Topic: Invalid IP addresses on "receive version message" on debug.log (Read 1218 times)
I think that BitcoinJ-based wallets (ie. most lightweight wallets) always send us=127.0.0.1. Probably most of them are real users.
February 28, 2016, 01:42:43 PM
I have blocked 2168 unique peers IPv4 addresses until now. The black list of is growing everyday 
A part from blocking the peers causing the messages on debug.log like below:
I also blocked the peers which do not use valid (in my opinion) user agents like below:
There seems to be no significant affect on my node by blocking those peers as it is still running fine with the connected peers still always above 50, 56 at the time of my writing.
I hope by doing this my node will not relay the peers that are not serious in maintaining the integrity of Bitcoin network.
A part from blocking the peers causing the messages on debug.log like below:
Code:
receive version message: /Satoshi:0.11.2/: version 70002, blocks=398147, us=0.0.0.0:0
receive version message: /bcoin:1.0.0-alpha/: version 70002, blocks=370555, us=0.0.0.0:8333
receive version message: /bitcoinj:0.13.4/Bitcoin Wallet:4.46/: version 70001, blocks=400440, us=127.0.0.1:8333
I also blocked the peers which do not use valid (in my opinion) user agents like below:
Code:
receive version message: : version 32100
receive version message: : version 40000
receive version message: Why? Because fuck u, thats why: version 70002
There seems to be no significant affect on my node by blocking those peers as it is still running fine with the connected peers still always above 50, 56 at the time of my writing.
Code:
root@ledzeppelin:~# bitcoin-cli getinfo
{
"version": 120000,
"protocolversion": 70012,
"blocks": 400442,
"timeoffset": 0,
"connections": 56,
"proxy": "",
"difficulty": 163491654908.9593,
"testnet": false,
"relayfee": 0.00001000,
"errors": ""
}
root@ledzeppelin:~#
I hope by doing this my node will not relay the peers that are not serious in maintaining the integrity of Bitcoin network.
February 21, 2016, 05:23:07 AM
Um, no, it is not wise to block connections to and from 0.0.0.0 and 127.0.0.1, though I don't think iptables affects non-routable addresses anyway. They're not invalid; ping them and see what happens. Notice the astonishingly low latency? Those are your IP addresses. That's what "us" means in the log.
The IP addresses 0.0.0.0 and 127.0.0.1 are the IP address of my full nodes that the peers thought to be able to connect to - notice the word us on the following messages for instance:
Code:
.
2016-02-21 05:20:48 receive version message: /libbitcoin:2.11.0/: version 70001, blocks=399106, us=0.0.0.0:0, peer=2198, peeraddr=5.189.177.237:35504
2016-02-21 07:05:20 receive version message: /libbitcoin:2.11.0/: version 70001, blocks=0, us=0.0.0.0:0, peer=2549, peeraddr=85.93.88.92:53661
2016-02-21 08:53:08 receive version message: /libbitcoin:2.11.0/: version 70001, blocks=399106, us=0.0.0.0:0, peer=2919, peeraddr=5.189.177.237:60182
.
2016-02-21 10:06:58 receive version message: /bitcoinj:0.13-SNAPSHOT/DNSSeed:43/: version 70001, blocks=399428, us=127.0.0.1:8333, peer=3194, peeraddr=162.243.132.6:41992
2016-02-21 10:09:30 receive version message: /BitCoinJ:0.11.2/MultiBit:0.5.19/: version 70001, blocks=374614, us=127.0.0.1:8333, peer=3202, peeraddr=185.61.151.176:53738
2016-02-21 10:15:50 receive version message: /bitcoinj:0.13.4/Bitcoin Wallet:4.46/: version 70001, blocks=399428, us=127.0.0.1:8333, peer=3229, peeraddr=71.226.158.207:55651
.
So the IP addresses that I want to block are the IP addresses of the peers, i.e. the peeraddr.
February 20, 2016, 11:10:01 PM
Um, no, it is not wise to block connections to and from 0.0.0.0 and 127.0.0.1, though I don't think iptables affects non-routable addresses anyway. They're not invalid; ping them and see what happens. Notice the astonishingly low latency? Those are your IP addresses. That's what "us" means in the log.
February 20, 2016, 05:21:53 PM
On my full nodes, I got a lot of "receive version message" on the debug.log with "us=0.0.0.0" and "us=127.0.0.1". There are only a few peers causing the messages with IP address 0.0.0.0 but hundreds of peers causing the messages with IP address 127.0.0.1.
The peers which cause the messages with 0.0.0.0 IP address are using the following User Agents:
And the peers which cause the messages with 127.0.0.1 IP address are using the following User Agents:
I am really wondering what causes this and what the impact of letting the peers which cause that keep coming in. Do you think it is wise to block those peers on my iptables firewall using ipset for instance?
Thanks in advance for any answers and comments.
The peers which cause the messages with 0.0.0.0 IP address are using the following User Agents:
Code:
/libbitcoin:2.11.0/: version 70001
/Satoshi:0.11.2/: version 70002
And the peers which cause the messages with 127.0.0.1 IP address are using the following User Agents:
Code:
/BitCoinJ:0.11.2/MultiBit:0.5.18/: version 70001
/bitcoinj:0.12.2/: version 70001
/BitCoinJ:0.12SNAPSHOT/Aegis Wallet:1.0/: version 70001
/bitcoinj:0.13.2/Bitcoin Wallet:4.39/: version 70001
/bitcoinj:0.13.3/Bitcoin:1.04/: version 70001
/bitcoinj:0.13.3/Bitcoin Wallet:4.42/: version 70001
/bitcoinj:0.13.3/Bitcoin Wallet:4.43/: version 70001
/bitcoinj:0.13.3/Bitcoin Wallet:4.44/: version 70001
/bitcoinj:0.13.3/MultiBitHD:0.2.0/: version 70001
/bitcoinj:0.13.4/Bitcoin Wallet:4.45/: version 70001
/bitcoinj:0.13.4/Bitcoin Wallet:4.46/: version 70001
/bitcoinj:0.13/GetGems:1.0/: version 70001
/bitcoinj:0.13-SNAPSHOT/DNSSeed:43/: version 70001
/bitcoinj:0.13SNAPSHOT/DNSSeed:43/: version 70001
/Bither1.4.3/: version 70001
I am really wondering what causes this and what the impact of letting the peers which cause that keep coming in. Do you think it is wise to block those peers on my iptables firewall using ipset for instance?
Thanks in advance for any answers and comments.
Jump to: