Pages:
Author

Topic: This message was too old and has been purged - page 4. (Read 37905 times)

sr. member
Activity: 252
Merit: 251
the question is what you use the data for...i have no doubt that your intentions are honest btw.

Here's your answer as to what the data was used for:
https://bitcointalksearch.org/topic/m.10756505

I don't have an issue with people not trusting me, is not that what the world has come to? Wink I just repeat that the only reason I did nmap on that host was because I found some of the same ip's; 46.105.210.194, 46.105.210.11, 46.105.210.255, 46.105.210.138, 46.105.210.196, 46.105.210.246, 46.105.210.220, 46.105.210.204, 46.105.210.179, 46.105.210.189, 46.105.210.10, 46.105.210.42 in the debug.log of my bitcoind, upon reading OP I did the investigation as you can see in the link above. The intention was to find out what & who was behind the monitoring on the network. If you want to label me, then give me the whitehat label please, I really have no further to add to this particular question. Smiley





sorry (blame my english) i did not question your intention (i already knew it). it was more in the line of "its the question what the guy nmapping other people has for intentions"

IMHO: it is easy to use iptables and a small script to autoblock anyone who is nmapping... so i just dont understand people yelling when someone does it.

btw "I don't have an issue with people not trusting me, is not that what the world has come to?"
sadly...yes...
full member
Activity: 196
Merit: 103
the question is what you use the data for...i have no doubt that your intentions are honest btw.

Here's your answer as to what the data was used for:
https://bitcointalksearch.org/topic/m.10756505

I don't have an issue with people not trusting me, is not that what the world has come to? Wink I just repeat that the only reason I did nmap on that host was because I found some of the same ip's; 46.105.210.194, 46.105.210.11, 46.105.210.255, 46.105.210.138, 46.105.210.196, 46.105.210.246, 46.105.210.220, 46.105.210.204, 46.105.210.179, 46.105.210.189, 46.105.210.10, 46.105.210.42 in the debug.log of my bitcoind, upon reading OP I did the investigation as you can see in the link above. The intention was to find out what & who was behind the monitoring on the network. If you want to label me, then give me the whitehat label please, I really have no further to add to this particular question. Smiley



sr. member
Activity: 261
Merit: 523
If you ran bitcoind with -listen=0 these sybils would not be able to connect to you? Obviously everyone can't do this.
sr. member
Activity: 252
Merit: 251

Dear primer-,

I run a node for altruistic purposes, to support the network. Here's the stats and info page: http://node.cryptowatch.com/

You can connect with any node you want to that node, and you will see there's no portscanning on your node conducted by my node.

Nmap (nmap.org) is a program that can be used manually to scan any host for open ports. When I read this thread, naturally I wanted to see if I could do some simple investigation to learn more of the nature of the party monitoring large parts of the network. As it happened, I found some public available information and shared it with the community, see my earlier posts.

My intentions are good, as I'm a big bitcoin supporter.

I hope this cleared things up. Thanks for the question.

imho nmapping anyone is not a problem - its like knocking on doors.
and i think i am allowed to knock on the doors of someone who enters m house (=connected to my node)

the question is what you use the data for...i have no doubt that your intentions are honest btw.
full member
Activity: 196
Merit: 103
I noticed that one of those nodes were connected to my own node, then I scanned it:

Starting Nmap 6.00 ( http://nmap.org ) at 2015-03-13 01:48 CET
Nmap scan report for 46.105.210.179
Host is up (0.065s latency).
Not shown: 996 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
445/tcp  filtered microsoft-ds
8080/tcp open     http-proxy
8333/tcp open     unknown

Do you port scan every bitcoin node that connects to you ? Why would you do that, what were your real intentions ...

Dear primer-,

I run a node for altruistic purposes, to support the network. Here's the stats and info page: http://node.cryptowatch.com/

You can connect with any node you want to that node, and you will see there's no portscanning on your node conducted by my node.

Nmap (nmap.org) is a program that can be used manually to scan any host for open ports. When I read this thread, naturally I wanted to see if I could do some simple investigation to learn more of the nature of the party monitoring large parts of the network. As it happened, I found some public available information and shared it with the community, see my earlier posts.

My intentions are good, as I'm a big bitcoin supporter.

I hope this cleared things up. Thanks for the question.
full member
Activity: 145
Merit: 112
To the moon!
I got one of them attached to my node: 46.105.210.37

You can see all the connections to my full-node here: http://23.253.119.84/
sr. member
Activity: 384
Merit: 258
And people says we dont need an anonymous coin ? It's time for cryptonote technology to shine. its resistant to blockchain analysis. read about it here : http://en.wikipedia.org/wiki/CryptoNote or here: https://en.bitcoin.it/wiki/CryptoNote
Please, note that the "problem" discussed in this post isn't blockchain analysis per se, but network eavesdropping.
Ring signatures and stealth addresses won't help to solve this specific issue.
hero member
Activity: 723
Merit: 503
And people says we dont need an anonymous coin ? It's time for cryptonote technology to shine. its resistant to blockchain analysis. read about it here : http://en.wikipedia.org/wiki/CryptoNote or here: https://en.bitcoin.it/wiki/CryptoNote
sr. member
Activity: 384
Merit: 258
Good job Cryptowatch.com !

If I understand it right, the chainalysis mode of operation is for them to connect to as many nodes as possible, so if I do a transaction directly from ip A, which runs a full bitcoin core node, be it on a cable-connection or otherwise, if cainalysis is connected to the node where the tx is orginating, the ip-address of the node where the transaction was orginating is recorded within the chainalysis database.
They may also try to reproduce the experiment done by 3 researchers from the University of Luxembourg : http://arxiv.org/abs/1405.7418
If it's their mode of operation, blocking these IPs at individual node level won't be enough since information is leaked by the 8 outgoing peers.
It would require that all full nodes block these IPs. But as you've stated, that sounds like an unenforceable policy...

sr. member
Activity: 362
Merit: 252
is there a way to block certain ip in bitcoin.conf file?

You really want to use iptables (assuming you are on Linux and I cannot imagine why you would not be.) That way you never have to shut down the Daemon just to block an address.
What do you think of my ufw approach above? I find ufw easier to get than iptables.
member
Activity: 112
Merit: 10
is there a way to block certain ip in bitcoin.conf file?

You really want to use iptables (assuming you are on Linux and I cannot imagine why you would not be.) That way you never have to shut down the Daemon just to block an address.
legendary
Activity: 1092
Merit: 1000
I noticed that one of those nodes were connected to my own node, then I scanned it:

Starting Nmap 6.00 ( http://nmap.org ) at 2015-03-13 01:48 CET
Nmap scan report for 46.105.210.179
Host is up (0.065s latency).
Not shown: 996 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
445/tcp  filtered microsoft-ds
8080/tcp open     http-proxy
8333/tcp open     unknown

Do you port scan every bitcoin node that connects to you ? Why would you do that, what were your real intentions ...
newbie
Activity: 31
Merit: 0
Blocked the bad nodes as well.

Here's the list of ip's to block:


5.9.115.0/24
46.105.210.0/24
2001:41d0:a:605c::/48

46.105.210.194, 46.105.210.11, 46.105.210.255, 46.105.210.138, 46.105.210.196, 46.105.210.246, 46.105.210.220, 46.105.210.204, 46.105.210.179, 46.105.210.189, 46.105.210.10, 46.105.210.42,

Source: Reddit

I've had a few of those and another connected to my node, so add this one to the list as well: 46.105.210.137 .

Personally I've taken it to block 46.105.210.* since obviously we don't know all IP's involved (yet). What scares me is that it's relatively easy for people to evade blocks like this.

Looks like the people at mycellium and kraken are involved...
how do you block an IP in bitcoin core?
full member
Activity: 196
Merit: 103
Surely what they are saying they are doing is not really possible.  They cannot with certainty verify who is paying who.  They might be able to make probabilistic statements, but not certainty in all cases. 


Even probabilistic data is bad. They could use it for targeted advertising for instance.

Plausible deniability is not the be-all and end-all. Even if they don't know for sure it could be reason enough to put you under further surveillance.

Was it not that a person had all his electronic equipment confiscated and brought in for having a bitcoin-node associated with a rogue transaction displayed on blockchain.info earlier on?

If there are entities paying for analysis of the block chain, and it's acted upon (by law enforcement) data that cannot be fully trusted, it could cause lots of troubles.

Also, while blocking ip's of nefarious nodes is a temporarily solution, it's only an annoyance for the perpetrators, and given they have sufficient resources, they could further hide their activity as to not give away their intentions.

Given they have enough resources, they could even have automated ip-switching going on. Once an ip is blocked by a sufficient number of legit nodes, they just switch the ip of that node, and all of that could be automated. So in essence blocking the IP's are a bit like holding your hand over a hole in your rowing boat that is leaking in water, might give you some temporarily relief, but is not a lasting solution.

Now - it's near impossible to know who really controls a node, if they really want to go stealth. If a node acts like a normal node in all ways, why should it not be considered a normal node?

If I understand it right, the chainalysis mode of operation is for them to connect to as many nodes as possible, so if I do a transaction directly from ip A, which runs a full bitcoin core node, be it on a cable-connection or otherwise, if cainalysis is connected to the node where the tx is orginating, the ip-address of the node where the transaction was orginating is recorded within the chainalysis database. They will probably use many other sources to get more info about the owner of that ip-address. If they're only a private company they will have less data points to work with, but if they're an intel agency, there's virtually no limit as to how sophisticated the systems could be, in theory they could plugin directly to the customer database of ISP's and have names displayed in real time in association with the IP's. Information that could further be relayed and shared with relevant parties.

Bitcoin is only pseudonymous, as everyone can lock up a transaction in the block-chain, and I assume network analysis cannot be prevented, but I do think it should be made more difficult.

But a blacklist solution is dangerous. Who's to decide what goes on the blacklist, and who's to verify the decisions are correct? Perhaps some automated solution in bitcoin core where peers that's behaving unexpectedly could be automatically banned is a better solution? But again, that's much like holding hand over leaking hole, as if certain footprints reveals rogue nodes, they will only change their appearance to appear more legitimate. And I'm not sure, but I believe bitcoin traffic is unencrypted in transit, so what prevents an intel org from manipulating the traffic (making legit nodes appear rogue), in essence grinding the entire network to a halt if nodes automatically ban misbehaving nodes?

I'm no TOR expert, but I've noticed there's been much mumbling about TOR not being all that secure anymore, so would a normal user really be more secure if he used Bitcoin+TOR?

Since bitcoin is supposed to be trustless, if we started to make a whitelist of legit nodes, that would go against that ideal.

So, in reality, how do we ensure that most nodes on the network are legit, and what's the best method of blocking rogue nodes from connecting to your own node?

In my view, in essence it boils down to freedom and privacy. There's something fundamentally wrong when certain people need to exert "control" over others against their will.

hero member
Activity: 746
Merit: 502
Looking for advertising deal
is there a way to block certain ip in bitcoin.conf file?
sr. member
Activity: 362
Merit: 252
For Ubuntu you can use ufw.

Remark: UFW is a firewall! If you enable it in the default mode which is "deny all", all new connections on all ports will be denied while existing connections stay open (like your current ssh connection). Make sure to "ufw allow" all ports that you need before you enable ufw. Sometimes you forget a port, but if you are sshing into your server, always allow ssh before you do anything stupid. You can than open ports at a later stage through ssh.

Here it goes:

Code:
sudo -s
apt-get update
apt-get install ufw
#deny incoming from subnets
ufw deny from 5.9.115.0/24
ufw deny from 46.105.210.0/24
ufw deny from 2001:41d0:a:605c::/48
#deny outgoing to subnets
ufw deny out from any to 5.9.115.0/24
ufw deny out from any to 46.105.210.0/24
ufw deny out from any to 2001:41d0:a:605c::/48
#these are optional
ufw allow 22 #whatever port you are using for ssh
ufw allow 80 #if you have webserver running
ufw allow 443 #if you have a secure (https) web server running
#allow bitcoin
ufw allow 8333
#start ufw
ufw enable
#go back to normal user level
exit

The order is important. If you allow 8333 and deny incoming from ip ranges later, only the first rule applies.

Hope this does the trick. If I forgot something pleae tell me.
sr. member
Activity: 261
Merit: 523
Surely what they are saying they are doing is not really possible.  They cannot with certainty verify who is paying who.  They might be able to make probabilistic statements, but not certainty in all cases. 


Even probabilistic data is bad. They could use it for targeted advertising for instance.

Plausible deniability is not the be-all and end-all. Even if they don't know for sure it could be reason enough to put you under further surveillance.
member
Activity: 139
Merit: 10
Blocked the bad nodes as well.

Here's the list of ip's to block:


5.9.115.0/24
46.105.210.0/24
2001:41d0:a:605c::/48

46.105.210.194, 46.105.210.11, 46.105.210.255, 46.105.210.138, 46.105.210.196, 46.105.210.246, 46.105.210.220, 46.105.210.204, 46.105.210.179, 46.105.210.189, 46.105.210.10, 46.105.210.42,

Source: Reddit

I've had a few of those and another connected to my node, so add this one to the list as well: 46.105.210.137 .

Personally I've taken it to block 46.105.210.* since obviously we don't know all IP's involved (yet). What scares me is that it's relatively easy for people to evade blocks like this.

Looks like the people at mycellium and kraken are involved...
sr. member
Activity: 252
Merit: 251
Surely what they are saying they are doing is not really possible.  They cannot with certainty verify who is paying who.  They might be able to make probabilistic statements, but not certainty in all cases. 



depends on what exactly they offer.
if they are connected to more thn 75% of the network they certainly can tell what region of the world sent this transaction out first (not who crafted it... except if running bitcoind himself)

not sure who are this anonymous financial companies interested in this.

i'd say (tinfoil hat) its a service for nsa/bnd/fsb and so on
hero member
Activity: 770
Merit: 500
This is also a reminder to always use tor with Bitcoin 100% of the time (and to use a full node if you can), as that reduces the incentives to pull this kind of stunt.
Making this the default behavior would help both Bitcoin and Tor.
It seems that many synergies could be established between the two projects, since both are disruptive enough to attract the attention of big bad actors.
actually it's a good incentive to move past bitcoin and truly support a real anonymous currency (what that is yet I have no idea) that is the cash of the digital world. Because bitcoin isn't an anonymous currency and isn't going to be.
Pages:
Jump to: