Bitcoin Forum
January 20, 2019, 12:05:19 PM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Invalid IP addresses on "receive version message" on debug.log  (Read 1120 times)
.anto.
Full Member
***
Offline Offline

Activity: 162
Merit: 100


View Profile
February 20, 2016, 10:21:53 PM
 #1

On my full nodes, I got a lot of "receive version message" on the debug.log with "us=0.0.0.0" and "us=127.0.0.1". There are only a few peers causing the messages with IP address 0.0.0.0 but hundreds of peers causing the messages with IP address 127.0.0.1.

The peers which cause the messages with 0.0.0.0 IP address are using the following User Agents:
Code:
/libbitcoin:2.11.0/: version 70001
/Satoshi:0.11.2/: version 70002

And the peers which cause the messages with 127.0.0.1 IP address are using the following User Agents:
Code:
/BitCoinJ:0.11.2/MultiBit:0.5.18/: version 70001
/bitcoinj:0.12.2/: version 70001
/BitCoinJ:0.12SNAPSHOT/Aegis Wallet:1.0/: version 70001
/bitcoinj:0.13.2/Bitcoin Wallet:4.39/: version 70001
/bitcoinj:0.13.3/Bitcoin:1.04/: version 70001
/bitcoinj:0.13.3/Bitcoin Wallet:4.42/: version 70001
/bitcoinj:0.13.3/Bitcoin Wallet:4.43/: version 70001
/bitcoinj:0.13.3/Bitcoin Wallet:4.44/: version 70001
/bitcoinj:0.13.3/MultiBitHD:0.2.0/: version 70001
/bitcoinj:0.13.4/Bitcoin Wallet:4.45/: version 70001
/bitcoinj:0.13.4/Bitcoin Wallet:4.46/: version 70001
/bitcoinj:0.13/GetGems:1.0/: version 70001
/bitcoinj:0.13-SNAPSHOT/DNSSeed:43/: version 70001
/bitcoinj:0.13SNAPSHOT/DNSSeed:43/: version 70001
/Bither1.4.3/: version 70001

I am really wondering what causes this and what the impact of letting the peers which cause that keep coming in. Do you think it is wise to block those peers on my iptables firewall using ipset for instance?

Thanks in advance for any answers and comments.
1547985919
Hero Member
*
Offline Offline

Posts: 1547985919

View Profile Personal Message (Offline)

Ignore
1547985919
Reply with quote  #2

1547985919
Report to moderator
1547985919
Hero Member
*
Offline Offline

Posts: 1547985919

View Profile Personal Message (Offline)

Ignore
1547985919
Reply with quote  #2

1547985919
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1547985919
Hero Member
*
Offline Offline

Posts: 1547985919

View Profile Personal Message (Offline)

Ignore
1547985919
Reply with quote  #2

1547985919
Report to moderator
1547985919
Hero Member
*
Offline Offline

Posts: 1547985919

View Profile Personal Message (Offline)

Ignore
1547985919
Reply with quote  #2

1547985919
Report to moderator
1547985919
Hero Member
*
Offline Offline

Posts: 1547985919

View Profile Personal Message (Offline)

Ignore
1547985919
Reply with quote  #2

1547985919
Report to moderator
Foxpup
Legendary
*
Online Online

Activity: 2436
Merit: 1278



View Profile
February 21, 2016, 04:10:01 AM
 #2

Um, no, it is not wise to block connections to and from 0.0.0.0 and 127.0.0.1, though I don't think iptables affects non-routable addresses anyway. They're not invalid; ping them and see what happens. Notice the astonishingly low latency? Those are your IP addresses. That's what "us" means in the log.

Will pretend to do unverifiable things (while actually eating an enchilada-style burrito) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
.anto.
Full Member
***
Offline Offline

Activity: 162
Merit: 100


View Profile
February 21, 2016, 10:23:07 AM
 #3

Um, no, it is not wise to block connections to and from 0.0.0.0 and 127.0.0.1, though I don't think iptables affects non-routable addresses anyway. They're not invalid; ping them and see what happens. Notice the astonishingly low latency? Those are your IP addresses. That's what "us" means in the log.

The IP addresses 0.0.0.0 and 127.0.0.1 are the IP address of my full nodes that the peers thought to be able to connect to - notice the word us on the following messages for instance:
Code:
.
2016-02-21 05:20:48 receive version message: /libbitcoin:2.11.0/: version 70001, blocks=399106, us=0.0.0.0:0, peer=2198, peeraddr=5.189.177.237:35504
2016-02-21 07:05:20 receive version message: /libbitcoin:2.11.0/: version 70001, blocks=0, us=0.0.0.0:0, peer=2549, peeraddr=85.93.88.92:53661
2016-02-21 08:53:08 receive version message: /libbitcoin:2.11.0/: version 70001, blocks=399106, us=0.0.0.0:0, peer=2919, peeraddr=5.189.177.237:60182
.
2016-02-21 10:06:58 receive version message: /bitcoinj:0.13-SNAPSHOT/DNSSeed:43/: version 70001, blocks=399428, us=127.0.0.1:8333, peer=3194, peeraddr=162.243.132.6:41992
2016-02-21 10:09:30 receive version message: /BitCoinJ:0.11.2/MultiBit:0.5.19/: version 70001, blocks=374614, us=127.0.0.1:8333, peer=3202, peeraddr=185.61.151.176:53738
2016-02-21 10:15:50 receive version message: /bitcoinj:0.13.4/Bitcoin Wallet:4.46/: version 70001, blocks=399428, us=127.0.0.1:8333, peer=3229, peeraddr=71.226.158.207:55651
.

So the IP addresses that I want to block are the IP addresses of the peers, i.e. the peeraddr.
.anto.
Full Member
***
Offline Offline

Activity: 162
Merit: 100


View Profile
February 28, 2016, 06:42:43 PM
 #4

I have blocked 2168 unique peers IPv4 addresses until now. The black list of is growing everyday Smiley

A part from blocking the peers causing the messages on debug.log like below:
Code:
receive version message: /Satoshi:0.11.2/: version 70002, blocks=398147, us=0.0.0.0:0
receive version message: /bcoin:1.0.0-alpha/: version 70002, blocks=370555, us=0.0.0.0:8333
receive version message: /bitcoinj:0.13.4/Bitcoin Wallet:4.46/: version 70001, blocks=400440, us=127.0.0.1:8333

I also blocked the peers which do not use valid (in my opinion) user agents like below:
Code:
receive version message: : version 32100
receive version message: : version 40000
receive version message: Why? Because fuck u, thats why: version 70002

There seems to be no significant affect on my node by blocking those peers as it is still running fine with the connected peers still always above 50, 56 at the time of my writing.
Code:
root@ledzeppelin:~# bitcoin-cli getinfo
{
  "version": 120000,
  "protocolversion": 70012,
  "blocks": 400442,
  "timeoffset": 0,
  "connections": 56,
  "proxy": "",
  "difficulty": 163491654908.9593,
  "testnet": false,
  "relayfee": 0.00001000,
  "errors": ""
}
root@ledzeppelin:~#

I hope by doing this my node will not relay the peers that are not serious in maintaining the integrity of Bitcoin network.
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3276
Merit: 4691


View Profile
February 29, 2016, 03:22:23 PM
 #5

I think that BitcoinJ-based wallets (ie. most lightweight wallets) always send us=127.0.0.1. Probably most of them are real users.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Pages: [1]
  Print  
 
Jump to:  

Bitcointalk.org is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!