Meuh6879
Legendary
 Offline
Activity: 1512
Merit: 1012
|
 |
December 25, 2016, 08:13:04 PM |
|
Winners of this week (5 days) : 59.110.63.71 Hits = 2774
129.13.252.36 Hits = 1898
129.13.252.47 Hits = 1876
52.205.213.45 Hits = 822
136.243.139.96 Hits = 353
178.62.20.190 Hits = 265
50.7.71.172 Hits = 260
52.62.33.159 Hits = 246
54.94.211.146 Hits = 246
52.76.95.246 Hits = 245
139.162.96.165 Hits = 238
52.18.56.236 Hits = 237
45.33.65.130 Hits = 220
52.74.14.245 Hits = 218
148.251.151.71 Hits = 206
52.29.215.16 Hits = 198
52.70.130.28 Hits = 187
52.210.89.26 Hits = 179
52.32.80.148 Hits = 178
54.223.77.14 Hits = 159
Same list, Ordered by IP range : 129.13.252.36 Hits = 1898
129.13.252.47 Hits = 1876
136.243.139.96 Hits = 353
139.162.96.165 Hits = 238
148.251.151.71 Hits = 206
178.62.20.190 Hits = 265
45.33.65.130 Hits = 220
50.7.71.172 Hits = 260
52.18.56.236 Hits = 237
52.205.213.45 Hits = 822
52.210.89.26 Hits = 179
52.29.215.16 Hits = 198
52.32.80.148 Hits = 178
52.62.33.159 Hits = 246
52.70.130.28 Hits = 187
52.74.14.245 Hits = 218
52.76.95.246 Hits = 245
54.223.77.14 Hits = 159
54.94.211.146 Hits = 246
59.110.63.71 Hits = 2774
|
|
|
|
|
Lauda (OP)
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
December 25, 2016, 08:25:36 PM |
|
-snip-
I have recently wiped my node clean (thus also the banlist), and those connections appeared within seconds of me booting up the node. They seem very persistent. The majority seems to have moved away from 52.x range into 100+.x something (my banlist is empty once again, thus I don't see the exact IPs right now) for me. They are fairly easy to spot for those using a GUI (e.g. 3-4 nodes per IP). |
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion) |
|
|
Meuh6879
Legendary
Offline
Activity: 1512
Merit: 1012
|
|
January 08, 2017, 08:53:49 PM |
|
From 2017-01-03 to 2017-01-08 : 129.13.252.36 HITS = 2808
129.13.252.47 HITS = 1130
136.243.139.96 HITS = 697
139.162.96.165 HITS = 580
148.251.151.71 HITS = 377
50.7.71.172 HITS = 333
45.33.65.130 HITS = 302
52.18.56.236 HITS = 249
54.94.211.146 HITS = 248
52.76.95.246 HITS = 247
52.29.215.16 HITS = 245
52.192.180.114 HITS = 226
52.62.33.159 HITS = 207
178.62.20.190 HITS = 161
52.205.213.45 HITS = 144
72.36.89.11 HITS = 46
IP range ordered, same list : 129.13.252.36 HITS = 2808
129.13.252.47 HITS = 1130
136.243.139.96 HITS = 697
139.162.96.165 HITS = 580
148.251.151.71 HITS = 377
178.62.20.190 HITS = 161
45.33.65.130 HITS = 302
50.7.71.172 HITS = 333
52.18.56.236 HITS = 249
52.192.180.114 HITS = 226
52.205.213.45 HITS = 144
52.29.215.16 HITS = 245
52.62.33.159 HITS = 207
52.76.95.246 HITS = 247
54.94.211.146 HITS = 248
72.36.89.11 HITS = 46
|
|
|
|
|
Meuh6879
Legendary
Offline
Activity: 1512
Merit: 1012
|
|
January 23, 2017, 08:08:50 PM |
|
From 2017-01-14 to 2017-01-23 : 129.13.252.36 HITS = 3158
129.13.252.47 HITS = 2173
136.243.139.96 HITS = 778
148.251.151.71 HITS = 649
139.162.96.165 HITS = 568
52.8.99.184 HITS = 537
46.101.246.115 HITS = 486
50.7.71.172 HITS = 453
72.36.89.11 HITS = 266
54.223.77.14 HITS = 242
52.70.130.28 HITS = 183
52.18.56.236 HITS = 182
52.62.33.159 HITS = 181
52.210.89.26 HITS = 180
52.29.215.16 HITS = 179
178.62.20.190 HITS = 178
37.34.48.17 HITS = 175
52.74.14.245 HITS = 149
104.196.107.156 HITS = 141
46.63.26.63 HITS = 91
Same list, IP Range ordered : 104.196.107.156 HITS = 141
129.13.252.36 HITS = 3158
129.13.252.47 HITS = 2173
136.243.139.96 HITS = 778
139.162.96.165 HITS = 568
148.251.151.71 HITS = 649
178.62.20.190 HITS = 178
37.34.48.17 HITS = 175
46.101.246.115 HITS = 486
46.63.26.63 HITS = 91
50.7.71.172 HITS = 453
52.18.56.236 HITS = 182
52.210.89.26 HITS = 180
52.29.215.16 HITS = 179
52.62.33.159 HITS = 181
52.70.130.28 HITS = 183
52.74.14.245 HITS = 149
52.8.99.184 HITS = 537
54.223.77.14 HITS = 242
72.36.89.11 HITS = 266
|
|
|
|
|
Holliday
Legendary
Offline
Activity: 1120
Merit: 1012
|
|
February 24, 2017, 08:24:19 PM |
|
I've been banning 12 or so of these connections every couple hours for the past several days. More pop up every time so far.
|
If you aren't the sole controller of your private keys, you don't have any bitcoins.
|
|
|
|
PremiumCodeX
|
|
February 24, 2017, 09:24:54 PM |
|
I find it interesting. I am interested in offensive security, but I have never met with such an attack before.
So, I wonder what uses does such an attack have?
What can the hacker achieve with this (technically, since we do not know his/her true motives anyway)?
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
February 25, 2017, 12:52:12 AM |
|
I was looking at information here. Could this be leading to some of the problems here as this thread was started on May 2016 which would be about the time that that warning is relevant to. (Also, it's good that we havne't seen too many nodes sutdown as a result of this and that there are just the IPs that are being blocked which is a fairly simple solution - although there's still no information as to who is preforming this attack and no information as to the purpose why)? I find it interesting. I am interested in offensive security, but I have never met with such an attack before.
So, I wonder what uses does such an attack have?
What can the hacker achieve with this (technically, since we do not know his/her true motives anyway)?
I'm not entirely sure what the benefit of doing this is, pprobably to try to slow down the network (although it'd take a lot to do that). |
|
|
|
|
|
PremiumCodeX
|
|
March 01, 2017, 08:40:46 PM |
|
I'm not entirely sure what the benefit of doing this is, pprobably to try to slow down the network (although it'd take a lot to do that).
I thought one of BTC network's benefits was being "resistant" to DDoS and similar kind of attacks. As you pointed out, it should take ALOT to slow it down even a bit. I do not think that is a realistic purpose at all. It is strange. |
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
March 05, 2017, 09:53:08 PM |
|
I'm not entirely sure what the benefit of doing this is, pprobably to try to slow down the network (although it'd take a lot to do that).
I thought one of BTC network's benefits was being "resistant" to DDoS and similar kind of attacks. As you pointed out, it should take ALOT to slow it down even a bit. I do not think that is a realistic purpose at all. It is strange. It isn't a useful attack. It's practically impossible to DoS the Bitcoin network. There will probably be quite a few people that run nodes on VPS services meaning that their IP can easily be chaned and IPs can te changed anyway (new nodes are also fairly simple to boot). I'd think, a successful DoS of the bitcoin network would be several thousand GB/s of data transfer at least. This is practically impossible to equalise the network speed of all bitcoin nodes and be about 2x that to stop traffic which would still be unsuccessful as other traffic would still fit through or the network would go down shortly (but not the entire network). Is the attack still running at full power? |
|
|
|
|
Meuh6879
Legendary
Offline
Activity: 1512
Merit: 1012
|
|
March 14, 2017, 06:46:35 PM |
|
From 2017-03-10 to 2017-03-14 (yes, it's small ... but probes are busy after the 0.14.0) 129.13.252.47 Hits = 11809
129.13.252.36 Hits = 6677
[2a00:1398:4:2a00::a5] Hits = 2653
[2a00:1398:4:2a00::a1] Hits = 2315
46.101.246.115 Hits = 1165
136.243.139.96 Hits = 971
139.162.96.165 Hits = 717
37.34.48.17 Hits = 244
104.196.107.156 Hits = 233
54.94.211.146 Hits = 211
52.210.89.26 Hits = 197
52.76.95.246 Hits = 196
52.18.56.236 Hits = 194
54.223.77.14 Hits = 179
52.29.215.16 Hits = 129
52.70.130.28 Hits = 128
104.236.95.174 Hits = 94
52.192.180.114 Hits = 94
52.74.14.245 Hits = 61
88.147.58.140 Hits = 44
[2001:0:5ef5:79fd:304e:1543:fab0:b4fa] Hits = 43
46.63.26.63 Hits = 43
79.6.216.122 Hits = 40
72.36.89.11 Hits = 39
119.164.15.239 Hits = 23
Same list, IP Range ordered. [2001:0:5ef5:79fd:304e:1543:fab0:b4fa] Hits = 43
[2a00:1398:4:2a00::a1] Hits = 2315
[2a00:1398:4:2a00::a5] Hits = 2653
104.196.107.156 Hits = 233
104.236.95.174 Hits = 94
119.164.15.239 Hits = 23
129.13.252.36 Hits = 6677
129.13.252.47 Hits = 11809
136.243.139.96 Hits = 971
139.162.96.165 Hits = 717
37.34.48.17 Hits = 244
46.101.246.115 Hits = 1165
46.63.26.63 Hits = 43
52.18.56.236 Hits = 194
52.192.180.114 Hits = 94
52.210.89.26 Hits = 197
52.29.215.16 Hits = 129
52.70.130.28 Hits = 128
52.74.14.245 Hits = 61
52.76.95.246 Hits = 196
54.223.77.14 Hits = 179
54.94.211.146 Hits = 211
72.36.89.11 Hits = 39
79.6.216.122 Hits = 40
88.147.58.140 Hits = 44
|
|
|
|
|
Meuh6879
Legendary
Offline
Activity: 1512
Merit: 1012
|
|
March 25, 2017, 02:13:32 PM |
|
From 2017-03-20 to 2017-03-24 129.13.252.36 Hits = 10917
129.13.252.47 Hits = 5399
46.101.246.115 Hits = 1585
136.243.139.96 Hits = 1578
[2a00:1398:4:2a00::a1] Hits = 1138
[2a00:1398:4:2a00::a5] Hits = 1040
139.162.96.165 Hits = 1026
37.34.48.17 Hits = 347
52.18.56.236 Hits = 335
54.94.211.146 Hits = 248
52.74.14.245 Hits = 247
52.70.130.28 Hits = 246
52.8.99.184 Hits = 246
104.196.107.156 Hits = 244
54.223.77.14 Hits = 231
52.192.180.114 Hits = 229
104.236.95.174 Hits = 193
52.76.95.246 Hits = 153
52.210.89.26 Hits = 123
[2a02:348:86:3011::1] Hits = 100
52.32.80.148 Hits = 78
72.36.89.11 Hits = 69
94.21.45.130 Hits = 69
46.63.26.63 Hits = 59
72.2.237.42 Hits = 29
52.29.215.16 Hits = 26
5.189.177.237 Hits = 19
[2001:0:9d38:90d7:3c5f:18c1:2a45:5592] Hits = 18
Same list, IP Range ordered. [2001:0:9d38:90d7:3c5f:18c1:2a45:5592] Hits = 18
[2a00:1398:4:2a00::a1] Hits = 1138
[2a00:1398:4:2a00::a5] Hits = 1040
[2a02:348:86:3011::1] Hits = 100
104.196.107.156 Hits = 244
104.236.95.174 Hits = 193
129.13.252.36 Hits = 10917
129.13.252.47 Hits = 5399
136.243.139.96 Hits = 1578
139.162.96.165 Hits = 1026
37.34.48.17 Hits = 347
46.101.246.115 Hits = 1585
46.63.26.63 Hits = 59
5.189.177.237 Hits = 19
52.18.56.236 Hits = 335
52.192.180.114 Hits = 229
52.210.89.26 Hits = 123
52.29.215.16 Hits = 26
52.32.80.148 Hits = 78
52.70.130.28 Hits = 246
52.74.14.245 Hits = 247
52.76.95.246 Hits = 153
52.8.99.184 Hits = 246
54.223.77.14 Hits = 231
54.94.211.146 Hits = 248
72.2.237.42 Hits = 29
72.36.89.11 Hits = 69
94.21.45.130 Hits = 69
|
|
|
|
|
|
Shiroslullaby
|
|
March 25, 2017, 03:46:08 PM |
|
Re-reading this thread as it is very interesting.
Wondering what the motivation for this person is.
Is this someone who thinks they are causing damage? Prepping/ testing for a larger attack? An accident?
|
|
|
|
Meuh6879
Legendary
Offline
Activity: 1512
Merit: 1012
|
|
March 30, 2017, 03:24:34 PM |
|
Samples in situation.  +++  +++  +++  The bitcoin developers have taken this thread into account because multi-client bitcoinj attacks of the same IP are now filtered. That is why I continue to report, here, a follow-up. +++ On early stage of somes P2P network, this "busing" job have been eradicate by apply a notation on IP (like if you try 3 times per minute = ban for 15min + if you re-try this after 2 minutes = ban for 1h, max ban time = 24h). very usefull for filtering no-ordinary client that push all ports every 5 seconds ... Original clients try 2 times (with 2 random port no followed) and search an other node (good boy !). |
|
|
|
|
Meuh6879
Legendary
Offline
Activity: 1512
Merit: 1012
|
|
April 04, 2017, 05:41:00 PM |
|
From 2017-03-31 to 2017-04-04 47.90.4.203 Hits = 9260
59.110.63.71 Hits = 5184
129.13.252.36 Hits = 4806
129.13.252.47 Hits = 3907
136.243.139.96 Hits = 1399
46.101.246.115 Hits = 1348
139.162.96.165 Hits = 987
[2a03:b0c0:3:d0::5c9:4001] Hits = 931
[2a00:1398:4:2a00::a1] Hits = 889
120.55.171.74 Hits = 845
[2a00:1398:4:2a00::a5] Hits = 666
188.65.213.21 Hits = 379
52.76.95.246 Hits = 248
52.8.99.184 Hits = 247
54.94.211.146 Hits = 247
45.32.130.19 Hits = 204
104.196.107.156 Hits = 199
52.210.89.26 Hits = 160
52.192.180.114 Hits = 129
54.223.77.14 Hits = 125
52.18.56.236 Hits = 119
Same list, IP range ordered. [2a00:1398:4:2a00::a1] Hits = 889
[2a00:1398:4:2a00::a5] Hits = 666
[2a03:b0c0:3:d0::5c9:4001] Hits = 931
104.196.107.156 Hits = 199
120.55.171.74 Hits = 845
129.13.252.36 Hits = 4806
129.13.252.47 Hits = 3907
136.243.139.96 Hits = 1399
139.162.96.165 Hits = 987
188.65.213.21 Hits = 379
45.32.130.19 Hits = 204
46.101.246.115 Hits = 1348
47.90.4.203 Hits = 9260
52.18.56.236 Hits = 119
52.192.180.114 Hits = 129
52.210.89.26 Hits = 160
52.76.95.246 Hits = 248
52.8.99.184 Hits = 247
54.223.77.14 Hits = 125
54.94.211.146 Hits = 247
59.110.63.71 Hits = 5184
|
|
|
|
|
|
andrew24p
|
|
April 04, 2017, 09:11:59 PM |
|
Someone has been attacking the mempool for years to push their bigger block agenda, which is why we see so many small transactions in cycles.
|
|
|
|
countryfree
Legendary
Offline
Activity: 3066
Merit: 1047
Your country may be your worst enemy
|
|
April 04, 2017, 09:35:23 PM |
|
We've all seen that BTC is getting more and more centralized, and I wonder if the people behind this attack could be trying to push even further into that direction. There are still some lonely individuals running a node at their home, and the attacker may want to make this next to impossible, as running a node should now command close and regular monitoring. So only large teams, or mining farms (from some large eastern country), with staff on guard would be able to run nodes efficiently. See what I mean?
Does that make sense?
|
I used to be a citizen and a taxpayer. Those days are long gone.
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1540
No I dont escrow anymore.
|
|
April 22, 2017, 06:23:16 AM |
|
We've all seen that BTC is getting more and more centralized, and I wonder if the people behind this attack could be trying to push even further into that direction. There are still some lonely individuals running a node at their home, and the attacker may want to make this next to impossible, as running a node should now command close and regular monitoring. So only large teams, or mining farms (from some large eastern country), with staff on guard would be able to run nodes efficiently. See what I mean?
Does that make sense?
No, this attack is not strong enough to impact a node. It will not saturate connection slots and I suspect home run nodes to change IP-Addresses more frequently thus further limiting the impact of the attack. I had these connections on my home run node, but I wouldnt have noticed them there. |
Im not really here, its just your imagination.
|
|
|
bitbunnny
Legendary
Offline
Activity: 2912
Merit: 1068
WOLF.BET - Provably Fair Crypto Casino
|
|
April 22, 2017, 03:09:44 PM |
|
We've all seen that BTC is getting more and more centralized, and I wonder if the people behind this attack could be trying to push even further into that direction. There are still some lonely individuals running a node at their home, and the attacker may want to make this next to impossible, as running a node should now command close and regular monitoring. So only large teams, or mining farms (from some large eastern country), with staff on guard would be able to run nodes efficiently. See what I mean?
Does that make sense?
It could make sense if it's true that there sre some interest groups or individuals who would like to see Bitcoin fully centralized because that would mean the control and power. In their hands, of course. But what confuses me is the question if this is realy possible, could happen that bi becomes centralized? |
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1540
No I dont escrow anymore.
|
|
April 23, 2017, 07:49:30 AM |
|
We've all seen that BTC is getting more and more centralized, and I wonder if the people behind this attack could be trying to push even further into that direction. There are still some lonely individuals running a node at their home, and the attacker may want to make this next to impossible, as running a node should now command close and regular monitoring. So only large teams, or mining farms (from some large eastern country), with staff on guard would be able to run nodes efficiently. See what I mean?
Does that make sense?
It could make sense if it's true that there sre some interest groups or individuals who would like to see Bitcoin fully centralized because that would mean the control and power. In their hands, of course. But what confuses me is the question if this is realy possible, could happen that bi becomes centralized? Yes, Bitcoin could become centalized if its no longer feasible or affordable for "normal" people to run full nodes. This attack however is not strong enough to do so and even if it was in its strongest possible form (fully saturating all connection slots of a given target) it would have a different effect. This is a very weak sybil/(D)DoS attack. Once detected there is no need for "staff on guard" as countryfree puts it, you just ban the IP addresses of the attacker and your node goes back to normal business. |
Im not really here, its just your imagination.
|
|
|
Meuh6879
Legendary
Offline
Activity: 1512
Merit: 1012
|
|
May 08, 2017, 01:04:57 PM |
|
From 2017-04-27 to 2017-05-08 (12 days) 129.13.252.47 Hits = 11562
129.13.252.36 Hits = 9182
188.65.213.21 Hits = 5614
46.101.246.115 Hits = 4212
136.243.139.96 Hits = 3948
139.162.96.165 Hits = 3295
[2a03:b0c0:3:d0::5c9:4001] Hits = 2665
[2a00:1398:4:2a00::a5] Hits = 1303
[2a00:1398:4:2a00::a1] Hits = 1045
104.196.107.156 Hits = 730
54.223.77.14 Hits = 696
52.29.215.16 Hits = 690
52.70.130.28 Hits = 636
52.76.95.246 Hits = 581
52.74.14.245 Hits = 531
104.236.95.174 Hits = 522
192.99.19.37 Hits = 518
54.94.211.146 Hits = 494
52.192.180.114 Hits = 479
52.210.89.26 Hits = 470
[2604:a880:800:10::7ee:5001] Hits = 459
52.18.56.236 Hits = 421
52.8.99.184 Hits = 391
52.62.33.159 Hits = 341
72.36.89.11 Hits = 272
[2001:0:9d38:90d7:ac:3a9c:fab0:b4fa] Hits = 269
[2001:19f0:ac01:2fb:5400:ff:fe5b:c3ff] Hits = 246
52.32.80.148 Hits = 218
46.63.26.63 Hits = 162
131.114.88.218 Hits = 137
202.170.57.251 Hits = 111
5.189.177.237 Hits = 99
90.126.106.129 Hits = 53
109.252.107.129 Hits = 45
84.9.11.75 Hits = 40
124.65.117.206 Hits = 34
14.3.29.141 Hits = 33
190.88.224.137 Hits = 27
86.175.16.118 Hits = 22
49.159.52.156 Hits = 20
45.16.139.115 Hits = 18
Same list, IP Range ordered : [2001:0:9d38:90d7:ac:3a9c:fab0:b4fa] Hits = 269
[2001:19f0:ac01:2fb:5400:ff:fe5b:c3ff] Hits = 246
[2604:a880:800:10::7ee:5001] Hits = 459
[2a00:1398:4:2a00::a1] Hits = 1045
[2a00:1398:4:2a00::a5] Hits = 1303
[2a03:b0c0:3:d0::5c9:4001] Hits = 2665
104.196.107.156 Hits = 730
104.236.95.174 Hits = 522
109.252.107.129 Hits = 45
124.65.117.206 Hits = 34
129.13.252.36 Hits = 9182
129.13.252.47 Hits = 11562
131.114.88.218 Hits = 137
136.243.139.96 Hits = 3948
139.162.96.165 Hits = 3295
14.3.29.141 Hits = 33
188.65.213.21 Hits = 5614
190.88.224.137 Hits = 27
192.99.19.37 Hits = 518
202.170.57.251 Hits = 111
45.16.139.115 Hits = 18
46.101.246.115 Hits = 4212
46.63.26.63 Hits = 162
49.159.52.156 Hits = 20
5.189.177.237 Hits = 99
52.18.56.236 Hits = 421
52.192.180.114 Hits = 479
52.210.89.26 Hits = 470
52.29.215.16 Hits = 690
52.32.80.148 Hits = 218
52.62.33.159 Hits = 341
52.70.130.28 Hits = 636
52.74.14.245 Hits = 531
52.76.95.246 Hits = 581
52.8.99.184 Hits = 391
54.223.77.14 Hits = 696
54.94.211.146 Hits = 494
72.36.89.11 Hits = 272
84.9.11.75 Hits = 40
86.175.16.118 Hits = 22
90.126.106.129 Hits = 53
|
|
|
|
|
|
