Author

Topic: suspicious "connected to self" inboud/outbound connections (Read 190 times)

newbie
Activity: 20
Merit: 0
Yes I do have a "addnode=127.0.0.1" in my bitcoin.conf
Why? Bitcoin Core does not need to connect to itself. Addnod'ing your local node is why this is happening. You don't need to have addnode set to use Armory either.
OK, I commented out "addnode=127.0.0.1" in my bitcoin.conf and Armory still works.  Don't remember why I had added it but curiously enough there's people on the Armory forum suggesting to add it.
staff
Activity: 3458
Merit: 6793
Just writing some code
Yes I do have a "addnode=127.0.0.1" in my bitcoin.conf
Why? Bitcoin Core does not need to connect to itself. Addnod'ing your local node is why this is happening. You don't need to have addnode set to use Armory either.
newbie
Activity: 20
Merit: 0
Yes I do have a "addnode=127.0.0.1" in my bitcoin.conf

Also I use Armory but I'm pretty sure it wasn't running that day, and when it's Armory, it's just ONE inbound connection at 127.0.0.1:xxxxx and also bitcoin core tells it is Armory

By the way this morning I found it again.    Restarted bitcoin core and it only gets normal inbound connections.
It looks like those two inbound/outbound matching connections appear after some hours of work (i.e. I leave it running while I sleep).




HCP
legendary
Activity: 2086
Merit: 4361
I've seen this happen if you use "addnode". Do you have addnode=127.0.0.1 in your bitcoin.conf? or have you used the "addnode 127.0.0.1 add" command in the debug console?

Alternatively, do you have any other wallet software like Armory running on that machine?
newbie
Activity: 20
Merit: 0
Bitcoin Client Software and Version Number: Bitcoin Core 0.15.1
Operating System: Ubuntu
Description of Problem: I'm running a bitcoin core full node some hours a day since years now and it never got more than 8 connections.
This morning after leaving it run all night there were 10 connections (never happened before).
But two connections were from 127.0.0.1 and looked somehow "symmetrical" meaning that one was "inbound", the other was "outbound", and the amounts of "Sent" and "Received"  bytes were crossed e.g. one was Sent: 107 Kb Received: 185 Kb the other was Sent: 185 Kb Received: 107 Kb

debug.log  contains several entries in the form:
2018-01-22 xxxxxx connected to self at 127.0.0.1:xxxxx, disconnecting

While it nearly looks legit I've never seen this before so I'm wondering has my system been compromised?
Jump to: