public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: s7r <s7r@sky-ip•org>
To: bitcoin-development@lists•sourceforge.net
Subject: Re: [Bitcoin-development] Abnormally Large Tor node accepting only Bitcoin traffic
Date: Mon, 28 Jul 2014 14:37:07 +0300	[thread overview]
Message-ID: <53D635E3.6030704@sky-ip.org> (raw)
In-Reply-To: <CAAS2fgRVUbEM=7KQt-Haue=+sgAFu=HrfDdS0hhatNawci_eZQ@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 7/28/2014 6:44 AM, Gregory Maxwell wrote:
> On Sun, Jul 27, 2014 at 7:54 PM, mbde@bitwatch•co
> <mbde@bitwatch•co> wrote:
>> These website list Tor nodes by bandwidth:
>> 
>> http://torstatus.blutmagie.de/index.php 
>> https://torstatus.rueckgr.at/index.php?SR=Bandwidth&SO=Desc
>> 
>> And the details reveal it's a port 8333 only exit node: 
>> http://torstatus.blutmagie.de/router_detail.php?FP=0d6d2caafbb32ba85ee5162395f610ae42930124
>
>> 
> As I pointed out above, — it isn't really.  Without the exit flag,
> I believe no tor node will select it to exit 8333 unless manually 
> configured. (someone following tor more closely than I could
> correct if I'm wrong here)
> 
> 
>> blockchain.info has some records about the related IP going back
>> to the end of this May:
>> 
>> https://blockchain.info/ip-address/5.9.93.101?offset=300
> 
> dsnrk and mr_burdell on freenode show that the bitnodes crawler
> showed it accepting _inbound_ bitcoin connections 2-3 weeks ago,
> though it doesn't now.
> 
> Fits a pattern of someone running a bitcoin node widely connecting
> to everyone it can on IPv4 in order to try to deanonymize people,
> and also running a tor exit (and locally intercepting 8333 there),
> but I suspect the tor exit part is not actually working— though
> they're trying to get it working by accepting huge amounts of relay
> bandwidth.
> 
> I'm trying to manually exit through it so I can see if its 
> intercepting the connections, but I seem to not be able.
> 
> Some other data from the hosts its connecting out to proves that
> its lying about what software its running (I'm hesitant to just say
> how I can be sure of that, since doing so just tells someone how to
> do a more faithful emulation; so that that for whatever its
> worth).
> 
> ------------------------------------------------------------------------------
>
> 
Infragistics Professional
> Build stunning WinForms apps today! Reboot your WinForms
> applications with our WinForms controls. Build a bridge from your
> legacy apps to the future. 
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
>
> 
_______________________________________________
> Bitcoin-development mailing list 
> Bitcoin-development@lists•sourceforge.net 
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> 


The thing is, if it doesn't have the exit flag it cannot generate lots
of traffic from real good-intended clients, because it's quite hard
for clients to choose this Node as ËXIT in their path if it doesn't
have the exit flag. So the traffic comes from clients who specifically
added "ExitNode <fingerprint>" in their torrc and only use that Tor
instance for Bitcoin. So, someone build this custom Tor node for
themselves only, for plausible den. A pool could be the cause as it
was earlier discussed here...

The thing is I cannot find this node on atlas, globe or blutmagie can
you please provide fingerprint and IP address again? So I may ignore
it on my relays and talk to some people about it?
- -- 
s7r
PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJT1jXjAAoJEIN/pSyBJlsRjqgIAIFxHcypU6KUaNdSvESADilM
kFiitf00f4Uy9tBwSLVPQw+I2L1EmMiCNvqG4RRjV2+/PS696HCz0Jt0gVaGlMPl
DHQSHsozx3BaXi5PpGeLl7uSNLHlEdytytZ8xb08I4IuqcNNHzvxnou7gXapeezC
PuSABsxVLpDn+OP7QLRy/PlL948Yfgbxwb9dcn+lUdgDlByxxhMmOrk+o/VdGfnh
cL/C+qgpuJiI/wrQridtBmxU8h7Z6TKKua7eWONyg6MrnjwWuZTumhAGO2H4X1Na
IZiCmhEwtxb97TMG0EvgcZTeRzfzoddTnOe6ZEsiqOZ7qPNjFJ2i8RoSOI3gUCQ=
=t3Mb
-----END PGP SIGNATURE-----

next prev parent reply	other threads:[~2014-07-28 12:02 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-07-28  2:12 Jeremy
2014-07-28  2:17 ` Jeremy
2014-07-28  2:29 ` Gregory Maxwell
2014-07-28  2:40 ` Peter Todd
2014-07-28  2:45   ` Gregory Maxwell
2014-07-28  2:49     ` Michael Wozniak
2014-07-28  2:54       ` mbde
2014-07-28  3:44         ` Gregory Maxwell
2014-07-28  7:41           ` Drak
2014-07-28 10:16           ` Mike Hearn
2014-07-28 11:28             ` Peter Todd
2014-07-28 12:31               ` Robert McKay
2014-07-28 14:08                 ` Gregory Maxwell
2014-07-28 16:13                   ` s7r
2014-07-28 11:37           ` s7r [this message]
2014-07-28  3:13       ` Robert McKay
2014-07-28  3:07     ` Gregory Maxwell
2014-07-28  3:12 Anatole Shaw

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=53D635E3.6030704@sky-ip.org \
    --to=s7r@sky-ip$(echo .)org \
    --cc=bitcoin-development@lists$(echo .)sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox