Bitcoin Forum
March 28, 2024, 11:46:07 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: IRC bootstrapping causes suspected botnet activity with AT&T  (Read 1642 times)
navigator (OP)
Sr. Member
****
Offline Offline

Activity: 362
Merit: 250


View Profile
September 03, 2011, 07:20:48 PM
 #1

Just received an email from AT&T stating an IP I was using is suspected of being part of a botnet because of the irc activity. I don't fully understand the irc bootstrapping part. Can someone explain it? What should I tell them?
1711669567
Hero Member
*
Offline Offline

Posts: 1711669567

View Profile Personal Message (Offline)

Ignore
1711669567
Reply with quote  #2

1711669567
Report to moderator
1711669567
Hero Member
*
Offline Offline

Posts: 1711669567

View Profile Personal Message (Offline)

Ignore
1711669567
Reply with quote  #2

1711669567
Report to moderator
1711669567
Hero Member
*
Offline Offline

Posts: 1711669567

View Profile Personal Message (Offline)

Ignore
1711669567
Reply with quote  #2

1711669567
Report to moderator
If you want to be a moderator, report many posts with accuracy. You will be noticed.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
Gabi
Legendary
*
Offline Offline

Activity: 1148
Merit: 1008


If you want to walk on water, get out of the boat


View Profile
September 03, 2011, 07:32:12 PM
 #2

Tell them nothing?

The bitcoin client just use irc to find some nodes and connect with them, much quicker than having to search for nodes using the normal p2p system.

After that it of course find other nodes with the normal system and of course the client would work without the irc bootstrap but would take more time to find nodes when you launch it.

Anyway, it's perfectly legal, so not your problem what they suspect

jgarzik
Legendary
*
Offline Offline

Activity: 1596
Merit: 1091


View Profile
September 03, 2011, 07:32:25 PM
 #3

Just be honest:  Tell them that open source project Bitcoin uses IRC for P2P network bootstrapping.

You can disable this with -noirc.

Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
navigator (OP)
Sr. Member
****
Offline Offline

Activity: 362
Merit: 250


View Profile
September 03, 2011, 07:39:32 PM
 #4

Thank you jgarzik, I did not know of the -noirc option.

Gabi, I can't tell them nothing or they may suspend my internet services. I know bitcoin isnt illegal, I just wanted to be as discrete as possible.

I don't usually leave any *coin clients running except lately as I've been solo-mining *coins. I noticed when I first started using bitcoin or any coin that my modem's firewall log gets flooded with port scan activity. It makes it hard to know when I actually am being scanned and not just from bitcoin. No other application does this.

EDIT: just tested the -noirc option and it works perfect thanks!
kgo
Hero Member
*****
Offline Offline

Activity: 548
Merit: 500


View Profile
September 03, 2011, 07:51:31 PM
 #5

Are you sure it's just bitcoin traffic that set off this alarm?

My understanding is that the client makes one quick IRC request when it starts up, and that's it.  So unless you're starting up bitcoin thousands of times a day, it seems strange that you would trigger a bot-net alert, and stranger that no-one else with AT&T has reported the same problem.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
September 03, 2011, 07:53:31 PM
 #6

glad my isp don't care about anything, bandwidth limits, servers, i just love them Cheesy.

Gabi
Legendary
*
Offline Offline

Activity: 1148
Merit: 1008


If you want to walk on water, get out of the boat


View Profile
September 03, 2011, 07:55:53 PM
 #7

Can't you use another internet service provider? Maybe one that doesn't check how many times you use irc?

theymos
Administrator
Legendary
*
Offline Offline

Activity: 5152
Merit: 12580


View Profile
September 03, 2011, 08:21:49 PM
 #8

Are you sure it's just bitcoin traffic that set off this alarm?

My understanding is that the client makes one quick IRC request when it starts up, and that's it.  So unless you're starting up bitcoin thousands of times a day, it seems strange that you would trigger a bot-net alert, and stranger that no-one else with AT&T has reported the same problem.


Bitcoin stays connected to IRC.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
navigator (OP)
Sr. Member
****
Offline Offline

Activity: 362
Merit: 250


View Profile
September 03, 2011, 08:22:16 PM
 #9

There are no other providers here or I would consider switching. My bandwith is not capped or limited by them in anyway. That only applies to certain customers. This is from bitcoin traffic. I am not part of a botnet or do anything that would resemble that. The last few days or weeks actually, I have started using multiple clients from all the other forks and have been opening/closing them a lot. And have been solo-mining i0coins on and off a lot switching back and forth based on difficulty and profit.
elggawf
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


View Profile
September 03, 2011, 09:35:37 PM
 #10

There are no other providers here or I would consider switching. My bandwith is not capped or limited by them in anyway. That only applies to certain customers. This is from bitcoin traffic. I am not part of a botnet or do anything that would resemble that. The last few days or weeks actually, I have started using multiple clients from all the other forks and have been opening/closing them a lot. And have been solo-mining i0coins on and off a lot switching back and forth based on difficulty and profit.

Really? We're in our last month of warnings for bandwidth overages (house full of habitual Netflix/Steam users) before we switch to another provider. I didn't know AT&T had any offerings that we're bandwidth quota'd.

AT&T haven't bugged me about it, but I think I have noirc in my configs anyway. Once you've run it the first time, unless you leave it offline a while it'll probably get back on the network fine.

^_^
wolftaur
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
September 03, 2011, 11:02:23 PM
 #11

If you're setting up a client from scratch and have any concerns about the IRC issue, you can, in addition to using -noirc to stop connection, use the -addnode switch along with one of the fallback nodes listed on the Bitcoin wiki to get yourself a bootstrap list of addresses to connect to for the block chain. This can also get you back on if you are trying to use -noirc despite not having connected in ages.

You only need to be able to connect to one static node to find other static and dynamic nodes and end up well-connected.

"MOOOOOOOM! SOME MYTHICAL WOLFBEAST GUY IS MAKING FUN OF ME ON THE INTERNET!!!!"
navigator (OP)
Sr. Member
****
Offline Offline

Activity: 362
Merit: 250


View Profile
September 03, 2011, 11:44:49 PM
 #12

I have it figured out now and adjusted my configs. I think I understand the IRC part better now. If AT&T responds with anything I will post back.
MrWizard
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250


View Profile
September 04, 2011, 01:16:04 AM
Last edit: September 04, 2011, 05:43:13 AM by MrWizard
 #13

Just received an email from AT&T stating an IP I was using is suspected of being part of a botnet because of the irc activity. I don't fully understand the irc bootstrapping part. Can someone explain it? What should I tell them?
Got the same e-mail from the a**-holes at AT&T.  The only option that they give me in their email is to acknowledge an "infection" and that I will deal with it.

Thanks jgarzik for the advice on how to disable use of IRC.

"I walked into the room dripping in Bitcoins.  Yea dripping in Bitcoins."
(BTC) 168DCCeGmDy3xTWRimLVhvKtK3yEWbpsSg     (LTC) LbYS8VFqFSU7B9bfaHD11seQMtrtYEKpLe
(BBQ) bNVZErvwLzpEG7H3kt1fycWspzRQB1MJzL
Meatpile
Sr. Member
****
Offline Offline

Activity: 277
Merit: 250


View Profile
September 04, 2011, 05:31:15 AM
 #14

This is the bullshit that happens when companies have no idea that technology has legitimate uses. If the RIAA had their way, they would ban the internet.
wolftaur
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
September 04, 2011, 05:33:39 AM
 #15

This is the bullshit that happens when companies have no idea that technology has legitimate uses. If the RIAA had their way, they would ban the internet.

Don't forget recordable media. Because we all know RIAA is about to go to bankrupt because blank CD-Rs exist. Tongue

"MOOOOOOOM! SOME MYTHICAL WOLFBEAST GUY IS MAKING FUN OF ME ON THE INTERNET!!!!"
Revalin
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g


View Profile
September 04, 2011, 07:38:42 AM
 #16

Got the same e-mail from the a**-holes at AT&T.  The only option that they give me in their email is to acknowledge an "infection" and that I will deal with it.

Reply:  "Thank you for your concern.  I have taken care of the problem."

It's not even lying, really.  -noirc takes care of the problem.  Smiley

Quote
I know bitcoin isnt illegal, I just wanted to be as discrete as possible.

You may want to run bitcoin through TOR or another encrypting proxy if you don't want AT&T nosing around in your affairs.

      War is God's way of teaching Americans geography.  --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics.  --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
September 04, 2011, 07:41:25 AM
 #17

It's not even lying, really.  -noirc takes care of the problem.  Smiley

never was a problem

if at&t thinks bitcoin is slowing down their network, then they need some serious help.

Gabi
Legendary
*
Offline Offline

Activity: 1148
Merit: 1008


If you want to walk on water, get out of the boat


View Profile
September 04, 2011, 10:52:27 AM
 #18

Why he should use -noirc? The irc bootstrapping is totally legal. I doubt they can force you to disable it, contact a lawyer... Roll Eyes

But you guys sure have weird internet service provider. Bandwidth problems? I have my connection, 7megabit download and 1megabit upload and i can use it as i wish, 24/24, forever.


Exonumia
Full Member
***
Offline Offline

Activity: 189
Merit: 101



View Profile
September 04, 2011, 11:32:22 AM
 #19

AT&T isn't the only ISP that does this, I've seen time warner do it in many markets, and I've seen smaller mom and pop ISPs do it back in the day.

They are not spying on the connections (they just hand it all over to the NSA for that Wink ).

To be honest I am glad they have these automated systems looking for common bot nets. There are many users (not the OP) who NEED to be told when their machines have been compromised or they will never know.

He can simply reply to them letting them know that his machine is not knowingly compromised and that connection is indeed authorized from him. They saw what looked like a botnet fingerprint and warned him... the reason why they want a reply is so they CAN shut it down if they get none (aka noone is home/bogus account/etc)... would you rather they just let a ton of DOS attacks originate from their users?

You can also place:
noirc=1
in your bitcoin.conf if you don't want to use the command line option.

ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
September 04, 2011, 04:04:41 PM
 #20

i think there needs to be a court ruling that deals with all these rouge isps in the US.

forbid monitoring any lines, just like phone tapping(although they happen too)
no limits or reasonable bandwidth limits (i think 500 or 600gb is fair for a 20megabit line, lets be honest here, 300 gigs is silly, and can be easily met.)
allow customers to run anything they like on their connections, whether it be servers or bitcoin or BT, as long as its legal.
does that silly law still exist where you cant import/export certain cryptography outside the US? they have no place to make these decisions.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!