Bitcoin Forum
December 09, 2016, 11:27:13 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Shy client patch  (Read 1504 times)
Hal
VIP
Sr. Member
*
expert
Offline Offline

Activity: 314



View Profile
January 22, 2011, 08:26:13 PM
 #1

I made a patch to make the client "shy". On incoming connections, it won't send a version message until it receives one. This can help make port scanning identification harder.

Code:
diff --git a/main.cpp b/main.cpp
index b7dfd9f..cb4fad6 100644
--- a/main.cpp
+++ b/main.cpp
@@ -2290,6 +2290,10 @@ bool ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv)
             return true;
         }
 
+        // Be shy and don't send version until we hear
+        if (pfrom->fInbound)
+            pfrom->PushVersion();
+
         pfrom->fClient = !(pfrom->nServices & NODE_NETWORK);
 
         AddTimeData(pfrom->addr.ip, nTime);
diff --git a/net.h b/net.h
index f070816..12e415b 100644
--- a/net.h
+++ b/net.h
@@ -571,14 +571,9 @@ public:
         fGetAddr = false;
         vfSubscribe.assign(256, false);
 
-        // Push a version message
-        /// when NTP implemented, change to just nTime = GetAdjustedTime()
-        int64 nTime = (fInbound ? GetAdjustedTime() : GetTime());
-        CAddress addrYou = (fUseProxy ? CAddress("0.0.0.0") : addr);
-        CAddress addrMe = (fUseProxy ? CAddress("0.0.0.0") : addrLocalHost);
-        RAND_bytes((unsigned char*)&nLocalHostNonce, sizeof(nLocalHostNonce));
-        PushMessage("version", VERSION, nLocalServices, nTime, addrYou, addrMe,
-                    nLocalHostNonce, string(pszSubVer), nBestHeight);
+        // Be shy and don't send version until we hear
+        if (!fInbound)
+            PushVersion();
     }
 
     ~CNode()
@@ -735,6 +730,19 @@ public:
 
 
 
+    void PushVersion()
+    {
+        /// when NTP implemented, change to just nTime = GetAdjustedTime()
+        int64 nTime = (fInbound ? GetAdjustedTime() : GetTime());
+        CAddress addrYou = (fUseProxy ? CAddress("0.0.0.0") : addr);
+        CAddress addrMe = (fUseProxy ? CAddress("0.0.0.0") : addrLocalHost);
+        RAND_bytes((unsigned char*)&nLocalHostNonce, sizeof(nLocalHostNonce));
+        PushMessage("version", VERSION, nLocalServices, nTime, addrYou, addrMe,
+                nLocalHostNonce, string(pszSubVer), nBestHeight);
+    }
+
+
+
 
     void PushMessage(const char* pszCommand)
     {

I noticed that the variable nLocalHostNonce is being used to detect connecting to ourself. But I'm not sure it is working, because we will (re-)randomize nLocalHostNonce on incoming connection before we compare with incoming version message. So even if we are connecting to ourself, nLocalHostNonce won't match. The shy patch should fix this.

Hal Finney
1481326033
Hero Member
*
Offline Offline

Posts: 1481326033

View Profile Personal Message (Offline)

Ignore
1481326033
Reply with quote  #2

1481326033
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481326033
Hero Member
*
Offline Offline

Posts: 1481326033

View Profile Personal Message (Offline)

Ignore
1481326033
Reply with quote  #2

1481326033
Report to moderator
1481326033
Hero Member
*
Offline Offline

Posts: 1481326033

View Profile Personal Message (Offline)

Ignore
1481326033
Reply with quote  #2

1481326033
Report to moderator
Hal
VIP
Sr. Member
*
expert
Offline Offline

Activity: 314



View Profile
January 22, 2011, 08:36:20 PM
 #2

Meant to add, seems to work ok with other clients, I've got 30+ connections. It did turn my dot red on the bitcoin world map, I guess that scanner relies on noisy nodes.

Hal Finney
bitcoinex
Sr. Member
****
Offline Offline

Activity: 350


probiwon.com


View Profile WWW
January 23, 2011, 01:44:30 PM
 #3

How does it complicate the scan?

New bitcoin lottery: probiwon.com
- Может, ты ещё и в Невидимую Руку Рынка веруешь? - Зачем же веровать в то, что можно наблюдать непосредственно?
Hal
VIP
Sr. Member
*
expert
Offline Offline

Activity: 314



View Profile
January 23, 2011, 06:42:21 PM
 #4

Now, when you connect to the port, the client spews out a version message, which reveals its identity. With the shy patch, there's no response. It could be ssh, could be torrent, could be bitcoin, could be http, could be anything. The scanner would have to try to send crafted packets for each of dozens or hundreds of known protocols, to try to elicit a response.

Of course while we're all on 8333, it's pretty obvious what's what. But presumably that will change eventually.

Hal Finney
Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
January 30, 2011, 06:03:25 PM
 #5

This seems like a good idea; maybe not for the next (0.3.20) release, but 0.3.21.


How often do you get the chance to work on a potentially world-changing project?
zipslack
Jr. Member
*
Offline Offline

Activity: 43


View Profile
January 30, 2011, 07:06:14 PM
 #6

This seems like a good idea

I agree.
jgarzik
Legendary
*
qt
Offline Offline

Activity: 1470


View Profile
January 30, 2011, 10:51:20 PM
 #7

I made a patch to make the client "shy". On incoming connections, it won't send a version message until it receives one. This can help make port scanning identification harder.

FWIW, this can also be used in conjunction with TCP_DEFER_ACCEPT socket option, which does not indicate a socket is available to accept(2) until data arrives.

Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
bitcoinex
Sr. Member
****
Offline Offline

Activity: 350


probiwon.com


View Profile WWW
January 31, 2011, 12:30:07 AM
 #8

I made a patch to make the client "shy". On incoming connections, it won't send a version message until it receives one. This can help make port scanning identification harder.

FWIW, this can also be used in conjunction with TCP_DEFER_ACCEPT socket option, which does not indicate a socket is available to accept(2) until data arrives.

Similar features have also FreeBSD (accf_data) and Win32 (AcceptEx, FD_ACCEPT).

New bitcoin lottery: probiwon.com
- Может, ты ещё и в Невидимую Руку Рынка веруешь? - Зачем же веровать в то, что можно наблюдать непосредственно?
Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
March 05, 2011, 10:16:13 PM
 #9

Pull request:
  https://github.com/bitcoin/bitcoin/pull/101

How often do you get the chance to work on a potentially world-changing project?
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!