I am still not seeing anything out of the ordinary. So either they are hitting specific IPs / Nodes or my SonicWall is blocking them for some reason.
I do have the sonic configured to block botnets, so if the connections are coming from known bad IPs they might never make it in. But other then that I have no idea.
@piotr_n are you still seeing the attack?
-Dave
Topic: Loads of fake peers advertised on bitcoin network - page 2. (Read 588 times)
I had a similar issue recently where I received a ton of useless IP addresses but since I check each received IP before storage, they never reached the disk. It just created a big queue of pings which mandated some code changes. Some silver lining.
Are they all coming from 1 IP block or from everywhere?
There are ~200k records with IPs starting with 255.255... and a random (not 8333) port number - these were advertised 15+ hours ago.
But the more recent ones (~500k of them) seem to be completely random IPs with port number 8333
Banning the whole subnet with setban '255.255.0.0/16' add $((60*60*24*14)) # two week ban should be enough to see the wave of addresses die out as whoever's doing this probably won't be able to sustain their nodes for that long. But if you have a way to extract records from peers.dat then you can contain the bad addresses better.
I don't know if it will flush the bad addresses out of peers.dat though. Shutting down bitcoind and deleting peers.dat as a last resort will work though.
How would I be able to check something like this myself with my own node?
Are they all coming from 1 IP block or from everywhere?
There are ~200k records with IPs starting with 255.255... and a random (not 8333) port number - these were advertised 15+ hours ago.
But the more recent ones (~500k of them) seem to be completely random IPs with port number 8333
I am not seeing that in either of my "live" nodes in the office. Just about a dozen regular peers. Both are running 0.21.1
I have a 0.20.0 at home that I just turned on for the 1st time in a few weeks to see and it seems to syncing be fine with about 5 peers none blocked so far (15 minutes since boot +/- a few)
Are they all coming from 1 IP block or from everywhere?
-Dave
I have a 0.20.0 at home that I just turned on for the 1st time in a few weeks to see and it seems to syncing be fine with about 5 peers none blocked so far (15 minutes since boot +/- a few)
Are they all coming from 1 IP block or from everywhere?
-Dave
It seems like there is some sort of attack going on - the network is advertising hundreds of thousands of non-working addresses via the addr messages.
All my nodes' peers databases are now over 700k records and seem to be still growing...
Do you see the same at your nodes?
Does bitcoin core have a limit of peers upon witch it won't accept new addresses into the database?
How to best handle that?
Apart from the extra resources consumption, it now takes much longer to connect to new peers, because there are so many non-working addresses in the db.
All my nodes' peers databases are now over 700k records and seem to be still growing...
Do you see the same at your nodes?
Does bitcoin core have a limit of peers upon witch it won't accept new addresses into the database?
How to best handle that?
Apart from the extra resources consumption, it now takes much longer to connect to new peers, because there are so many non-working addresses in the db.
Jump to: