Topic: First Full Node Core on Windows 11: Issues and Solutions; IP Scanning (Read 301 times)

No, your cable modem / router gets 1 IP from your provider. Then through NAT you can have 100s of devices behind it.
And, although it may be out of your control also keep in mind there are may router vulnerabilities out there too.
So having AV software on your PC is a must, because even if you do everything right, if your router is compromised it can then attack your PC in addition to the outside world.

https://www.tomshardware.com/news/cable-haunt-security-vulnerability-affected-modems
https://www.securityweek.com/millions-routers-impacted-netusb-kernel-vulnerability
https://routersecurity.org/bugs.php

And so on.

-Dave

(1) When you say that that WAN IP is only for you, does that mean that each LAN IP address has a unique WAN IP address?
(2) Thanks for suggestions on two IP scanners. I have tried both Zenmap and Angry IP Scanner. In neither case have I obtained port output. Probably there is a configuration error on my part. On the other hand, better designed software has more intuitive configuration options, so I will compare the two you suggest with the two I have tried
and see if I can get a clear indication of port status. At the very least I should see 8333 tcp open bitcoin syn-ack. That will be proof positive that I'm using the software correctly.
(3) If correct open and closed port status is bulletproofing, you suggest that you need to keep up with AV scanners for further protection when one stores coin. I want to confirm that that doesn't fit my use case because I do not use the Full Node wallet, rather, I created it but it has 0.0 coin; I use a cold wallet with "seed" backup. However, I will send a few sats to Full Node wallet for practive to learn how to use it. Maybe in time I will divide assets between wallets.

I appreciate your responses!

Your WAN IP is only for you.
Your ISP gives your modem an IP and then passes it back to all the machines on your network. Once you sent those ports back to your machine there are many scanners that will take to machines and get some basic information.

Take a look at https://www.tenable.com/products/nessus for one of them.
If you don't want to setup and do it yourself some people like hostedscan: https://hostedscan.com/

Keep in mind on top of shutting down the ports and everything else you still should go back and hit your machine with several AV scanners just to be safe.
Especially if you are going to be storing anything of value there.

-Dave

@DaveF

OP Followup:

Regarding port vulnerabilities (still finding out about setup of RPC port/password):

1. I did read about Dell Assist problems, that Dell patched, and that I have the patch and update. But I used third-party RevoUninstaller and completely removed this
program.
2. Confusion: You said that I made my IP address public by posting. I'm not doubting that what I did exposed my PC but the address I posted was the WAN IP of my ISP, not
my LAN IP address that I would find via
     
And yet your scan did find that I was running a Dell PC! How is it, given that a WAN is linked to thousands of LANs, that given only my WAN address you could still identify my LAN's PC?

3. Recap: From router, I deleted the wide port ranges and substituted a single port expressed as range 8333 to 8333.

Now I want to go back and scan my IP address to confirm that 17500 does NOT show; that 5700 tcp open supportassist syn-ack does NOT show; that 8333 tcp open bitcoin
syn-ack DOES show.

I need to be able to do my own scan just as you did. I tried Angry IP Scanner and added the flag -Pn and tried various types of scans but the ports tab remained blank after my
scan. What do I have to do to get the data you got, so I can confirm myself (and others here can learn) how to scan TCP port status.  

Drifting a bit OT but if port 17500 is open to the world then something is REALLY wrong with the dropbox install.
It's supposed to only have 17500 for P2P for the local LAN only. It should not respond to anything off of 192.168.1.x, so if it is, there is probably something else wrong.

-Dave

RPC(Remote Procedure Call) allows someone to interact with the node and have it do anything you want.
The settings are in your config file: https://github.com/bitcoin/bitcoin/blob/master/share/examples/bitcoin.conf
The RPC documentation is here: https://developer.bitcoin.org/reference/rpc/

In theory the default config should prevent external connections.
In reality since your entire PC was open to the world with known vulnerable apps (supportassist) you should check if it's been touched.

-Dave

DaveF
The reason it sounded a bit arrogant is the fact that there are guides and discussions on how to do things and if you had asked 1st before doing anything you many have avoided some of those security issues. And if someone else followed your guide they would have the same issues.

Noob_Is_Relative
Thank you for responding to me. I appreciate it. Part of the confusion may be because I posted in the wrong sub-forum. I was actually not asking for technical assistance. I did resolve my in:0 issue but I also did not implement best practices which, thankfully, you have pointed out.

DaveF
Other thoughts:
I did mention that I saw port 17500 showing possibly open, did you run a good offline virus scanner?

Noob_Is_Relative
UPDATE: I ran the custom function of Microsoft Defender offline; zero infections

When I drilled down a bit more in the node tutorials at bitcoin.org I did, in fact, read as per your suggestion as well, that the range should be 8333 and 8333 which means that a single mandatory port is open. I see now that a port range in which all ports except one have no functionality is a backdoor for security risks. So my modem did accept my new designation and I am receiving in: > 0 as I expect.

Port 17500: Please tell me what port 17500 is and why that's significant. What procedure/tool did you use to scan my port status and find vulnerabilities? I would like to do the same, so I can check. An offline virus scanner of the OS, right, particularly the Core usr data? I will find such a scanner. If you want to do the same scan you did the first time, so we can compare the before and after, that would be nice. But I would also like to know how to do it and I'm sure there are other members who would like to do the same.[/i]

DaveF
I also mentioned the RPC port and password, did you verify that you have them setup properly.

Noob_Is_Relative
What is "RPC"? I'm thinking it's the node console but not sure. Please explain "RPC port and password" setup and how I implement that? Thank you, Dave.

(This is the best I could do to fix the messy quotes).

The reason it sounded a bit arrogant is the fact that there are guides and discussions on how to do things and if you had asked 1st before doing anything you many have avoided some of those security issues. And if someone else followed your guide they would have the same issues.

Other thoughts:

I did mention that I saw  port 17500 showing possibly open, did you run a good offline virus scanner?
I also mentioned the RPC port and password, did you verify that you have them setup properly.

-Dave

The source code that implements the BTC blockchain incorporates cryptographic math functions, such as one-way Elliptic Curve Multiplicaton and one-way hashing functions, means that the Private Key is derived from the Public Key which is derived from the Bitcoin Address, and that means that it is mathematically impossible to hack the Private Key from the Bitcoin Address.

"Open" as in "open source" does not mean permeable.

Forget about it.
I don't understand whats the point if everything related with Bitcoin is open source... when you are using closed source operating system like WiNd0ws...
Not to mention that win11 is privacy nightmare and it uses so much resources for processes that are not vital to anything you would ever need.
If you are already familiar with Linux like you say, then I see no reason not to use it for Bitcoin full node, even something like Raspberry Pi4 works great for that purpose.

DO NOT DO THIS.
You now have every port going to your PC. Any piece of software that has anything open or vulnerable is now exposed to the internet.
You also did not mention setting a complex RPC password and locking down the allowed RPC IP addresses of the node.

STOP and LEARN before giving advice.

Since you gave out your IP address I did a 30 second scan of that IP:

23       tcp open telnet syn-ack
5040   tcp open unknown syn-ack
5700   tcp open supportassist syn-ack  <-- look you are running a Dell have you updated to the latest version of support assist? There are many known vulnerabilities. It is actually running a webserver on that port that anyone in the world can now connect to.
7680   tcp open pando-pub syn-ack
8333   tcp open bitcoin syn-ack
49665 tcp open syn-ack
49666 tcp open syn-ack
58449 tcp open syn-ack

Also just saw port 17500 is showing open at times, the crazzy net trojan talks on that port

-Dave

made some edits & updates with more information.

The purpose of this post is FYI, helpful hints and “gotchas.”

Although I have been running a Full Node for a couple of months now, it was only yesterday that I optimized** my node by successfully achieving port forwarding (8333).

That is not straightforward. Let’s add a VPN to the mix, even though I’m not running one, and consider that in an optimized Full Node there are three links in the chain that you have to consider: the OS, the modem, the VPN. This is a “gotcha” because if you fail to consider one of these components, you may not be able to optimize. Further, each of these links, if you think of it as a coin, has two sides: One side is that 8333 is explicitly made open. The other side is that even if 8333 is explicitly made open, another software feature could be blocking it, in which case, you cannot optimize. So, actually, there are six variables to consider: the OS, open versus block; the modem; open versus block; the VPN open versus block.

Further on in this post I will describe my initial failures, confusions, and how I fixed the problems.

I am running Windows 11 Pro and my modem is ARRIS TG2482. I also run Linux but I choose Windows for some projects and Linux for others (e.g. BOINC).

I am proud to say that as a nearly 69 year old retiree in the Dominican Republic, that I am running the only Full Node in this country. I can confirm this at the website  bitnodes.io When you are up and running go to this URL to confirm your status. It has a “CHECK NODE” tool that will tell you if you are receiving connections from other nodes. Hint: If you have configured your modem with a range 1024 and 65535, you will not see that range here. You will simply see “8333” next to your ip address. The tool already “sees” your status, so just click on the “CHECK NODE.” If you get a green bar, you can receive data from other nodes; if you get a red bar, you cannot.  For my output I get:  148.103.81.99:8333 /Satoshi:22.0.0/

This site also shows the number of running nodes (~ 15260) as well as a world map, a list of all countries running nodes, and the number of nodes per country.
And much more.

CUTTING TO THE CHASE

You are thinking about running a BTC Full Node on Windows. (Remember that the source code for the BTC blockchain is open source so that altcoin will each run its own nodes, procedures may be different, etc.)

The first step is to eyeball your modem for the make and model and download the manual or quick start if you don’t have it. The manual will tell you your modem’s ip address and the default user name and password. “Enter” your modem” by typing its ip address into a browser. (If you are not online and/or your computer does not have a wi-fi, just connect an ethernet cable to the modem and you will have access. Any configuration changes you make and save in the modem from your computer will occur regardless of your online status).

Look for a tab or a menu item that says “firewall” or “advanced configuration” or “port forwarding” or “port triggering.” It is mandatory that your modem have the capacity for port forwarding or port triggering. If it doesn’t you cannot optimize your node and must buy a new modem and have your ISP provision it. Many ISP’s will list compatible modems on their website. You can then download the manuals of various ones to see which have advanced configuration.

Doing it. Problems, Confusions, and Solutions.

To set up, I turned off my modem’s firewall. YMMV. My modem had two different menus: one for port forwarding and one for port triggering. Since you can use either one, choose the simplest one. For me, that was port forwarding. The first thing I could see was that it was not possible to open port 8333 because there was no field in which to put a single port, that there were only fields to express a range, so I put in 1024 and 65535. For the ARRIS modem there were clickable “helps” which told me that for both incoming and outgoing ranges, that they would be the same, so I put in these values for both incoming and outgoing. That doesn’t make sense to me but that’s how it was. Besides inputting a name, the only other field was for my ip address. For that I opened Windows Search < Command Prompt and typed in  ipconfig. Then I saved all and logged out of my modem.

Then, to be on the safe side, I rebooted both my computer and the modem. After that, I went to Bitcoin Core Information tab and saw “0 in; 10 out.” Problem! I’m not optimized even though I configured my modem. Did I make a mistake in the config.?

Then from the same tab I opened my Debug log file. Remember to scroll DOWN for the present time. If you read data from the top, you are looking at the past time.

Here I discovered “New outbound peer connected.” This is good. My modem is configured correctly! But confusing too. If my info tab shows “0” in, I’d expect to see “New inbound peer connected.” What is going on? I think that “outbound peer connected” means that I am now connected to other nodes. THEIR DATA IS OUTGOING FOR THEM BUT INCOMING TO ME. So the log should NOT say “inbound peer connected.”

But I still have a problem. The Bitcoin Core is a program designed for Windows OS. It is embedded in Windows, the registry, etc. So although Windows is showing via my log that I’m connected to outbound peers, I’m not receiving data from outbound peers.

And here’s a reminder of the “Gotcha!” that you have to consider the three links in the chain: the OS, the modem, the VPN; and not only port forwarding but port blocking.

So now I have a hunch that Windows is blocking my incoming data (showing “0” on the info tab).

I go to Settings < Privacy & Security < Firewall & Network Protection. Lo and behold! I have THREE firewalls turned on. I disable: Domain network firewall; Private network firewall; Public network firewall. Disable and apply and ignore Windows’ warnings. Whether you need to disable all three: YMMV.

Then I reboot, after shutting down CORE, then re-start Core (I turn off autostart and prefer manual stat), go to Info tab and see In: 14/ Out: 10! I go to Network Traffic and for the first time I get two real time graphs, green received and red sent. And at bitnodes.io I am recognized and get a green bar. Success! I have optimized! Needless to say, I still had “failure” after a proper modem config. because of an OS block.

**Full Node optimization. Turns out that before I optimized I was still running a Full Node but a lesser Full Node. A Full Node is made up of different components. If you run 1 but not > than 1 you are still running a Full Node but less that optimized. Analogy: Given an identified music composition that you are listening to on your computer, the name of the composition is the same, but you can alter it qualitatively by adding or subtracting data, say by using the DAC soldered onto your motherboard versus buying an independent external DAC and bypassing the inferior one. The name of the composition is the same (Full Node) but the qualitative degrees are different—same in kind, different in degree, if you will.

You can see the various components of BTC Full Node when you look at your peers’ data per individual. These are the permutations possible:

Inbound  (This is me before)
Outbound Full Relay (This is me after)
Network
Bloom
Witness
Network Limited

One peer may run 1 or more of the above. I guess it’s obvious why I am NOT listed as a peer here. To see my “component” status as a peer, I go to bitnode.io and I find out that my services are: node witness and node network limited (1032). Service is the correct word, so I will substitute that for “component.”

I’m sure that further service tweaks are possible and I will investigate those as time goes on.

N.B. Needless to say using hyperlink and code in context created major problems in the preview, so I left them out.