Topic: New IRC bootstrapping using random channels. - page 2. (Read 5618 times)

That would be true of any bootstrapping mechanism you can think of. At least with IRC it's somewhat transparent in that people can log in and see what's going on.. I don't really see any way around this though..

Also, users would probably notice that they weren't on the 'real' bitcoin network since they wouldn't be receiving any payments made to them or be able to send payments and also if they ever connect to a single real node by any of the bootstrapping mechanisms then they'd 'break out' of the illusion.

You'd still be able to hijack new users

It would be simple - just add a bunch of peers you control and use them to poison the network - you could even be evil by sending your poison peers only to certain users to avoid everyone else noticing. Send one user 30 poison peers and they see 30 connections and think everything is normal.

No, it wouldn't make much difference if the IRC network was compromised.

It is just used to get a list of hostnames to try to connect to, but you only need to connect to one real node in order to be able to receive the majority block chain.  It is just one of many methods used to find other nodes - the address messages broadcast on the bitcoin network are the primary means, and once you've been connected to the network the client keeps a local cache of the addresses it has seen.  The ones it sees on IRC are just added to the list.

IRC could only be used to "hijack" totally new users, though maybe IRC could break things by returning millions of bogus addresses and filling up addr.dat. Does Bitcoin defend against this?

Couldn't you in theory hijack almost the entire network?
I'm not claiming that you would of course, but i'm wary of that ability being available to any one entity - what if, for example, someone sniffed your connection and got /oper access?

-noirc...done

That already pretty much happens, bitcoin prefers nodes it has previously connected to, so as long as it has made a decent number of connections in the past it shouldn't bother with nodes from bootstrap sources.  Plus keep in mind bootstrap sources are just lists of IPs, which is really no different from what you get via peer exchange. 

Just so everyone understands..

* LFnet IRC network is primarily used for bitcoin - a few others and I maintain it and we're all bitcoin users. 

* I am a regular bitcoin contributor.  I'm also the guy that bought the 10,000 bitcoin pizza in case anyone is wondering.  I'm a moderator on this forum, I maintain the Mac OS build and I wrote the original GPU miner (http://heliacal.net/~solar/bitcoin/opencl-v2-svn-95-2010-06-30.patch)  - I hope that's enough credentials to prove to anyone that I'm not some BOFH IRC admin

* We will make sure the #bitcoinXX channels are not 'taken over' or anything like that.

* The IRC servers have been configured to limit the number of records returned when a client joins #bitcoin and issues a WHO request.  This greatly reduced the bandwidth and memory requirements.

* We use and monitor IRC and will keep an eye on the #bitcoinXX channels.  The channel modes will be locked to a reasonable normal setting like #bitcoin is today.

I would like to add an option/preference to disable IRC in the client.  It should be on by default, since that's the whole point, to bootstrap new users, but then the user should be able to switch it off.  There will still be plenty of people who leave it on to provide booting to others, but not everyone needs to do that; especially if you don't have the inbound port open.

I also think that alternative bootstrap methods are a good idea, but it should be possible to switch it all off once you're connected to the network.

Thanks,
Laszlo

Hmm, so the -dnsseed is already implemented in 0.3.12-beta and could be fully utilized any moment?
I say go, then.

From what I understand, it's not so much the ports and what not, but the type of transmissions and their frequency. Apparently some (all?) botnets use IRC for communications, so the ISPs have gotten to where they look for frequent and seemingly autonomous transmissions across IRC.

At least that is my understand.

What is it about IRC that makes it look like a botnet? I happily run an IRCD and an IRC client without issue, so what's the criteria for being botnet-like?

True. My ISP just blocked something yesterday, no connections 

I setup Tor last night just so I could proxy Bitcoin through it so it could connect.

Bitcoin needs to NOT use IRC, IMHO. It's too prone to being taken down by ISPs. I don't know what to tell you guys, but I do know that it's unfortunate that my ISP did what they did.

On the bright side, I found out about the wonders of Tor yesterday and am proudly running a relay 

Why make it so complicated?  We already have 3 methods to bootstrap, and if we just do a bit of tweaking on the DNS seed servers, it should solve all the slow-to-bootstrap problems.

How about a mix of protocols?
IRC - across different servers AND channels
HTTP - REST API to publish your own IP and get other nodes
DNS - do A lookups, dynamic DNS updates
Bittorrent - create a torrent that doesn't actually transfer files but serves to hookup bitcoin peers and also helps confuse people with the name

Exactly, DNS seeding differs from IRC seeding, since the addresses in it can be edited by the maintainer. But the P2P protocol exchanges IP addresses internally as well, so you could say that the node(s) whose address the DNS seed resolves to plays the role of what used to be the IRC server.

Maybe we could make a specialized/simplified P2P node that only tracks accessible addresses (not necessarily keeping addresses open), instances of which could populate the DNS seeds.

Yep, dont remind the community at large .  Also, LFnet is just lazslo, though I think most people dont know that which is partially why people don't seem to care about the centralization of the IRC bootstrapping stuff.

IRC is also centralized, it just puts control of the network into the hands of the LFnet admins instead of community members who are incentivized to see Bitcoin succeed.

With DNS discovery a few well known domain names resolve to a set of listening IP addresses. The set might be fixed or it might be recalculated every so often based on addr broadcasts. No matter what happens after you bootstrap your node will have its own address list that it will use to get back onto the network, you only need DNS the first time you run it or if all the addresses you heard about previously have gone away.

See the -dnsseed option. It uses DNS records that resolve to many IP addresses as seed.

Botnets don't have be malicious, think of distributed computing?

Matt, what are these DNSSeeds your talking about? Can these be implemented by resolving a DNS record?

+1

I think the final straw is that it sets of botnet detectors for some ISPs. The last thing we want is for bitcoin to be classified as botnet