yea lets block the xt connection..
iam using ubuntu server, i'll try to make set my firewall too
Topic: Ban Bitcoin XT connections to my node? - page 2. (Read 2747 times)
All that cryptic text and command output reminds me of Windows 95. 
Shell driven Microsoft OS appeared only in 2009. It should remind you windows 7.
All that cryptic text and command output reminds me of Windows 95.
Your approach only works for nodes sending the string 'Bitcoin XT'. XT nodes are currently relaying the exact same information so there's no point in block them until January 2016.
I appreciate the mention.
Code:
# chmod 755
I appreciate the mention.
chmod 755 does for some reason often feel like the answer to everything
No, chmod 777 is a much more powerful solution to permissioning issues.
Your approach only works for nodes sending the string 'Bitcoin XT'. XT nodes are currently relaying the exact same information so there's no point in block them until January 2016.
I appreciate the mention.
Code:
# chmod 755
I appreciate the mention.
chmod 755 does for some reason often feel like the answer to everything
Your approach only works for nodes sending the string 'Bitcoin XT'. XT nodes are currently relaying the exact same information so there's no point in block them until January 2016.
They send user agent string Bitcoin XT
BitcoinXT reminds me of the early days of bitcoin ....
You know when you get blacklisted and blocked by financial institutions.
It all starts like this. First they ignore you, then they fight you...
BTW OP what you're doing is nothing compared to the piece of shit who is DDoSing XTnodes.
Nothing to fight with. 10.5% of nodes. Just don't waste my connection pool when network under attack.
Good work. Lets stop this attack against Bitcoin.
Stop XT!
Stop XT!
XT is poison and should be blacklisted completely. This hostile takeover of Bitcoin was sponsored by someone with a large budget, and finally people are starting to see the truth and actively attack back. I will blacklist any XT node from now on!
You just figured it out by yourself?
BTW that "someone" is not alone. There is a whole bunch of it.
XT is poison and should be blacklisted completely. This hostile takeover of Bitcoin was sponsored by someone with a large budget, and finally people are starting to see the truth and actively attack back. I will blacklist any XT node from now on!
It is not right to ban them from SPV clients - let them work
Ban only away from full node - don't waste resources.
Ban only away from full node - don't waste resources.
lol that's an interesting way around of looking at it, I hadn't thought of that. Give them something to do
It is not right to ban them from SPV clients - let them work
Ban only away from full node - don't waste resources.
Ban only away from full node - don't waste resources.
We can get this working on Android too, ban XT from the network using Hearn's very own java reimplementation of the protocol
Just need to add the same iptables parameters, but to the "mangle" table instead of the main table. The rules get overwritten otherwise.
Just need to add the same iptables parameters, but to the "mangle" table instead of the main table. The rules get overwritten otherwise.
This goes to autostart:
This goes to /etc/cron.hourly
voila
Code:
echo "/usr/bin/ipset create bitcoinxt iphash timeout 0" >> /etc/rc.local
This goes to /etc/cron.hourly
Code:
#!/bin/bash
/bin/grep BitcoinXT /var/log/kern.log | /usr/bin/perl -e 'while (<>) { if (/SRC=(\d+\.\d+\.\d+\.\d+)/) {print "$1\n";} }' | /bin/sort | /usr/bin/uniq -u | /usr/bin/xargs -L 1 ipset -exist add bitcoinxt
/bin/grep BitcoinXT /var/log/kern.log | /usr/bin/perl -e 'while (<>) { if (/SRC=(\d+\.\d+\.\d+\.\d+)/) {print "$1\n";} }' | /bin/sort | /usr/bin/uniq -u | /usr/bin/xargs -L 1 ipset -exist add bitcoinxt
voila
Oh no blacklisting is so bad....
Bad: Client tells individual which information will be shared with whom.
Good: Individual tells client which information will be shared with whom.
Let's not be intentionally obtuse and conflate the two.
Ah, of course outgoing connections
The result:
Sorry guys, I have only 64 connections and don't want to waste them for XT
Code:
iptables -A OUTPUT -m set --match-set bitcoinxt dst -j DROP
The result:
Code:
[root@localhost ~]# ping 95.52.18.154
PING 95.52.18.154 (95.52.18.154) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
^C
--- 95.52.18.154 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4524ms
[root@localhost ~]# ping 178.44.216.148
PING 178.44.216.148 (178.44.216.148) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
^C
Sorry guys, I have only 64 connections and don't want to waste them for XT
Oh no blacklisting is so bad....
Bunch of hypocrites.
Bunch of hypocrites.
Huh? If you were actually reading the TOR IP list thread, one of the recurring arguments is that it's fine for nodes to individually ban IPs that are attacking them (obviously), but that it's unnecessary to introduce a centralized, trusted list of such IPs.
There is nothing wrong with people in this thread individually banning IPs that they don't want connecting to them. There is nothing centralized or trust-adding about that.
True that. XT just like Core is supposed to stand on its own regardless of bad actors.
Oh no blacklisting is so bad....
Bunch of hypocrites.
Bunch of hypocrites.
Huh? If you were actually reading the TOR IP list thread, one of the recurring arguments is that it's fine for nodes to individually ban IPs that are attacking them (obviously), but that it's unnecessary to introduce a centralized, trusted list of such IPs.
There is nothing wrong with people in this thread individually banning IPs that they don't want connecting to them. There is nothing centralized or trust-adding about that.
to ban it is very silly.
i recommend this podcast with gavin:
https://epicenterbitcoin.com/podcast/094/
i recommend this podcast with gavin:
https://epicenterbitcoin.com/podcast/094/
Fill in ban list
This one should be done periodically
Code:
[root@localhost ~]# grep BitcoinXT /var/log/kern.log | perl -e 'while (<>) { if (/SRC=(\d+\.\d+\.\d+\.\d+)/) {print "$1\n";} }' | sort | uniq -u | xargs -L 1 ipset add bitcoinxt
[root@localhost ~]# ipset list
Name: bitcoinxt
Type: hash:ip
Header: family inet hashsize 1024 maxelem 65536 timeout 0
Size in memory: 8588
References: 1
Members:
95.52.18.154 timeout 0
31.162.118.16 timeout 0
188.18.202.245 timeout 0
92.37.204.174 timeout 0
92.37.173.6 timeout 0
95.37.186.63 timeout 0
86.102.161.110 timeout 0
178.44.216.148 timeout 0
195.78.126.113 timeout 0
92.49.177.97 timeout 0This one should be done periodically
Code:
grep BitcoinXT /var/log/kern.log | perl -e 'while (<>) { if (/SRC=(\d+\.\d+\.\d+\.\d+)/) {print "$1\n";} }' | sort | uniq -u | xargs -L 1 ipset add bitcoinxtYou know you should write " hundreds thousands lines of code" (hi ! Turtlehuricane
) as a new blacklisting feature for the next version of bitcoin core. Gotta love to read how the hypocrites pos in here defend their god given bitcoin rule.
Jump to: