:07 AM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 ... 103 »
1  Bitcoin / Development & Technical Discussion / Re: Loads of fake peers advertised on bitcoin network on: August 04, 2021, 08:48:48 AM
They seem to have stopped now - about a week ago, actually.

However, talking about the addresses, three of the bitcoin's DNS seeds seem to have been down for awhile already:
Code:
dnsseed.bitcoin.dashjr.org
seed.bitcoinstats.com
seed.bitcoin.jonasschnelli.ch
2  Bitcoin / Development & Technical Discussion / Re: Loads of fake peers advertised on bitcoin network on: July 15, 2021, 07:55:39 PM
What I've learned about this, there are bots out there that feed this attack.
Here are some of their IPs:
Code:
103.107.198.132
104.149.35.146
104.200.131.120
139.5.177.224
141.98.103.172
144.48.37.76
152.89.163.172
165.231.253.44
172.104.10.187
173.244.211.90
174.127.84.12
176.107.184.136
176.113.74.253
176.222.34.111
178.175.133.100
180.149.231.156
185.104.185.164
185.106.102.204
185.122.168.248
185.130.184.115
185.156.175.109
185.169.233.205
185.189.114.27
185.191.204.131
185.203.122.18
185.216.34.99
185.225.28.44
185.236.201.133
185.236.201.230
185.240.244.5
185.93.2.199
185.99.3.105
189.1.168.147
192.145.125.36
193.148.18.28
193.27.12.46
193.32.210.165
194.150.167.78
194.36.110.182
195.158.248.4
195.206.104.157
195.206.105.93
196.245.151.4
2.58.46.236
208.78.41.68
217.138.197.76
217.146.92.233
31.13.191.132
37.221.112.62
43.249.36.137
45.141.153.237
45.144.113.44
45.249.222.252
45.34.7.4
45.83.91.196
45.89.174.116
46.102.153.68
5.101.145.47
5.101.145.50
64.120.88.150
68.232.180.194
77.81.191.3
86.105.9.92
87.239.255.38
89.164.99.107
89.249.64.171
91.132.136.238
91.205.230.194
92.119.18.253
93.190.143.97
94.46.223.22
95.174.66.28
But you can't connect to them - you have to wait for them to connect to you.

Such a fake node seem to be connecting to (all?) the known bitcoin nodes - somehow randomly.
Upon connecting, it does the versions handshake pretending to be bitcoin core (I've seen /Satoshi:0.21.0/ and /Satoshi:0.21.1/)
Then, without any delays, it start sending addr messages, each containing 10 records.
After sending 500 of such messages (so 5000 addresses total), it just disconnects, literally a few seconds from connecting.
Later it will come back, minutes or hours later, to do the same...

3  Bitcoin / Development & Technical Discussion / Re: Loads of fake peers advertised on bitcoin network on: July 14, 2021, 02:37:39 PM
Thanks @vasild.
Yes, I'm running my own software and was asking people running core to tell me what they see at their nodes.
And I asked if the core had a limit, just to know what to expect or how it would handle the problem.
And with the 700k number, I just wanted to give you and idea on how big the problem was.
BTW, I cleared the DB exactly two days ago and now it has over 800k records. So its definitely still ongoing...

Anyway.
So, please correct me if I'm wrong, but the thousand 'new buckets' approach and each node being able to access only 64 of them, does not seem to be helping much, considering that all the nodes advertise incoming addresses without checking them.

That's basically what I'm seeing.


Now imagine scenario that you're starting a new node, with a brand new IP.
It is going to have a hard time getting incoming connections anytime soon, considering that it competes with hundreds of thousands of fake IPs.

Plus every node looses time trying to connect to these fake addresses.
Not sure what is the core's algo of choosing a new IP to connect to, but whatever it is, it will surely also have to deal with a lot of dead tries.

Any solutions?
4  Bitcoin / Development & Technical Discussion / Re: Loads of fake peers advertised on bitcoin network on: July 13, 2021, 03:13:17 PM
Here's the reply I got from Pieter Wuille about this subject
Quote
Each group of source IPs (/16s etc) selects a subset of just 64 buckets (salted using a host-specific secret key), and inserts the newly received IPs in a position in a bucket in one of those, if certain criteria are met (the position was empty, or it held an IP address that also occurs elsewhere in the table already). This limits the impact an attacker can have, because they cannot under any circumstances affect IPs in buckets outside of the 64 their group maps to.
Thanks. That's very helpful.
Will probably look into implementing something like this.


What is the core's algorithm for selecting addresses to return after receiving getaddr request?
Does it only pick those from the "tried" buckets?

Same for sending spontaneous addr messages: does it have to "try" it first, before it can route a new addr to its peeers?
I am not completely sure, but it seems like I'm getting (most of) those fake addresses from a legit bitcoin core peers.
I have a suspicion that because of the algorithm bitcoin core uses for routing new addresses, it's somehow facilitating this problem.

And I don't send any getaddr, FWIW.
5  Bitcoin / Development & Technical Discussion / Re: Loads of fake peers advertised on bitcoin network on: July 12, 2021, 07:00:10 PM
I am still not seeing anything out of the ordinary. So either they are hitting specific IPs / Nodes or my SonicWall is blocking them for some reason.
I do have the sonic configured to block botnets, so if the connections are coming from known bad IPs they might never make it in. But other then that I have no idea.

@piotr_n  are you still seeing the attack?

-Dave
Yes, they are still coming.

You will only see them in your node's peers database.
6  Bitcoin / Development & Technical Discussion / Re: Loads of fake peers advertised on bitcoin network on: July 12, 2021, 11:10:23 AM
Are they all coming from 1 IP block or from everywhere?

There are ~200k records with IPs starting with 255.255... and a random (not 8333) port number - these were advertised 15+ hours ago.

But the more recent ones (~500k of them) seem to be completely random IPs with port number 8333
7  Bitcoin / Development & Technical Discussion / Loads of fake peers advertised on bitcoin network on: July 12, 2021, 10:32:28 AM
It seems like there is some sort of attack going on - the network is advertising hundreds of thousands of non-working addresses via the addr messages.
All my nodes' peers databases are now over 700k records and seem to be still growing...

Do you see the same at your nodes?

Does bitcoin core have a limit of peers upon witch it won't accept new addresses into the database?
How to best handle that?

Apart from the extra resources consumption, it now takes much longer to connect to new peers, because there are so many non-working addresses in the db.
8  Bitcoin / Development & Technical Discussion / Re: Taproot implementation questions on: May 19, 2021, 10:38:47 AM
Are there any test vectors, but only for the new sighash algorithm?

9  Bitcoin / Development & Technical Discussion / Re: Taproot implementation questions on: May 18, 2021, 06:00:59 PM
Thank you, it helps me a lot.

Call me stupid, but I'm not quite enlightened by the way the BIP docs are explaining themselves. Smiley

So: try to collect the outputs being spent first and verify the scripts later - I'm on it.. thanks!
10  Bitcoin / Development & Technical Discussion / Re: Taproot implementation questions on: May 18, 2021, 05:35:11 PM
Thank you.

May I ask, out of curiosity, what purpose does it serve?
It kind of makes the taproot implementation quite much harder to make.
11  Bitcoin / Development & Technical Discussion / Taproot implementation questions on: May 18, 2021, 01:27:49 PM
I'm starting this new topic because I'm trying to implement the taproot functionality in my code.
I hope people can help me to understand some of the taproot technicalities.

So my first question:

How does the new verify_script function use the spend_scripts of the inputs that it is spending?

When I will verify a specific input of a transaction, will I need to have amounts and spend scripts for all the inputs, or will it be enough to have just the one at a time?
12  Bitcoin / Development & Technical Discussion / Re: Taproot proposal on: October 25, 2020, 01:44:22 PM
Am I getting it wrong thinking that "schnorr" is just an improved way of doing EC signatures, while "taproot" is an extension to the scripts interpreter?

Because reading some publications (and this forum topic), one could get an impression that schnorr and taproot are synonyms, whilst for me they are two different features. Although, I understand that they are planned to be deployed and activated together.
13  Bitcoin / Development & Technical Discussion / Re: Taproot proposal on: October 25, 2020, 12:32:11 PM

I only found test vectors in bip340_test_vectors.csv - but they seem to be only checking sign_schnorr() and verify_schnorr() functions.

Are there any new test for entire scripts and transactions?

14  Bitcoin / Development & Technical Discussion / Re: Taproot proposal on: October 21, 2020, 11:58:47 AM
Will there be any taproot related tests added to the src/test/data ?
15  Bitcoin / Development & Technical Discussion / Re: Has your mempool sorting also been slow recently? on: March 30, 2020, 06:59:21 PM
OK, thank you everybody.

I fixed it - my bad Smiley
16  Bitcoin / Development & Technical Discussion / Re: Has your mempool sorting also been slow recently? on: March 30, 2020, 11:16:34 AM
Thanks. Must be something i screwed up with porting the code.

Perhaps you could help ma to figure it out.

At a beginning of the function BlockAssembler::addPackageTxs (in src/miner.cpp) it does:
Code:
UpdatePackagesForAdded(inBlock, mapModifiedTx);

It seems that at this point the inBlock variable shall contain a set of transactions.
Where is this set built? I can't find that place in the source code.
17  Bitcoin / Development & Technical Discussion / Re: Has your mempool sorting also been slow recently? on: March 27, 2020, 12:41:44 PM
What I found so far.

I cant really find the relevant code in the current bitcoin core sources, but the code I am using myself was once based on what core was doing (at least that was the idea).

So the first stage of sorting is finding the packages.
A package is a child tx with all its (unconfirmed) parent txs.

What I am seeing now is mempool of 5851 transactions.
This comes down to 4142 packages...
But inside these 4142 packages there is a total of 5773388 parent txs.

I'd say that it is quite a lot and it takes my PC over one second to build the package list.
Either my function to look for the packages has suddenly turned out to be screwed up, or the recent content of the mempool has been deliberately engineered to cause such a behavior.
If it is the second, then bitcoin core (at least the mining nodes) might be suffering from it as well.

Someone please look into this.
18  Bitcoin / Development & Technical Discussion / Re: Has your mempool sorting also been slow recently? on: March 27, 2020, 12:32:55 PM
I'm not sure if the sorting function is actually used if you're not mining on the node.

Eventually, it can be called when you exceed the mempool size limit, but that would not be a case recently.
19  Bitcoin / Development & Technical Discussion / Has your mempool sorting also been slow recently? on: March 27, 2020, 09:22:19 AM
Is it just a problem with my implementation, or is there some sort of attack going on, exploiting the Child-Pays-For-Parent sorting algorithm?

The sorting (of the existing mempool) takes far too long.
20  Bitcoin / Development & Technical Discussion / Re: Is there a list of historical bitcoin core bugs related to SigHash? on: February 26, 2020, 07:32:40 PM
It's in the function called IsValidSignatureEncoding() in src/script/interpreter.cpp

https://github.com/bitcoin/bitcoin/blob/master/src/script/interpreter.cpp#L107

The rules from that function are being enforced since BIP66 was "activated", which was at (including) block #330776

Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 ... 103 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!