Bitcoin Forum
April 24, 2024, 02:32:50 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Bitcoin Discussion > someone is syn flooding clients
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: someone is syn flooding clients  (Read 2033 times)
NghtRppr (OP)
Sr. Member
****
Offline Offline

Activity: 504
Merit: 252


Elder Crypto God


View Profile WWW
June 22, 2011, 10:37:22 PM
 #1
I recently launched the client on my school's network and I got a bunch of syn flood attack warnings.
1713969170
Hero Member
*
Offline Offline

Posts: 1713969170

View Profile Personal Message (Offline)

Ignore
1713969170
1713969170
Reply with quote  #2
1713969170
Report to moderator
1713969170
Hero Member
*
Offline Offline

Posts: 1713969170

View Profile Personal Message (Offline)

Ignore
1713969170
1713969170
Reply with quote  #2
1713969170
Report to moderator
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, but full nodes are more resource-heavy, and they must do a lengthy initial syncing process. As a result, lightweight clients with somewhat less security are commonly used.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1713969170
Hero Member
*
Offline Offline

Posts: 1713969170

View Profile Personal Message (Offline)

Ignore
1713969170
1713969170
Reply with quote  #2
1713969170
Report to moderator
1713969170
Hero Member
*
Offline Offline

Posts: 1713969170

View Profile Personal Message (Offline)

Ignore
1713969170
1713969170
Reply with quote  #2
1713969170
Report to moderator
ius
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
June 22, 2011, 10:40:20 PM
 #2
And you're absolutely sure it isn't due to the multitude of peers trying to connect to you? Wink
NghtRppr (OP)
Sr. Member
****
Offline Offline

Activity: 504
Merit: 252


Elder Crypto God


View Profile WWW
June 22, 2011, 10:44:00 PM
 #3
Quote from: ius on June 22, 2011, 10:40:20 PM
And you're absolutely sure it isn't due to the multitude of peers trying to connect to you? Wink

It's never triggered it before but no I'm not sure.
btc_man
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile
June 22, 2011, 11:19:40 PM
 #4
are they to/from an ip you know?
phorensic
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile
June 22, 2011, 11:43:17 PM
 #5
I would say it's the p2p nature of the client downloading blocks that is setting off your firewall.  It will use a lot of connections if you let it run for a while.
zer0
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250



View Profile
June 23, 2011, 01:10:30 AM
 #6
i run bitcoind over Tor seems the best way to prevent floods or somebody finding it
JoelKatz
Legendary
*
Offline Offline

Activity: 1596
Merit: 1012


Democracy is vulnerable to a 51% attack.


View Profile WWW
June 23, 2011, 01:18:28 AM
 #7
Quote from: bitcoin2cash on June 22, 2011, 10:37:22 PM
I recently launched the client on my school's network and I got a bunch of syn flood attack warnings.
If it goes away in a few minutes, it's probably completely normal. The client wants to be well-connected as quickly as possible and this may set off attack warnings on some systems.

If someone has a chance, it would be helpful to run the client on a machine that is monitored for traffic and connection volume. At least count SYNs to the bitcoin port. Ideally, use the IP for nothing else for awhile and log *all* traffic to it to see if you get probes, attack attempts, and the like. Post your summarized statistical results so we can have a baseline for what's normal. If nobody else does this, I'll try to do it myself tomorrow sometime.
I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
bitcoinBull
Legendary
*
Offline Offline

Activity: 826
Merit: 1001


rippleFanatic


View Profile
June 23, 2011, 01:54:44 AM
 #8
Quote from: JoelKatz on June 23, 2011, 01:18:28 AM
Quote from: bitcoin2cash on June 22, 2011, 10:37:22 PM
I recently launched the client on my school's network and I got a bunch of syn flood attack warnings.
If it goes away in a few minutes, it's probably completely normal. The client wants to be well-connected as quickly as possible and this may set off attack warnings on some systems.

If someone has a chance, it would be helpful to run the client on a machine that is monitored for traffic and connection volume. At least count SYNs to the bitcoin port. Ideally, use the IP for nothing else for awhile and log *all* traffic to it to see if you get probes, attack attempts, and the like. Post your summarized statistical results so we can have a baseline for what's normal. If nobody else does this, I'll try to do it myself tomorrow sometime.

Would be quite helpful if somebody(s) set up several honeypots and left them connected to the network, reporting the results periodically.  There are downloadable honeypot configurations that should make this easy enough.
College of Bucking Bulls Knowledge
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Bitcoin Discussion > someone is syn flooding clients
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!