Topic: Allowing Inbound Connections (Read 111 times)

Spy nodes are clients that usually aren't actual full nodes (they can be). They usually don't even have a blockchain and only fake it. These clients connect to different full nodes to literary spy on them. Although it is not always malicious and sometimes they are just gathering statistics (like web crawlers).

For example one goal could be to find a link between a transaction and an IP address. The spy node connects to as many nodes as it can at the same time and if it sees tx1 coming from IPx for the first time then (some time later) sees tx2 spending outputs of tx1 and coming from same IPx and so on it can eventually conclude that addresses a, b, c, d belong to IPx and from there it could be possible to link IPx to the person's identity hence deanonymizing transactions.

The only risk is privacy risk (although I should add that there are a lot of good work done by core team to make such attempts as hard as possible), and of course wasting your resources.

That's hard to say since I'm not running core but the simplest behavior they have which makes identifying some of them trivial are:
- One of them is literary called "snoopy" (the client name in version message)
- They can't reply to getdata, getblock, getheader, etc. since they don't have any blockchain
- The version message some of them use during handshake is buggy and if you send them a false block height they start advertising that!
- Some of them keep coming and going (they don't remain connected)
- They also don't ask for same things a normal node would such as checking their headers with you first to sync

What are spy nodes ? I have never heard of them. Do they posses any risks and what is their purpose of connecting to our node?
I tried to get some info on it by googling and searching on the forum but couldn't find any.
I am able to get the peer info from the command 'getpeerinfo' but how do I identify if a node is spy node or a genuine one.

You should now check the clients that are connected to you (incoming) and try to count how many of them are "spy nodes" because last time I did that (not running core) I was spammed with at least 10 of them that kept coming and going and sometimes changing their IP address too.

A lot of people disable on the GUI the option of "allow incoming connections" because they are paranoid that this means people are able to connect to your node, gaining personal information, perhaps even performing RPC. I have seen this numerous times:

https://bitcoin.stackexchange.com/questions/98555/what-exactly-does-the-scary-option-allow-incoming-connections-do-in-bitcoin-co

I think it should be clearly explained what it does otherwise we lose potential connectivity from all these people being scared to keep that option checked.

please note that in Bitcoin, connections with peers, either inbound or outbound, are full duplex, i.e. it is not strictly needed to have inbound connections for participating in the network though it yields a much better topology, having more nodes advertised as being ready for incoming connection requests.

Running a full node without inbound connections already means that you're relaying blocks and transactions.
Core by default already listens to that port. If you're behind any firewall, then you have to configure it yourself.
Not really. It is only a risk if there is an exploit within whichever application that is listening on the portforwarded port and accepts malicious commands. That is unlikely to happen.

So I started running a bitcoin full node on my Raspberry Pi 400 around 5 months back and was able to do all the setup required and run the node successfully.
I was feeling happy that I was actually supporting the bitcoin network and the community by running the full node.
But that wasn't the case since we have to relay the information by allowing inbound connections to our full node.
Although I knew we have to allow inbound connections to our full node I thought that was done by default when we setup the full node initially and begin downloading block data.
Today I just thought of checking it back again when I noticed that we actually have to manually setup the router to allow inbound connections.

So I started configuring my router and enabled static IP address for my raspberry pi and enabled port forwarding to port 8333.
When I tested my connection on https://bitnodes.io/ I was still getting the redbox meaning my full node was not allowing inbound connections.
I tried various stuffs and kept verifying the connection on bitnodes as well as CLI but no luck.
It was then that I found out that we have to wait around 10 minutes on bitnodes website and 30 minutes on the CLI to verify the inbound connections.
Long story short I just had to wait for a couple of minutes to verify the connection but I kept experimenting again and again.

Feeling happy now to support the network #again 




P.S : One question though - What are the risks of someone finding our IP address by finding out our node ? Can he potentially exploit our device ?