neuhof7 (OP)
Jr. Member
 Offline
Activity: 34
Merit: 8
|
 |
January 04, 2020, 08:28:46 PM |
|
Hi all, i observed the following: Until some weeks/days ago the number of Full Nodes, which doesn't belong to a country on the list of https://bitnodes.earn.com/ were always <~200 . A friend of mine told me he is sure, that around 1 week ago the number of Full Nodes using Tor was 153, when he looked at the site. On websites, which indicate websites from time to time you can see that the number of Full Nodes, which doens't belong to a country were always low. https://web.archive.org/web/2019*/https://bitnodes.earn.com/Atm around 20% of the Full Nodes are .onion .... what happened? is a group or someone trying to get >50% of all Full Nodes by setting up many new ones (hidden behind TOR)? do many Full Node Op's switch to use TOR? why? amount of Full Nodes totally is stable? does somebody have more Data to look at? i noticed it, because a friend and me had set up a Full Node in the last weeks. If anybody want to appreciate this btc (; bc1qv9mpy2kwpljyl06rgwwd8msgtw8znlw3j78a5d peace |
|
|
|
|
|
|
|
|
|
|
|
Make sure you back up your wallet regularly! Unlike a bank account, nobody can help you if you lose access to your BTC.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
Lauda
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
January 04, 2020, 08:43:50 PM |
|
There is nothing to worry about and nobody other than the one behind this and/or the NSA are able to answer this accurately. They could create a million nodes, it would make no difference. You are wasting your own time with these questions. what happened?
See above. is a group or someone trying to get >50% of all Full Nodes by setting up many new ones (hidden behind TOR)?
See above. do many Full Node Op's switch to use TOR? why? amount of Full Nodes totally is stable? does somebody have more Data to look at?
See above.
I made a thread about something similar a couple years back. Somebody popped up a lot of (clearnet) nodes. At the time I was thinking that they're either trying to do a connection-exhaust attack or partitioning attack. I'm having trouble finding it right now. In practice, it usually creates a high cost for the attacker with very little to no gain. |
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion) |
|
|
neuhof7 (OP)
Jr. Member
Offline
Activity: 34
Merit: 8
|
|
January 04, 2020, 09:17:55 PM |
|
They could create a million nodes, it would make no difference. You are wasting your own time with these questions.
why? i thought changes on the protocoll are voted by full nodes? am i wrong? I made a thread about something similar a couple years back. Somebody popped up a lot of (clearnet) nodes. At the time I was thinking that they're either trying to do a connection-exhaust attack or partitioning attack. I'm having trouble finding it right now. In practice, it usually creates a high cost for the attacker with very little to no gain.
what is a connection-exhaust attack or a partitioning attack? tl;dr; why are there now 2000 instead of 200 full nodes behind TOR after just one week |
|
|
|
|
BitcoinFX
Legendary
Offline
Activity: 2646
Merit: 1720
https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF
|
|
January 04, 2020, 09:47:38 PM
Last edit: January 04, 2020, 10:33:55 PM by BitcoinFX |
|
They could create a million nodes, it would make no difference. You are wasting your own time with these questions.
why? i thought changes on the protocoll are voted by full nodes? am i wrong? I made a thread about something similar a couple years back. Somebody popped up a lot of (clearnet) nodes. At the time I was thinking that they're either trying to do a connection-exhaust attack or partitioning attack. I'm having trouble finding it right now. In practice, it usually creates a high cost for the attacker with very little to no gain.
what is a connection-exhaust attack or a partitioning attack? tl;dr; why are there now 2000 instead of 200 full nodes behind TOR after just one weekIt's not likely to be an 'attack' , unless they also started mining above 51% network hash rate - collectively. Basically, very improbable if not impossible. Maybe a GeoIP update dropped some country ranges from it's database ? Hence, n/a . ? ...Oh snap! Hehe, currently 2225 .onion's ... - https://bitnodes.earn.com/nodes/?q=unknown-countryAlso, it's not TOR - it's Tor.  P.S. Monitoring the number of connections (only) on my own dedicated Tor nodes - nothing to unusual to report - yet! EDIT: Wasabi Sauce ? - "A Versatile Condiment With A Velvety Zing"- https://en.wikipedia.org/wiki/WasabiSushi_Wasabi ... - https://youtu.be/wbNLtttn8eU- https://www.wasabiwallet.io/- https://docs.wasabiwallet.io/why-wasabi/BitcoinPrivacy.html#network-snooping  |
|
|
|
neuhof7 (OP)
Jr. Member
Offline
Activity: 34
Merit: 8
|
|
January 04, 2020, 10:16:12 PM |
|
Hehe, currently 2225 .onion's ...
Network Snapshot Snapshot of reachable nodes as of Fri Dec 20 2019 20:48:40 GMT+0100 (Mitteleuropäische Normalzeit). 159 .onion isn't it a huge increase of .onion users when its now >x10 just some weeks later .. It's not likely to be an 'attack' , unless they also started mining above 51% network hash rate - collectively.
k Maybe a GeoIP update dropped some country ranges from it's database ? Hence, n/a . ? ...
could be. thats why i asked if the total number changed. |
|
|
|
|
BitcoinFX
Legendary
Offline
Activity: 2646
Merit: 1720
https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF
|
|
January 04, 2020, 10:37:13 PM
Last edit: January 04, 2020, 11:05:33 PM by BitcoinFX |
|
Hehe, currently 2225 .onion's ...
Network Snapshot Snapshot of reachable nodes as of Fri Dec 20 2019 20:48:40 GMT+0100 (Mitteleuropäische Normalzeit). 159 .onion isn't it a huge increase of .onion users when its now >x10 just some weeks later .. It's not likely to be an 'attack' , unless they also started mining above 51% network hash rate - collectively.
k Maybe a GeoIP update dropped some country ranges from it's database ? Hence, n/a . ? ...
could be. thats why i asked if the total number changed. ... Most likely explanation ... My Bad !? - https://bitcointalk.org/index.php?topic=2471779.msg53519422#msg53519422- https://bitcointalk.org/index.php?topic=5214564.msg53512242#msg53512242  |
|
|
|
|
DaCryptoRaccoon
|
|
January 05, 2020, 06:21:57 PM |
|
This is actually concerning I have spoken with one of the dev's at wasabi and been confirmed this is not them. "nopara73, [05.01.20 17:04]
No, these are onion nodes, while Wasabi doesn'
nopara73, [05.01.20 17:04]
doesn't enforce onion nodes. Further to this it my be possible it is the start of an Eclipse attack that would hoodwink many honest nodes by filling there IP buckets with malicious IP's.. Bitcoin core did add some fixes to prevent this but I still think the attack vector is valid. Further more we need to ask who would have the resources and time to spin up all these nodes? I find it very strange that none of the main media outlets like coin telegraph or coindesk are covering this. If we suddenly saw 20% more mining power on a single pool the community would be up in arms but yet we see a 18+% rise in tor nodes and it fly's under the radar? Do people realize that with Eclipse attack you would only need around 40% hash power to conduct a successful attack and the old 51% goes out the window. Snapshot of reachable nodes as of Sun Jan 05 2020 16:19:04 GMT+0000 (Greenwich Mean Time).
Top 6 networks with their respective number of reachable nodes.
RANK NETWORK NODES
1 Tor network 2206 (19.74%)
2 Hetzner Online GmbH 1079 (9.65%)
3 Amazon.com, Inc. 785 (7.02%)
4 DigitalOcean, LLC 711 (6.36%)
5 OVH SAS 477 (4.27%)
6 Choopa, LLC 449 (4.02%)
Another thing to note is all the new nodes are running this version of bitcoin /Satoshi:0.18.1/ (70015)
NODE_NETWORK, NODE_BLOOM, NODE_WITNESS, NODE_NETWORK_LIMITED (1037) Should we be concerend about this? |
Raccoon Stuff
|
|
|
|
DaCryptoRaccoon
|
|
January 05, 2020, 06:44:15 PM |
|
Actually with the Eclipse attack you would only need 40% of the network to conduct this attack as the nodes and IP buckets of honest nodes become filled with attacker IPs. https://www.youtube.com/watch?v=J-lF0zxGpu0Granted some of the vectors were fixed by core some time ago when this was first thought up but the attack is still valid and I am sure there is something going on here. No one spins up 2k nodes over night for no reason. |
Raccoon Stuff
|
|
|
nopara73
Member
Offline
Activity: 99
Merit: 326
|
|
January 06, 2020, 03:58:12 AM |
|
Correct. It isn't Wasabi, we released our Bitcoin Core integration at Dec 14 and the 200 -> 2000 onion node overnight rush was on January 1.
|
|
|
|
|
buzzkillb
|
|
January 06, 2020, 04:30:34 AM |
|
Someone could spin that up in docker very easily. Or they are using a fake clients to connect.
|
|
|
|
|
|
|
|
|
neuhof7 (OP)
Jr. Member
Offline
Activity: 34
Merit: 8
|
|
January 06, 2020, 12:41:36 PM |
|
Correct. It isn't Wasabi, we released our Bitcoin Core integration at Dec 14 and the 200 -> 2000 onion node overnight rush was on January 1.
someone on reddit told me not to worry about it, because bitnodes.earn isn't showing all the nodes.... she or he told me to have a look at this site: https://luke.dashjr.org/programs/bitcoin/files/charts/software.htmlmy question: is this link showing all the nodes, including the ones, who arent sharing the whole blockchain? so there are listed some, which are only confirmating transactions, too? |
|
|
|
|
neuhof7 (OP)
Jr. Member
Offline
Activity: 34
Merit: 8
|
|
January 06, 2020, 12:48:41 PM |
|
ok i get it, but why does the total number of nodes increased so hard in the new year? |
|
|
|
|
ThatRandomDude
Copper Member
Member
Offline
Activity: 149
Merit: 15
Thales knew
|
|
January 06, 2020, 01:28:38 PM |
|
ok i get it, but why does the total number of nodes increased so hard in the new year?
The total changed because the Tor count was fixed, the clearnet nodes are pretty much the same as before. The only thing changed is that bitnodes finally fixed their Tor configuration bug. |
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3374
Merit: 4598
|
|
January 06, 2020, 02:03:37 PM |
|
They could create a million nodes, it would make no difference. You are wasting your own time with these questions.
why? i thought changes on the protocoll are voted by full nodes? am i wrong? You are wrong. Full nodes ENFORCE the protocol rules, but there is no voting. If you run a billion nodes that all enforce different rules, then your nodes will fork their own blockchain with those other rules. Meanwhile, those of us running nodes with the current protocol rules will all happily ignore your nodes and continue with our own blockchain with our rules. |
|
|
|
|
squatter
Legendary
Offline
Activity: 1666
Merit: 1196
STOP SNITCHIN'
|
|
January 06, 2020, 10:18:24 PM |
|
ok i get it, but why does the total number of nodes increased so hard in the new year?
The total changed because the Tor count was fixed, the clearnet nodes are pretty much the same as before. The only thing changed is that bitnodes finally fixed their Tor configuration bug. So Bitnodes was just miscounting TOR nodes -- and therefore total listening nodes -- all along? If 2,000 nodes did show up on TOR overnight, could that indicate a de-anonymization attack? Is that possible? |
|
|
|
|
|
squatter
Legendary
Offline
Activity: 1666
Merit: 1196
STOP SNITCHIN'
|
|
January 06, 2020, 11:21:47 PM |
|
Indeed, the Bitnodes misconfiguration doesn't explain that. My first thought was, "Is Coin Dance just pulling from Bitnodes API?" But no, that seems unlikely since there is a disparity between the two node counts. |
|
|
|
Kakmakr
Legendary
Offline
Activity: 3430
Merit: 1957
Leading Crypto Sports Betting & Casino Platform
|
|
January 16, 2020, 09:16:25 AM |
|
I am glad it is just a "configuration/Crawler" error and not a real attack vector, but I am even more happy that people are actively monitoring and querying the results and questioning it when it looks wrong. Keep up the good work as the watchdogs of the community, because we need people like you that would quickly react, if something shady is spotted.  We saw something similar during the Fork war, when people tried to fake node stats with nodes being run on cloud computing platforms.  |
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
|
