Author

Topic: number of TOR Full Nodes increased crazy last week (Read 382 times)

legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
I am glad it is just a "configuration/Crawler" error and not a real attack vector, but I am even more happy that people are actively monitoring and querying the results and questioning it when it looks wrong.

Keep up the good work as the watchdogs of the community, because we need people like you that would quickly react, if something shady is spotted.  Grin

We saw something similar during the Fork war, when people tried to fake node stats with nodes being run on cloud computing platforms.  Roll Eyes
legendary
Activity: 1666
Merit: 1196
STOP SNITCHIN'
But this dose not include the spike showing in core nodes on coin.dance?

It shows a massive spike too?

https://coin.dance/nodes/core

Indeed, the Bitnodes misconfiguration doesn't explain that. My first thought was, "Is Coin Dance just pulling from Bitnodes API?" But no, that seems unlikely since there is a disparity between the two node counts.
hero member
Activity: 1220
Merit: 612
OGRaccoon
But this dose not include the spike showing in core nodes on coin.dance?

It shows a massive spike too?

https://coin.dance/nodes/core
legendary
Activity: 1666
Merit: 1196
STOP SNITCHIN'
ok i get it, but why does the total number of nodes increased so hard in the new year?
The total changed because the Tor count was fixed, the clearnet nodes are pretty much the same as before.
The only thing changed is that bitnodes finally fixed their Tor configuration bug.

So Bitnodes was just miscounting TOR nodes -- and therefore total listening nodes -- all along?

If 2,000 nodes did show up on TOR overnight, could that indicate a de-anonymization attack? Is that possible?
legendary
Activity: 3472
Merit: 4801
They could create a million nodes, it would make no difference. You are wasting your own time with these questions.
why? i thought changes on the protocoll are voted by full nodes? am i wrong?

You are wrong.

Full nodes ENFORCE the protocol rules, but there is no voting.

If you run a billion nodes that all enforce different rules, then your nodes will fork their own blockchain with those other rules.  Meanwhile, those of us running nodes with the current protocol rules will all happily ignore your nodes and continue with our own blockchain with our rules.
copper member
Activity: 149
Merit: 15
Thales knew
ok i get it, but why does the total number of nodes increased so hard in the new year?
The total changed because the Tor count was fixed, the clearnet nodes are pretty much the same as before.
The only thing changed is that bitnodes finally fixed their Tor configuration bug.
jr. member
Activity: 34
Merit: 8
Crawler restarted:Fixed tor configuration.

https://twitter.com/gallizoli/status/1214067539090776065


ok i get it, but why does the total number of nodes increased so hard in the new year?
jr. member
Activity: 34
Merit: 8
Correct. It isn't Wasabi, we released our Bitcoin Core integration at Dec 14 and the 200 -> 2000 onion node overnight rush was on January 1. 

someone on reddit told me not to worry about it, because bitnodes.earn isn't showing all the nodes....

she or he told me to have a look at this site:
https://luke.dashjr.org/programs/bitcoin/files/charts/software.html

my question:
is this link showing all the nodes, including the ones, who arent sharing the whole blockchain?
so there are listed some, which are only confirmating transactions, too?
legendary
Activity: 2646
Merit: 1722
https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF
Either/or still seemingly nothing untoward ...

Perhaps to the contrary as the 'Number go up!'

"I’d like to think it’s Stadicuses Rp4 node which defaults to TOR"
- https://twitter.com/bbelo/status/1214071764633952258

...

"Ok, fellow #Bitcoin plebs, this is a biggie!

#RaspiBolt2 just landed:
https://stadicus.github.io/RaspiBolt/ "

- https://twitter.com/Stadicus3000/status/1206341202813095942

Who knows ?
member
Activity: 103
Merit: 327
Explanation found. False alarm.

