Author

Topic: IRC bootstrapping causes suspected botnet activity with AT&T (Read 1666 times)

sr. member
Activity: 350
Merit: 251
i think there needs to be a court ruling that deals with all these rouge isps in the US.

forbid monitoring any lines, just like phone tapping(although they happen too)
no limits or reasonable bandwidth limits (i think 500 or 600gb is fair for a 20megabit line, lets be honest here, 300 gigs is silly, and can be easily met.)
allow customers to run anything they like on their connections, whether it be servers or bitcoin or BT, as long as its legal.
does that silly law still exist where you cant import/export certain cryptography outside the US? they have no place to make these decisions.
full member
Activity: 189
Merit: 101
AT&T isn't the only ISP that does this, I've seen time warner do it in many markets, and I've seen smaller mom and pop ISPs do it back in the day.

They are not spying on the connections (they just hand it all over to the NSA for that Wink ).

To be honest I am glad they have these automated systems looking for common bot nets. There are many users (not the OP) who NEED to be told when their machines have been compromised or they will never know.

He can simply reply to them letting them know that his machine is not knowingly compromised and that connection is indeed authorized from him. They saw what looked like a botnet fingerprint and warned him... the reason why they want a reply is so they CAN shut it down if they get none (aka noone is home/bogus account/etc)... would you rather they just let a ton of DOS attacks originate from their users?

You can also place:
noirc=1
in your bitcoin.conf if you don't want to use the command line option.

legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
Why he should use -noirc? The irc bootstrapping is totally legal. I doubt they can force you to disable it, contact a lawyer... Roll Eyes

But you guys sure have weird internet service provider. Bandwidth problems? I have my connection, 7megabit download and 1megabit upload and i can use it as i wish, 24/24, forever.

sr. member
Activity: 350
Merit: 251
It's not even lying, really.  -noirc takes care of the problem.  Smiley

never was a problem

if at&t thinks bitcoin is slowing down their network, then they need some serious help.
hero member
Activity: 728
Merit: 500
165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
Got the same e-mail from the a**-holes at AT&T.  The only option that they give me in their email is to acknowledge an "infection" and that I will deal with it.

Reply:  "Thank you for your concern.  I have taken care of the problem."

It's not even lying, really.  -noirc takes care of the problem.  Smiley

Quote
I know bitcoin isnt illegal, I just wanted to be as discrete as possible.

You may want to run bitcoin through TOR or another encrypting proxy if you don't want AT&T nosing around in your affairs.
member
Activity: 112
Merit: 10
This is the bullshit that happens when companies have no idea that technology has legitimate uses. If the RIAA had their way, they would ban the internet.

Don't forget recordable media. Because we all know RIAA is about to go to bankrupt because blank CD-Rs exist. Tongue
sr. member
Activity: 277
Merit: 250
This is the bullshit that happens when companies have no idea that technology has legitimate uses. If the RIAA had their way, they would ban the internet.
sr. member
Activity: 252
Merit: 250
Just received an email from AT&T stating an IP I was using is suspected of being part of a botnet because of the irc activity. I don't fully understand the irc bootstrapping part. Can someone explain it? What should I tell them?
Got the same e-mail from the a**-holes at AT&T.  The only option that they give me in their email is to acknowledge an "infection" and that I will deal with it.

Thanks jgarzik for the advice on how to disable use of IRC.
sr. member
Activity: 362
Merit: 250
I have it figured out now and adjusted my configs. I think I understand the IRC part better now. If AT&T responds with anything I will post back.
member
Activity: 112
Merit: 10
If you're setting up a client from scratch and have any concerns about the IRC issue, you can, in addition to using -noirc to stop connection, use the -addnode switch along with one of the fallback nodes listed on the Bitcoin wiki to get yourself a bootstrap list of addresses to connect to for the block chain. This can also get you back on if you are trying to use -noirc despite not having connected in ages.

You only need to be able to connect to one static node to find other static and dynamic nodes and end up well-connected.
sr. member
Activity: 308
Merit: 250
There are no other providers here or I would consider switching. My bandwith is not capped or limited by them in anyway. That only applies to certain customers. This is from bitcoin traffic. I am not part of a botnet or do anything that would resemble that. The last few days or weeks actually, I have started using multiple clients from all the other forks and have been opening/closing them a lot. And have been solo-mining i0coins on and off a lot switching back and forth based on difficulty and profit.

Really? We're in our last month of warnings for bandwidth overages (house full of habitual Netflix/Steam users) before we switch to another provider. I didn't know AT&T had any offerings that we're bandwidth quota'd.

AT&T haven't bugged me about it, but I think I have noirc in my configs anyway. Once you've run it the first time, unless you leave it offline a while it'll probably get back on the network fine.
sr. member
Activity: 362
Merit: 250
There are no other providers here or I would consider switching. My bandwith is not capped or limited by them in anyway. That only applies to certain customers. This is from bitcoin traffic. I am not part of a botnet or do anything that would resemble that. The last few days or weeks actually, I have started using multiple clients from all the other forks and have been opening/closing them a lot. And have been solo-mining i0coins on and off a lot switching back and forth based on difficulty and profit.
administrator
Activity: 5222
Merit: 13032
Are you sure it's just bitcoin traffic that set off this alarm?

My understanding is that the client makes one quick IRC request when it starts up, and that's it.  So unless you're starting up bitcoin thousands of times a day, it seems strange that you would trigger a bot-net alert, and stranger that no-one else with AT&T has reported the same problem.


Bitcoin stays connected to IRC.
legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
Can't you use another internet service provider? Maybe one that doesn't check how many times you use irc?
sr. member
Activity: 350
Merit: 251
glad my isp don't care about anything, bandwidth limits, servers, i just love them Cheesy.
kgo
hero member
Activity: 548
Merit: 500
Are you sure it's just bitcoin traffic that set off this alarm?

My understanding is that the client makes one quick IRC request when it starts up, and that's it.  So unless you're starting up bitcoin thousands of times a day, it seems strange that you would trigger a bot-net alert, and stranger that no-one else with AT&T has reported the same problem.
sr. member
Activity: 362
Merit: 250
Thank you jgarzik, I did not know of the -noirc option.

Gabi, I can't tell them nothing or they may suspend my internet services. I know bitcoin isnt illegal, I just wanted to be as discrete as possible.

I don't usually leave any *coin clients running except lately as I've been solo-mining *coins. I noticed when I first started using bitcoin or any coin that my modem's firewall log gets flooded with port scan activity. It makes it hard to know when I actually am being scanned and not just from bitcoin. No other application does this.

EDIT: just tested the -noirc option and it works perfect thanks!
legendary
Activity: 1596
Merit: 1100
Just be honest:  Tell them that open source project Bitcoin uses IRC for P2P network bootstrapping.

You can disable this with -noirc.
legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
Tell them nothing?

The bitcoin client just use irc to find some nodes and connect with them, much quicker than having to search for nodes using the normal p2p system.

After that it of course find other nodes with the normal system and of course the client would work without the irc bootstrap but would take more time to find nodes when you launch it.

Anyway, it's perfectly legal, so not your problem what they suspect
sr. member
Activity: 362
Merit: 250
Just received an email from AT&T stating an IP I was using is suspected of being part of a botnet because of the irc activity. I don't fully understand the irc bootstrapping part. Can someone explain it? What should I tell them?
Jump to: