Topic: This message was too old and has been purged - page 4. (Read 37888 times)

sorry (blame my english) i did not question your intention (i already knew it). it was more in the line of "its the question what the guy nmapping other people has for intentions"

IMHO: it is easy to use iptables and a small script to autoblock anyone who is nmapping... so i just dont understand people yelling when someone does it.

btw "I don't have an issue with people not trusting me, is not that what the world has come to?"
sadly...yes...

Here's your answer as to what the data was used for:
https://bitcointalksearch.org/topic/m.10756505

I don't have an issue with people not trusting me, is not that what the world has come to? I just repeat that the only reason I did nmap on that host was because I found some of the same ip's; 46.105.210.194, 46.105.210.11, 46.105.210.255, 46.105.210.138, 46.105.210.196, 46.105.210.246, 46.105.210.220, 46.105.210.204, 46.105.210.179, 46.105.210.189, 46.105.210.10, 46.105.210.42 in the debug.log of my bitcoind, upon reading OP I did the investigation as you can see in the link above. The intention was to find out what & who was behind the monitoring on the network. If you want to label me, then give me the whitehat label please, I really have no further to add to this particular question.

If you ran bitcoind with -listen=0 these sybils would not be able to connect to you? Obviously everyone can't do this.

imho nmapping anyone is not a problem - its like knocking on doors.
and i think i am allowed to knock on the doors of someone who enters m house (=connected to my node)

the question is what you use the data for...i have no doubt that your intentions are honest btw.

Dear primer-,

I run a node for altruistic purposes, to support the network. Here's the stats and info page: http://node.cryptowatch.com/

You can connect with any node you want to that node, and you will see there's no portscanning on your node conducted by my node.

Nmap (nmap.org) is a program that can be used manually to scan any host for open ports. When I read this thread, naturally I wanted to see if I could do some simple investigation to learn more of the nature of the party monitoring large parts of the network. As it happened, I found some public available information and shared it with the community, see my earlier posts.

My intentions are good, as I'm a big bitcoin supporter.

I hope this cleared things up. Thanks for the question.

I got one of them attached to my node: 46.105.210.37

You can see all the connections to my full-node here: http://23.253.119.84/

Please, note that the "problem" discussed in this post isn't blockchain analysis per se, but network eavesdropping.
Ring signatures and stealth addresses won't help to solve this specific issue.

And people says we dont need an anonymous coin ? It's time for cryptonote technology to shine. its resistant to blockchain analysis. read about it here : http://en.wikipedia.org/wiki/CryptoNote or here: https://en.bitcoin.it/wiki/CryptoNote

Good job Cryptowatch.com !

They may also try to reproduce the experiment done by 3 researchers from the University of Luxembourg : http://arxiv.org/abs/1405.7418
If it's their mode of operation, blocking these IPs at individual node level won't be enough since information is leaked by the 8 outgoing peers.
It would require that all full nodes block these IPs. But as you've stated, that sounds like an unenforceable policy...

What do you think of my ufw approach above? I find ufw easier to get than iptables.

You really want to use iptables (assuming you are on Linux and I cannot imagine why you would not be.) That way you never have to shut down the Daemon just to block an address.

Do you port scan every bitcoin node that connects to you ? Why would you do that, what were your real intentions ...

how do you block an IP in bitcoin core?

Was it not that a person had all his electronic equipment confiscated and brought in for having a bitcoin-node associated with a rogue transaction displayed on blockchain.info earlier on?

If there are entities paying for analysis of the block chain, and it's acted upon (by law enforcement) data that cannot be fully trusted, it could cause lots of troubles.

Also, while blocking ip's of nefarious nodes is a temporarily solution, it's only an annoyance for the perpetrators, and given they have sufficient resources, they could further hide their activity as to not give away their intentions.

Given they have enough resources, they could even have automated ip-switching going on. Once an ip is blocked by a sufficient number of legit nodes, they just switch the ip of that node, and all of that could be automated. So in essence blocking the IP's are a bit like holding your hand over a hole in your rowing boat that is leaking in water, might give you some temporarily relief, but is not a lasting solution.

Now - it's near impossible to know who really controls a node, if they really want to go stealth. If a node acts like a normal node in all ways, why should it not be considered a normal node?

If I understand it right, the chainalysis mode of operation is for them to connect to as many nodes as possible, so if I do a transaction directly from ip A, which runs a full bitcoin core node, be it on a cable-connection or otherwise, if cainalysis is connected to the node where the tx is orginating, the ip-address of the node where the transaction was orginating is recorded within the chainalysis database. They will probably use many other sources to get more info about the owner of that ip-address. If they're only a private company they will have less data points to work with, but if they're an intel agency, there's virtually no limit as to how sophisticated the systems could be, in theory they could plugin directly to the customer database of ISP's and have names displayed in real time in association with the IP's. Information that could further be relayed and shared with relevant parties.

Bitcoin is only pseudonymous, as everyone can lock up a transaction in the block-chain, and I assume network analysis cannot be prevented, but I do think it should be made more difficult.

But a blacklist solution is dangerous. Who's to decide what goes on the blacklist, and who's to verify the decisions are correct? Perhaps some automated solution in bitcoin core where peers that's behaving unexpectedly could be automatically banned is a better solution? But again, that's much like holding hand over leaking hole, as if certain footprints reveals rogue nodes, they will only change their appearance to appear more legitimate. And I'm not sure, but I believe bitcoin traffic is unencrypted in transit, so what prevents an intel org from manipulating the traffic (making legit nodes appear rogue), in essence grinding the entire network to a halt if nodes automatically ban misbehaving nodes?

I'm no TOR expert, but I've noticed there's been much mumbling about TOR not being all that secure anymore, so would a normal user really be more secure if he used Bitcoin+TOR?

Since bitcoin is supposed to be trustless, if we started to make a whitelist of legit nodes, that would go against that ideal.

So, in reality, how do we ensure that most nodes on the network are legit, and what's the best method of blocking rogue nodes from connecting to your own node?

In my view, in essence it boils down to freedom and privacy. There's something fundamentally wrong when certain people need to exert "control" over others against their will.

is there a way to block certain ip in bitcoin.conf file?

For Ubuntu you can use ufw.

Remark: UFW is a firewall! If you enable it in the default mode which is "deny all", all new connections on all ports will be denied while existing connections stay open (like your current ssh connection). Make sure to "ufw allow" all ports that you need before you enable ufw. Sometimes you forget a port, but if you are sshing into your server, always allow ssh before you do anything stupid. You can than open ports at a later stage through ssh.

Here it goes:


The order is important. If you allow 8333 and deny incoming from ip ranges later, only the first rule applies.

Hope this does the trick. If I forgot something pleae tell me.

Even probabilistic data is bad. They could use it for targeted advertising for instance.

Plausible deniability is not the be-all and end-all. Even if they don't know for sure it could be reason enough to put you under further surveillance.

Blocked the bad nodes as well.

Here's the list of ip's to block:


5.9.115.0/24
46.105.210.0/24
2001:41d0:a:605c::/48

46.105.210.194, 46.105.210.11, 46.105.210.255, 46.105.210.138, 46.105.210.196, 46.105.210.246, 46.105.210.220, 46.105.210.204, 46.105.210.179, 46.105.210.189, 46.105.210.10, 46.105.210.42,

Source: Reddit

I've had a few of those and another connected to my node, so add this one to the list as well: 46.105.210.137 .

Personally I've taken it to block 46.105.210.* since obviously we don't know all IP's involved (yet). What scares me is that it's relatively easy for people to evade blocks like this.

Looks like the people at mycellium and kraken are involved...

depends on what exactly they offer.
if they are connected to more thn 75% of the network they certainly can tell what region of the world sent this transaction out first (not who crafted it... except if running bitcoind himself)

not sure who are this anonymous financial companies interested in this.

i'd say (tinfoil hat) its a service for nsa/bnd/fsb and so on

actually it's a good incentive to move past bitcoin and truly support a real anonymous currency (what that is yet I have no idea) that is the cash of the digital world. Because bitcoin isn't an anonymous currency and isn't going to be.