Lauda (OP)
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
May 21, 2016, 08:59:34 AM |
|
Why would running a full node on amazons service be any problem if its legit? Unless I am missing something?
One of the fundamental ideas behind Bitcoin is decentralization, right? When you start a node at such a service, you aren't really contributing to the decentralization, as more people could run their nodes there which equals centralization. It isn't a big problem, but I would not recommend running nodes there (at least pick less-populated/less-known services if you have to). However, according to bitnodes21 there aren't that many nodes run at Amazon (at the moment ~160). Yes, the IPs came from my new node.
Well, they're the same as can be found on my list. The ban-list that I've provided after should effectively ban all of those known IPs.
I've updated my graph once more, and it seems that the problem is gone (for now).
|
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion)
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1540
No I dont escrow anymore.
|
|
May 21, 2016, 08:20:20 PM |
|
Why would running a full node on amazons service be any problem if its legit? Unless I am missing something?
None of them are full nodes, they all run on some "bitcoinj" version.
-snip- I've updated my graph once more, and it seems that the problem is gone (for now).
Thanks, I have a working script that automatically scans for these connections, adds the IP to a log file and bans them for a day now.
|
Im not really here, its just your imagination.
|
|
|
Lauda (OP)
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
May 21, 2016, 08:28:07 PM |
|
Thanks, I have a working script that automatically scans for these connections, adds the IP to a log file and bans them for a day now.
Why bother with it and not ban them for a longer period at once? I don't understand your approach here. I've used 1 month to check whether it is going to stop in the meantime, if it doesn't then these nodes will go to my yearly ban list.
|
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion)
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2996
Merit: 2371
|
|
May 21, 2016, 08:56:01 PM |
|
Any ideas on why anyone would do this? What could possibly be gained for these asshats? I don't get it.
seems like someone is trying to provoke people into banning amazon/cloud hosting services. Unfortunately, this appears to be accurate. I would never run a full node from my home internet connect (especially after DDoS attacks on XT and classic nodes), and would not recommend that others do this either. I would however run a full node (again) from some kind of VPS-like implementation (I used ram-node in the past and was generally happy with them despite them being semi expensive). I think it would be semi-logical for a semi-new Bitcoin user/supporter (who is experienced enough to want to run a full node) to have AWS as their first choice to run a node off of, and after this attack, there is a decent possibility that this will no longer be possible.
|
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1540
No I dont escrow anymore.
|
|
May 21, 2016, 09:31:18 PM |
|
Thanks, I have a working script that automatically scans for these connections, adds the IP to a log file and bans them for a day now.
Why bother with it and not ban them for a longer period at once? I don't understand your approach here. I've used 1 month to check whether it is going to stop in the meantime, if it doesn't then these nodes will go to my yearly ban list. Well I wrote the script so I dont have to care about this anymore. Changing the bantime is trivial now, esp since I can see in the log whether or not the attack still continues. It also ensures that I dont ban IPs for a long time when its not needed or if its a false positive. This prevents that my node helps separating amazon nodes in general from the network. If franky1 is correct, and I think its likely they are, its a bad idea to help the attacker by splitting amazon nodes off the network. Its still rank #4 on ISP according to bitnodes[1]. [1] https://bitnodes.21.co/nodes/#networks-tab
i have no idea about this. i never face such things ever. may that i am quite new in bitcoin forum. so i hope that the problem will be solve very soon. let me know that if something like this happend what suoul i do then.
Do you run a full node?
|
Im not really here, its just your imagination.
|
|
|
chek2fire
Legendary
Offline
Activity: 3430
Merit: 1142
Intergalactic Conciliator
|
|
May 22, 2016, 12:07:15 AM |
|
in my case my nodes are old, one of it is two years maybe more i dont remember, old and all of them has the same dos attack.
|
|
|
|
Lauda (OP)
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
May 22, 2016, 07:21:40 AM |
|
I would never run a full node from my home internet connect (especially after DDoS attacks on XT and classic nodes), and would not recommend that others do this either.
I would not generalize this. It comes down to how the ISP sets up their connections, what hardware you have and whether you know how to mitigate/prevent at least some DDoS. It also ensures that I dont ban IPs for a long time when its not needed or if its a false positive. This prevents that my node helps separating amazon nodes in general from the network.
Correct. This is why I've chosen a 1 month trial period for only the IP's that were misbehaving. I do wonder though, what the person things that they could accomplish with this. They surely don't think that they'd able to completely separate Amazon from the network with such a small attack? in my case my nodes are old, one of it is two years maybe more i dont remember, old and all of them has the same dos attack.
Mine is only ~2 months old.
|
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion)
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1540
No I dont escrow anymore.
|
|
May 22, 2016, 07:48:37 AM |
|
-snip- It also ensures that I dont ban IPs for a long time when its not needed or if its a false positive. This prevents that my node helps separating amazon nodes in general from the network.
Correct. This is why I've chosen a 1 month trial period for only the IP's that were misbehaving. I do wonder though, what the person things that they could accomplish with this. They surely don't think that they'd able to completely separate Amazon from the network with such a small attack? I dont know the reason behind this, but freaky1's idea of separating amazon from the rest of the network makes the most sense. Amazon does not seem to care, this might be something the attack knew in advance. Wasnt amazon also among the ISPs that hosted a significantly large portion of the classic nodes? It might be an attempt to kick them off the network or make it look like someone was trying to do so. Btw I dont think there is a big difference between manually banning single IPs for a month and automatically banning single IPs for a day each hour if needed. The only advantage I see in my approach is that have clear log file that indicates when the attack stopped (on my node).
|
Im not really here, its just your imagination.
|
|
|
Lauda (OP)
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
May 22, 2016, 07:58:56 AM |
|
I dont know the reason behind this, but freaky1's idea of separating amazon from the rest of the network makes the most sense. Amazon does not seem to care, this might be something the attack knew in advance.
I understand that it makes sense, however I doubt that something on such a small scale could have a big impact though. Wasnt amazon also among the ISPs that hosted a significantly large portion of the classic nodes? It might be an attempt to kick them off the network or make it look like someone was trying to do so.
Correct. However, almost all of those nodes have disappeared (a day or two before those connections appeared which is a strange coincidence)[1]: Btw I dont think there is a big difference between manually banning single IPs for a month and automatically banning single IPs for a day each hour if needed. The only advantage I see in my approach is that have clear log file that indicates when the attack stopped (on my node).
I didn't mean to say that there was and I concur. I'll check up on them in a month.
[1] - https://coin.dance/nodes
|
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion)
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1540
No I dont escrow anymore.
|
|
May 22, 2016, 01:05:07 PM |
|
-snip- Wasnt amazon also among the ISPs that hosted a significantly large portion of the classic nodes? It might be an attempt to kick them off the network or make it look like someone was trying to do so.
Correct. However, almost all of those nodes have disappeared (a day or two before those connections appeared which is a strange coincidence)[1]: -snip- [1] - https://coin.dance/nodesMaybe its the same IPs, but the money ran out to run full nodes.
|
Im not really here, its just your imagination.
|
|
|
Its About Sharing
Legendary
Offline
Activity: 1442
Merit: 1000
Antifragile
|
|
May 26, 2016, 06:34:25 PM |
|
Is this still ongoing as I sent a payment over an hour ago via the Electrum wallet with a suggested 0.000187 fee and there are still no confirmations. Any ideas? Thanks in advance, IAS
edit - just cleared, lol. But would be curious to know what happened.
|
BTC = Black Swan. BTC = Antifragile - "Some things benefit from shocks; they thrive and grow when exposed to volatility, randomness, disorder, and stressors and love adventure, risk, and uncertainty. Robust is not the opposite of fragile.
|
|
|
Lauda (OP)
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
May 26, 2016, 06:55:25 PM |
|
Is this still ongoing as I sent a payment over an hour ago via the Electrum wallet with a suggested 0.000187 fee and there are still no confirmations. Any ideas? Thanks in advance, IAS
I can't really tell you that without un-banning them to check whether they would reconnect (Shorena can answer that question). However, this 'DoS attack' (or whatever it is) does not have a negative influence on your transactions. edit - just cleared, lol. But would be curious to know what happened.
How long did it exactly take? Did you check the block intervals? It is quite possible that your TX was not confirmed in let's say 2-3 blocks and then there was no block for 1 hour.
|
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion)
|
|
|
Its About Sharing
Legendary
Offline
Activity: 1442
Merit: 1000
Antifragile
|
|
May 26, 2016, 06:59:49 PM |
|
Thanks for the reply Lauda.
It took just over 1 hour. I thought maybe I missed that first block, quite common for 20 minute or so confirmations in my experience. But never had an hour before. Sorry to say, I don't know how to check the intervals. Is that something on the blockchain explorer page or ? Perhaps it helps others not so technical.
|
BTC = Black Swan. BTC = Antifragile - "Some things benefit from shocks; they thrive and grow when exposed to volatility, randomness, disorder, and stressors and love adventure, risk, and uncertainty. Robust is not the opposite of fragile.
|
|
|
Lauda (OP)
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
May 26, 2016, 07:14:53 PM Last edit: May 26, 2016, 08:27:45 PM by Lauda |
|
It took just over 1 hour. I thought maybe I missed that first block, quite common for 20 minute or so confirmations in my experience. But never had an hour before.
It was quite possible that you've transacted within a unlucky period (this has only happened once for me). Sorry to say, I don't know how to check the intervals. Is that something on the blockchain explorer page or ? Perhaps it helps others not so technical.
You can see the block timing on a lot of blockchain explorers, including blockchain.info. Example:
According to G.Maxwell (on reddit) this "isn't interesting". Apparently, this isn't more than a nuisance. Aside from potentially making some nodes a bit 'sluggish', it doesn't seem to do anything else.
Update 1: Added missing information.
|
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion)
|
|
|
Its About Sharing
Legendary
Offline
Activity: 1442
Merit: 1000
Antifragile
|
|
May 27, 2016, 07:17:24 AM |
|
Thanks again Lauda,
What I can see is that is was included in Block #413529. It says: Received Time 2016-05-26 17:28:00 Included In Blocks 413529 ( 2016-05-26 18:33:11 + 65 minutes )
But the next block was 2 minutes later and the prior block was 18:31:51. I am confused now but learning.
IAS
|
BTC = Black Swan. BTC = Antifragile - "Some things benefit from shocks; they thrive and grow when exposed to volatility, randomness, disorder, and stressors and love adventure, risk, and uncertainty. Robust is not the opposite of fragile.
|
|
|
Lauda (OP)
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
May 27, 2016, 10:54:34 AM |
|
Thanks again Lauda,
What I can see is that is was included in Block #413529. It says: Received Time 2016-05-26 17:28:00 Included In Blocks 413529 ( 2016-05-26 18:33:11 + 65 minutes )
But the next block was 2 minutes later and the prior block was 18:31:51. I am confused now but learning.
IAS
Block 413527 was mined at 17:25, and your transaction was received at 17:28. There was no block until 18:31, i.e. a time span of 66 minutes (usually 6 blocks on average). There was most likely a backlog of transactions where your fee was not adequate anymore and thus was punished into the following block (2 minutes later). It was just an unlucky period. Hopefully that answers your question.
|
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion)
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1540
No I dont escrow anymore.
|
|
July 21, 2016, 05:17:42 PM |
|
Guess whos back? Should not have turned the script off, will check in for details later or tomorrow.
|
Im not really here, its just your imagination.
|
|
|
Holliday
Legendary
Offline
Activity: 1120
Merit: 1012
|
|
July 21, 2016, 06:03:42 PM |
|
Guess whos back?
Should not have turned the script off, will check in for details later or tomorrow.
I banned about 20 nodes today as well.
|
If you aren't the sole controller of your private keys, you don't have any bitcoins.
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1540
No I dont escrow anymore.
|
|
July 22, 2016, 08:00:22 PM |
|
Same IPS as last month. 52.19.74.204 52.18.216.183 52.31.162.162 52.209.84.225 52.209.135.189 52.209.0.186 52.209.130.181 52.51.102.25 52.50.241.63 52.209.10.155 52.208.190.236 52.209.14.96 52.19.190.136
guess its just still going on, I wonder to what effect as its not a very strong attack.
|
Im not really here, its just your imagination.
|
|
|
Lauda (OP)
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
July 23, 2016, 09:43:19 AM |
|
I have just checked my node and it seems like they are indeed back. Now I'm seeing connections spike up to 100. Unfortunately, I can't block them right now as I can't connect to my node. @Shorena is it me or have the intervals changed a bit? It seems like 1 disconnect (all IPs) per hour now, but I need more data to make a conclusion.
|
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion)
|
|
|
|