"Thu Jan 02 2020 23:44:10 GMT+0100 (Central European Standard Time): Crawler restarted: Fixed tor configuration."

https://twitter.com/gallizoli/status/1214067539090776065

https://bitnodes.earn.com/dashboard/?days=90

sr. member
Activity: 1021
Merit: 324
Someone could spin that up in docker very easily. Or they are using a fake clients to connect.
member
Activity: 103
Merit: 327
Correct. It isn't Wasabi, we released our Bitcoin Core integration at Dec 14 and the 200 -> 2000 onion node overnight rush was on January 1. 
hero member
Activity: 1220
Merit: 612
OGRaccoon
Actually with the Eclipse attack you would only need 40% of the network to conduct this attack as the nodes and IP buckets of honest nodes become filled with attacker IPs.

https://www.youtube.com/watch?v=J-lF0zxGpu0

Granted some of the vectors were fixed by core some time ago when this was first thought up but the attack is still valid and I am sure there is something going on here.

No one spins up 2k nodes over night for no reason.
hero member
Activity: 1220
Merit: 612
OGRaccoon
This is actually concerning I have spoken with one of the dev's at wasabi and been confirmed this is not them.


Code:
"nopara73, [05.01.20 17:04]

No, these are onion nodes, while Wasabi doesn'

nopara73, [05.01.20 17:04]
doesn't enforce onion nodes.

Further to this it my be possible it is the start of an Eclipse attack that would hoodwink many honest nodes by filling there IP buckets with malicious IP's..  Bitcoin core did add some fixes to prevent this but I still think the attack vector is valid.

Further more we need to ask who would have the resources and time to spin up all these nodes?

I find it very strange that none of the main media outlets like coin telegraph or coindesk are covering this.

If we suddenly saw 20% more mining power on a single pool the community would be up in arms but yet we see a 18+% rise in tor nodes and it fly's under the radar?

Do people realize that with Eclipse attack you would  only need around 40% hash power to conduct a successful attack and the old 51% goes out the window.


Snapshot of reachable nodes as of Sun Jan 05 2020 16:19:04 GMT+0000 (Greenwich Mean Time).
Code:

Top 6 networks with their respective number of reachable nodes.

RANK NETWORK NODES
1 Tor network 2206 (19.74%)
2 Hetzner Online GmbH 1079 (9.65%)
3 Amazon.com, Inc. 785 (7.02%)
4 DigitalOcean, LLC 711 (6.36%)
5 OVH SAS 477 (4.27%)
6 Choopa, LLC 449 (4.02%)


Another thing to note is all the new nodes are running this version of bitcoin
Code:
/Satoshi:0.18.1/ (70015)
NODE_NETWORK, NODE_BLOOM, NODE_WITNESS, NODE_NETWORK_LIMITED (1037)

Should we be concerend about this?
legendary
Activity: 2646
Merit: 1722
https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF
Quote
Hehe, currently 2225 .onion's ...
Network Snapshot

Snapshot of reachable nodes as of Fri Dec 20 2019 20:48:40 GMT+0100 (Mitteleuropäische Normalzeit).
159 .onion

isn't it a huge increase of .onion users when its now >x10
just some weeks later ..



Quote
It's not likely to be an 'attack' , unless they also started mining above 51% network hash rate - collectively.
k
Quote
Maybe a GeoIP update dropped some country ranges from it's database ? Hence, n/a . ? ...
could be. thats why i asked if the total number changed.

...

Most likely explanation ...


My Bad !?

- https://bitcointalksearch.org/topic/m.53519422

- https://bitcointalksearch.org/topic/m.53512242

 Cheesy
jr. member
Activity: 34
Merit: 8
Quote
Hehe, currently 2225 .onion's ...
Network Snapshot

Snapshot of reachable nodes as of Fri Dec 20 2019 20:48:40 GMT+0100 (Mitteleuropäische Normalzeit).
159 .onion

isn't it a huge increase of .onion users when its now >x10
just some weeks later ..



Quote
It's not likely to be an 'attack' , unless they also started mining above 51% network hash rate - collectively.
k
Quote
Maybe a GeoIP update dropped some country ranges from it's database ? Hence, n/a . ? ...
could be. thats why i asked if the total number changed.
legendary
Activity: 2646
Merit: 1722
https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF
They could create a million nodes, it would make no difference. You are wasting your own time with these questions.
why? i thought changes on the protocoll are voted by full nodes? am i wrong?

Quote
I made a thread about something similar a couple years back. Somebody popped up a lot of (clearnet) nodes. At the time I was thinking that they're either trying to do a connection-exhaust attack or partitioning attack. I'm having trouble finding it right now. In practice, it usually creates a high cost for the attacker with very little to no gain.
what is a connection-exhaust attack or a partitioning attack?



tl;dr;
why are there now 2000 instead of 200 full nodes behind TOR after just one week

It's not likely to be an 'attack' , unless they also started mining above 51% network hash rate - collectively.

Basically, very improbable if not impossible. Maybe a GeoIP update dropped some country ranges from it's database ? Hence, n/a . ? ...

Oh snap! Hehe, currently 2225 .onion's ...

- https://bitnodes.earn.com/nodes/?q=unknown-country

Also, it's not TOR - it's Tor.

 Smiley

P.S. Monitoring the number of connections (only) on my own dedicated Tor nodes - nothing to unusual to report - yet!

EDIT:

Wasabi Sauce ? - "A Versatile Condiment With A Velvety Zing"
- https://en.wikipedia.org/wiki/Wasabi

Sushi_Wasabi ...
- https://youtu.be/wbNLtttn8eU

- https://www.wasabiwallet.io/

- https://docs.wasabiwallet.io/why-wasabi/BitcoinPrivacy.html#network-snooping

 Tongue
jr. member
Activity: 34
Merit: 8
They could create a million nodes, it would make no difference. You are wasting your own time with these questions.
why? i thought changes on the protocoll are voted by full nodes? am i wrong?

Quote
I made a thread about something similar a couple years back. Somebody popped up a lot of (clearnet) nodes. At the time I was thinking that they're either trying to do a connection-exhaust attack or partitioning attack. I'm having trouble finding it right now. In practice, it usually creates a high cost for the attacker with very little to no gain.
what is a connection-exhaust attack or a partitioning attack?



tl;dr;
why are there now 2000 instead of 200 full nodes behind TOR after just one week
legendary
Activity: 2674
Merit: 2965
Terminated.
There is nothing to worry about and nobody other than the one behind this and/or the NSA are able to answer this accurately. They could create a million nodes, it would make no difference. You are wasting your own time with these questions.

what happened?
See above.

is a group or someone trying to get >50% of all Full Nodes by setting up many new ones (hidden behind TOR)?
See above.

do many Full Node Op's switch to use TOR? why? amount of Full Nodes totally is stable? does somebody have more Data to look at?
See above.

I made a thread about something similar a couple years back. Somebody popped up a lot of (clearnet) nodes. At the time I was thinking that they're either trying to do a connection-exhaust attack or partitioning attack. I'm having trouble finding it right now. In practice, it usually creates a high cost for the attacker with very little to no gain.
jr. member
Activity: 34
Merit: 8
Hi all,

i observed the following:

Until some weeks/days ago the number of Full Nodes, which doesn't belong to a country on the list of https://bitnodes.earn.com/ were always <~200 .

A friend of mine told me he is sure, that around 1 week ago the number of Full Nodes using Tor was 153, when he looked at the site.

On websites, which indicate websites from time to time you can see that the number of Full Nodes, which doens't belong to a country were always low. https://web.archive.org/web/2019*/https://bitnodes.earn.com/

Atm around 20% of the Full Nodes are .onion ....

what happened?

is a group or someone trying to get >50% of all Full Nodes by setting up many new ones (hidden behind TOR)?

do many Full Node Op's switch to use TOR? why? amount of Full Nodes totally is stable? does somebody have more Data to look at?



i noticed it, because a friend and me had set up a Full Node in the last weeks. If anybody want to appreciate this btc (;
Code:
bc1qv9mpy2kwpljyl06rgwwd8msgtw8znlw3j78a5d


peace

Jump to: