* [Bitcoin-development] Zero-Conf for Full Node Discovery
@ 2015-05-26 4:06 Jim Phillips
2015-05-26 4:37 ` Matt Whitlock
0 siblings, 1 reply; 12+ messages in thread
From: Jim Phillips @ 2015-05-26 4:06 UTC (permalink / raw)
To: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 1176 bytes --]
Is there any work being done on using some kind of zero-conf service
discovery protocol so that lightweight clients can find a full node on the
same LAN to peer with rather than having to tie up WAN bandwidth?
I envision a future where lightweight devices within a home use SPV over
WiFi to connect with a home server which in turn relays the transactions
they create out to the larger and faster relays on the Internet.
In a situation where there are hundreds or thousands of small SPV devices
in a single home (if 21, Inc. is successful) monitoring the blockchain,
this could result in lower traffic across the slow WAN connection. And
yes, I realize it could potentially take a LOT of these devices before the
total bandwidth is greater than downloading a full copy of the blockchain,
but there's other reasons to host your own full node -- trust being one.
--
*James G. Phillips IV*
<https://plus.google.com/u/0/113107039501292625391/posts>
<http://www.linkedin.com/in/ergophobe>
*"Don't bunt. Aim out of the ball park. Aim for the company of immortals."
-- David Ogilvy*
*This message was created with 100% recycled electrons. Please think twice
before printing.*
[-- Attachment #2: Type: text/html, Size: 1888 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Bitcoin-development] Zero-Conf for Full Node Discovery
2015-05-26 4:06 [Bitcoin-development] Zero-Conf for Full Node Discovery Jim Phillips
@ 2015-05-26 4:37 ` Matt Whitlock
2015-05-26 4:46 ` Kevin Greene
2015-05-26 4:48 ` Jim Phillips
0 siblings, 2 replies; 12+ messages in thread
From: Matt Whitlock @ 2015-05-26 4:37 UTC (permalink / raw)
To: Jim Phillips; +Cc: bitcoin-development
This is very simple to do. Just ping the "all nodes" address (ff02::1) and try connecting to TCP port 8333 of each node that responds. Shouldn't take but more than a few milliseconds on any but the most densely populated LANs.
On Monday, 25 May 2015, at 11:06 pm, Jim Phillips wrote:
> Is there any work being done on using some kind of zero-conf service
> discovery protocol so that lightweight clients can find a full node on the
> same LAN to peer with rather than having to tie up WAN bandwidth?
>
> I envision a future where lightweight devices within a home use SPV over
> WiFi to connect with a home server which in turn relays the transactions
> they create out to the larger and faster relays on the Internet.
>
> In a situation where there are hundreds or thousands of small SPV devices
> in a single home (if 21, Inc. is successful) monitoring the blockchain,
> this could result in lower traffic across the slow WAN connection. And
> yes, I realize it could potentially take a LOT of these devices before the
> total bandwidth is greater than downloading a full copy of the blockchain,
> but there's other reasons to host your own full node -- trust being one.
>
> --
> *James G. Phillips IV*
> <https://plus.google.com/u/0/113107039501292625391/posts>
> <http://www.linkedin.com/in/ergophobe>
>
> *"Don't bunt. Aim out of the ball park. Aim for the company of immortals."
> -- David Ogilvy*
>
> *This message was created with 100% recycled electrons. Please think twice
> before printing.*
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Bitcoin-development] Zero-Conf for Full Node Discovery
2015-05-26 4:37 ` Matt Whitlock
@ 2015-05-26 4:46 ` Kevin Greene
2015-05-26 4:56 ` Matt Whitlock
2015-05-26 5:23 ` Luke Dashjr
2015-05-26 4:48 ` Jim Phillips
1 sibling, 2 replies; 12+ messages in thread
From: Kevin Greene @ 2015-05-26 4:46 UTC (permalink / raw)
To: Matt Whitlock; +Cc: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 2497 bytes --]
This is something you actually don't want. In order to make it as difficult
as possible for an attacker to perform a sybil attack, you want to choose a
set of peers that is as diverse, and unpredictable as possible.
On Mon, May 25, 2015 at 9:37 PM, Matt Whitlock <bip@mattwhitlock•name>
wrote:
> This is very simple to do. Just ping the "all nodes" address (ff02::1) and
> try connecting to TCP port 8333 of each node that responds. Shouldn't take
> but more than a few milliseconds on any but the most densely populated LANs.
>
>
> On Monday, 25 May 2015, at 11:06 pm, Jim Phillips wrote:
> > Is there any work being done on using some kind of zero-conf service
> > discovery protocol so that lightweight clients can find a full node on
> the
> > same LAN to peer with rather than having to tie up WAN bandwidth?
> >
> > I envision a future where lightweight devices within a home use SPV over
> > WiFi to connect with a home server which in turn relays the transactions
> > they create out to the larger and faster relays on the Internet.
> >
> > In a situation where there are hundreds or thousands of small SPV devices
> > in a single home (if 21, Inc. is successful) monitoring the blockchain,
> > this could result in lower traffic across the slow WAN connection. And
> > yes, I realize it could potentially take a LOT of these devices before
> the
> > total bandwidth is greater than downloading a full copy of the
> blockchain,
> > but there's other reasons to host your own full node -- trust being one.
> >
> > --
> > *James G. Phillips IV*
> > <https://plus.google.com/u/0/113107039501292625391/posts>
> > <http://www.linkedin.com/in/ergophobe>
> >
> > *"Don't bunt. Aim out of the ball park. Aim for the company of
> immortals."
> > -- David Ogilvy*
> >
> > *This message was created with 100% recycled electrons. Please think
> twice
> > before printing.*
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
[-- Attachment #2: Type: text/html, Size: 3562 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Bitcoin-development] Zero-Conf for Full Node Discovery
2015-05-26 4:37 ` Matt Whitlock
2015-05-26 4:46 ` Kevin Greene
@ 2015-05-26 4:48 ` Jim Phillips
2015-05-26 4:52 ` Matt Whitlock
1 sibling, 1 reply; 12+ messages in thread
From: Jim Phillips @ 2015-05-26 4:48 UTC (permalink / raw)
To: Matt Whitlock; +Cc: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 1690 bytes --]
Do any wallets actually do this yet?
On May 25, 2015 11:37 PM, "Matt Whitlock" <bip@mattwhitlock•name> wrote:
> This is very simple to do. Just ping the "all nodes" address (ff02::1) and
> try connecting to TCP port 8333 of each node that responds. Shouldn't take
> but more than a few milliseconds on any but the most densely populated LANs.
>
>
> On Monday, 25 May 2015, at 11:06 pm, Jim Phillips wrote:
> > Is there any work being done on using some kind of zero-conf service
> > discovery protocol so that lightweight clients can find a full node on
> the
> > same LAN to peer with rather than having to tie up WAN bandwidth?
> >
> > I envision a future where lightweight devices within a home use SPV over
> > WiFi to connect with a home server which in turn relays the transactions
> > they create out to the larger and faster relays on the Internet.
> >
> > In a situation where there are hundreds or thousands of small SPV devices
> > in a single home (if 21, Inc. is successful) monitoring the blockchain,
> > this could result in lower traffic across the slow WAN connection. And
> > yes, I realize it could potentially take a LOT of these devices before
> the
> > total bandwidth is greater than downloading a full copy of the
> blockchain,
> > but there's other reasons to host your own full node -- trust being one.
> >
> > --
> > *James G. Phillips IV*
> > <https://plus.google.com/u/0/113107039501292625391/posts>
> > <http://www.linkedin.com/in/ergophobe>
> >
> > *"Don't bunt. Aim out of the ball park. Aim for the company of
> immortals."
> > -- David Ogilvy*
> >
> > *This message was created with 100% recycled electrons. Please think
> twice
> > before printing.*
>
[-- Attachment #2: Type: text/html, Size: 2283 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Bitcoin-development] Zero-Conf for Full Node Discovery
2015-05-26 4:48 ` Jim Phillips
@ 2015-05-26 4:52 ` Matt Whitlock
2015-05-26 5:15 ` Peter Todd
0 siblings, 1 reply; 12+ messages in thread
From: Matt Whitlock @ 2015-05-26 4:52 UTC (permalink / raw)
To: Jim Phillips; +Cc: Bitcoin Dev
On Monday, 25 May 2015, at 11:48 pm, Jim Phillips wrote:
> Do any wallets actually do this yet?
Not that I know of, but they do seed their address database via DNS, which you can poison if you control the LAN's DNS resolver. I did this for a Bitcoin-only Wi-Fi network I operated at a remote festival. We had well over a hundred lightweight wallets, all trying to connect to the Bitcoin P2P network over a very bandwidth-constrained Internet link, so I poisoned the DNS and rejected all outbound connection attempts on port 8333, to force all the wallets to connect to a single local full node, which had connectivity to a single remote node over the Internet. Thus, all the lightweight wallets at the festival had Bitcoin network connectivity, but we only needed to backhaul the Bitcoin network's transaction traffic once.
> On May 25, 2015 11:37 PM, "Matt Whitlock" <bip@mattwhitlock•name> wrote:
>
> > This is very simple to do. Just ping the "all nodes" address (ff02::1) and
> > try connecting to TCP port 8333 of each node that responds. Shouldn't take
> > but more than a few milliseconds on any but the most densely populated LANs.
> >
> >
> > On Monday, 25 May 2015, at 11:06 pm, Jim Phillips wrote:
> > > Is there any work being done on using some kind of zero-conf service
> > > discovery protocol so that lightweight clients can find a full node on
> > the
> > > same LAN to peer with rather than having to tie up WAN bandwidth?
> > >
> > > I envision a future where lightweight devices within a home use SPV over
> > > WiFi to connect with a home server which in turn relays the transactions
> > > they create out to the larger and faster relays on the Internet.
> > >
> > > In a situation where there are hundreds or thousands of small SPV devices
> > > in a single home (if 21, Inc. is successful) monitoring the blockchain,
> > > this could result in lower traffic across the slow WAN connection. And
> > > yes, I realize it could potentially take a LOT of these devices before
> > the
> > > total bandwidth is greater than downloading a full copy of the
> > blockchain,
> > > but there's other reasons to host your own full node -- trust being one.
> > >
> > > --
> > > *James G. Phillips IV*
> > > <https://plus.google.com/u/0/113107039501292625391/posts>
> > > <http://www.linkedin.com/in/ergophobe>
> > >
> > > *"Don't bunt. Aim out of the ball park. Aim for the company of
> > immortals."
> > > -- David Ogilvy*
> > >
> > > *This message was created with 100% recycled electrons. Please think
> > twice
> > > before printing.*
> >
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Bitcoin-development] Zero-Conf for Full Node Discovery
2015-05-26 4:46 ` Kevin Greene
@ 2015-05-26 4:56 ` Matt Whitlock
2015-05-26 5:12 ` Kevin Greene
2015-05-26 5:23 ` Luke Dashjr
1 sibling, 1 reply; 12+ messages in thread
From: Matt Whitlock @ 2015-05-26 4:56 UTC (permalink / raw)
To: Kevin Greene; +Cc: Bitcoin Dev
Who would be performing a Sybil attack against themselves? We're talking about a LAN here. All the nodes would be under the control of the same entity. In that case, you actually want them all connecting solely to a central hub node on the LAN, and the hub node should connect to "diverse and unpredictable" other nodes on the Bitcoin network.
On Monday, 25 May 2015, at 9:46 pm, Kevin Greene wrote:
> This is something you actually don't want. In order to make it as difficult
> as possible for an attacker to perform a sybil attack, you want to choose a
> set of peers that is as diverse, and unpredictable as possible.
>
>
> On Mon, May 25, 2015 at 9:37 PM, Matt Whitlock <bip@mattwhitlock•name>
> wrote:
>
> > This is very simple to do. Just ping the "all nodes" address (ff02::1) and
> > try connecting to TCP port 8333 of each node that responds. Shouldn't take
> > but more than a few milliseconds on any but the most densely populated LANs.
> >
> >
> > On Monday, 25 May 2015, at 11:06 pm, Jim Phillips wrote:
> > > Is there any work being done on using some kind of zero-conf service
> > > discovery protocol so that lightweight clients can find a full node on
> > the
> > > same LAN to peer with rather than having to tie up WAN bandwidth?
> > >
> > > I envision a future where lightweight devices within a home use SPV over
> > > WiFi to connect with a home server which in turn relays the transactions
> > > they create out to the larger and faster relays on the Internet.
> > >
> > > In a situation where there are hundreds or thousands of small SPV devices
> > > in a single home (if 21, Inc. is successful) monitoring the blockchain,
> > > this could result in lower traffic across the slow WAN connection. And
> > > yes, I realize it could potentially take a LOT of these devices before
> > the
> > > total bandwidth is greater than downloading a full copy of the
> > blockchain,
> > > but there's other reasons to host your own full node -- trust being one.
> > >
> > > --
> > > *James G. Phillips IV*
> > > <https://plus.google.com/u/0/113107039501292625391/posts>
> > > <http://www.linkedin.com/in/ergophobe>
> > >
> > > *"Don't bunt. Aim out of the ball park. Aim for the company of
> > immortals."
> > > -- David Ogilvy*
> > >
> > > *This message was created with 100% recycled electrons. Please think
> > twice
> > > before printing.*
> >
> >
> > ------------------------------------------------------------------------------
> > One dashboard for servers and applications across Physical-Virtual-Cloud
> > Widest out-of-the-box monitoring support with 50+ applications
> > Performance metrics, stats and reports that give you Actionable Insights
> > Deep dive visibility with transaction tracing using APM Insight.
> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> > _______________________________________________
> > Bitcoin-development mailing list
> > Bitcoin-development@lists•sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> >
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Bitcoin-development] Zero-Conf for Full Node Discovery
2015-05-26 4:56 ` Matt Whitlock
@ 2015-05-26 5:12 ` Kevin Greene
0 siblings, 0 replies; 12+ messages in thread
From: Kevin Greene @ 2015-05-26 5:12 UTC (permalink / raw)
To: Matt Whitlock; +Cc: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 3719 bytes --]
This is true, but the device doesn't know if the LAN it's on is a safe
network or a hotel wifi, for example. So there would be a tricky UX there.
You'd have to ask the user during set up if this is a trusted LAN or not;
or something like that. That may not be an issue though depending on the
nature of the product. For example, Chromecast doesn't need any security
protections against trolls on the same LAN. I guess it just depends on what
you're planning to build.
On Mon, May 25, 2015 at 9:56 PM, Matt Whitlock <bip@mattwhitlock•name>
wrote:
> Who would be performing a Sybil attack against themselves? We're talking
> about a LAN here. All the nodes would be under the control of the same
> entity. In that case, you actually want them all connecting solely to a
> central hub node on the LAN, and the hub node should connect to "diverse
> and unpredictable" other nodes on the Bitcoin network.
>
>
> On Monday, 25 May 2015, at 9:46 pm, Kevin Greene wrote:
> > This is something you actually don't want. In order to make it as
> difficult
> > as possible for an attacker to perform a sybil attack, you want to
> choose a
> > set of peers that is as diverse, and unpredictable as possible.
> >
> >
> > On Mon, May 25, 2015 at 9:37 PM, Matt Whitlock <bip@mattwhitlock•name>
> > wrote:
> >
> > > This is very simple to do. Just ping the "all nodes" address (ff02::1)
> and
> > > try connecting to TCP port 8333 of each node that responds. Shouldn't
> take
> > > but more than a few milliseconds on any but the most densely populated
> LANs.
> > >
> > >
> > > On Monday, 25 May 2015, at 11:06 pm, Jim Phillips wrote:
> > > > Is there any work being done on using some kind of zero-conf service
> > > > discovery protocol so that lightweight clients can find a full node
> on
> > > the
> > > > same LAN to peer with rather than having to tie up WAN bandwidth?
> > > >
> > > > I envision a future where lightweight devices within a home use SPV
> over
> > > > WiFi to connect with a home server which in turn relays the
> transactions
> > > > they create out to the larger and faster relays on the Internet.
> > > >
> > > > In a situation where there are hundreds or thousands of small SPV
> devices
> > > > in a single home (if 21, Inc. is successful) monitoring the
> blockchain,
> > > > this could result in lower traffic across the slow WAN connection.
> And
> > > > yes, I realize it could potentially take a LOT of these devices
> before
> > > the
> > > > total bandwidth is greater than downloading a full copy of the
> > > blockchain,
> > > > but there's other reasons to host your own full node -- trust being
> one.
> > > >
> > > > --
> > > > *James G. Phillips IV*
> > > > <https://plus.google.com/u/0/113107039501292625391/posts>
> > > > <http://www.linkedin.com/in/ergophobe>
> > > >
> > > > *"Don't bunt. Aim out of the ball park. Aim for the company of
> > > immortals."
> > > > -- David Ogilvy*
> > > >
> > > > *This message was created with 100% recycled electrons. Please think
> > > twice
> > > > before printing.*
> > >
> > >
> > >
> ------------------------------------------------------------------------------
> > > One dashboard for servers and applications across
> Physical-Virtual-Cloud
> > > Widest out-of-the-box monitoring support with 50+ applications
> > > Performance metrics, stats and reports that give you Actionable
> Insights
> > > Deep dive visibility with transaction tracing using APM Insight.
> > > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> > > _______________________________________________
> > > Bitcoin-development mailing list
> > > Bitcoin-development@lists•sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> > >
>
[-- Attachment #2: Type: text/html, Size: 5191 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Bitcoin-development] Zero-Conf for Full Node Discovery
2015-05-26 4:52 ` Matt Whitlock
@ 2015-05-26 5:15 ` Peter Todd
2015-05-26 5:47 ` Matt Whitlock
0 siblings, 1 reply; 12+ messages in thread
From: Peter Todd @ 2015-05-26 5:15 UTC (permalink / raw)
To: Matt Whitlock; +Cc: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 1045 bytes --]
On Tue, May 26, 2015 at 12:52:07AM -0400, Matt Whitlock wrote:
> On Monday, 25 May 2015, at 11:48 pm, Jim Phillips wrote:
> > Do any wallets actually do this yet?
>
> Not that I know of, but they do seed their address database via DNS, which you can poison if you control the LAN's DNS resolver. I did this for a Bitcoin-only Wi-Fi network I operated at a remote festival. We had well over a hundred lightweight wallets, all trying to connect to the Bitcoin P2P network over a very bandwidth-constrained Internet link, so I poisoned the DNS and rejected all outbound connection attempts on port 8333, to force all the wallets to connect to a single local full node, which had connectivity to a single remote node over the Internet. Thus, all the lightweight wallets at the festival had Bitcoin network connectivity, but we only needed to backhaul the Bitcoin network's transaction traffic once.
Interesting!
What festival was this?
--
'peter'[:-1]@petertodd.org
000000000000000003ce9f2f90736ab7bd24d29f40346057f9e217b3753896bb
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Bitcoin-development] Zero-Conf for Full Node Discovery
2015-05-26 4:46 ` Kevin Greene
2015-05-26 4:56 ` Matt Whitlock
@ 2015-05-26 5:23 ` Luke Dashjr
1 sibling, 0 replies; 12+ messages in thread
From: Luke Dashjr @ 2015-05-26 5:23 UTC (permalink / raw)
To: bitcoin-development
On Tuesday, May 26, 2015 4:46:22 AM Kevin Greene wrote:
> This is something you actually don't want. In order to make it as difficult
> as possible for an attacker to perform a sybil attack, you want to choose a
> set of peers that is as diverse, and unpredictable as possible.
It doesn't hurt to have a local node or two, though. Might as well to improve
propagation, while maintaining the other peers to avoid sybil attacks.
Luke
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Bitcoin-development] Zero-Conf for Full Node Discovery
2015-05-26 5:15 ` Peter Todd
@ 2015-05-26 5:47 ` Matt Whitlock
2015-05-26 10:48 ` Mike Hearn
0 siblings, 1 reply; 12+ messages in thread
From: Matt Whitlock @ 2015-05-26 5:47 UTC (permalink / raw)
To: Peter Todd; +Cc: Bitcoin Dev
On Tuesday, 26 May 2015, at 1:15 am, Peter Todd wrote:
> On Tue, May 26, 2015 at 12:52:07AM -0400, Matt Whitlock wrote:
> > On Monday, 25 May 2015, at 11:48 pm, Jim Phillips wrote:
> > > Do any wallets actually do this yet?
> >
> > Not that I know of, but they do seed their address database via DNS, which you can poison if you control the LAN's DNS resolver. I did this for a Bitcoin-only Wi-Fi network I operated at a remote festival. We had well over a hundred lightweight wallets, all trying to connect to the Bitcoin P2P network over a very bandwidth-constrained Internet link, so I poisoned the DNS and rejected all outbound connection attempts on port 8333, to force all the wallets to connect to a single local full node, which had connectivity to a single remote node over the Internet. Thus, all the lightweight wallets at the festival had Bitcoin network connectivity, but we only needed to backhaul the Bitcoin network's transaction traffic once.
>
> Interesting!
>
> What festival was this?
The Porcupine Freedom Festival ("PorcFest") in New Hampshire last summer. I strongly suspect that it's the largest gathering of Bitcoin users at any event that is not specifically Bitcoin-themed. There's a lot of overlap between the Bitcoin and liberty communities. PorcFest draws somewhere around 1000-2000 attendees, a solid quarter of whom have Bitcoin wallets on their mobile devices.
The backhaul was a 3G cellular Internet connection, and the local Bitcoin node and network router were hosted on a Raspberry Pi with some Netfilter tricks to restrict connectivity. The net result was that all Bitcoin nodes (lightweight and heavyweight) on the local Wi-Fi network were unable to connect to any Bitcoin nodes except for the local node, which they discovered via DNS. I also had provisions in place to allow outbound connectivity to the API servers for Mycelium, Blockchain, and Coinbase wallets, by feeding the DNS resolver's results in real-time into a whitelisting Netfilter rule utilizing IP Sets.
For your amusement, here's the graphic for the banner that I had made to advertise the network at the festival (*chuckle*): http://www.mattwhitlock.com/bitcoin_wifi.png
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Bitcoin-development] Zero-Conf for Full Node Discovery
2015-05-26 5:47 ` Matt Whitlock
@ 2015-05-26 10:48 ` Mike Hearn
2015-05-27 10:16 ` Louis Rossouw
0 siblings, 1 reply; 12+ messages in thread
From: Mike Hearn @ 2015-05-26 10:48 UTC (permalink / raw)
To: Matt Whitlock; +Cc: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 3427 bytes --]
Very interesting Matt.
For what it's worth, in future bitcoinj is very likely to bootstrap from
Cartographer nodes (signed HTTP) rather than DNS, and we're also steadily
working towards Tor by default. So this approach will probably stop working
at some point. As breaking PorcFest would kind of suck, we might want a
ZeroConf/Rendezvous solution in place so local LANs can capture Bitcoin
traffic away from Tor (with some notification to the user, presumably).
On Tue, May 26, 2015 at 7:47 AM, Matt Whitlock <bip@mattwhitlock•name>
wrote:
> On Tuesday, 26 May 2015, at 1:15 am, Peter Todd wrote:
> > On Tue, May 26, 2015 at 12:52:07AM -0400, Matt Whitlock wrote:
> > > On Monday, 25 May 2015, at 11:48 pm, Jim Phillips wrote:
> > > > Do any wallets actually do this yet?
> > >
> > > Not that I know of, but they do seed their address database via DNS,
> which you can poison if you control the LAN's DNS resolver. I did this for
> a Bitcoin-only Wi-Fi network I operated at a remote festival. We had well
> over a hundred lightweight wallets, all trying to connect to the Bitcoin
> P2P network over a very bandwidth-constrained Internet link, so I poisoned
> the DNS and rejected all outbound connection attempts on port 8333, to
> force all the wallets to connect to a single local full node, which had
> connectivity to a single remote node over the Internet. Thus, all the
> lightweight wallets at the festival had Bitcoin network connectivity, but
> we only needed to backhaul the Bitcoin network's transaction traffic once.
> >
> > Interesting!
> >
> > What festival was this?
>
> The Porcupine Freedom Festival ("PorcFest") in New Hampshire last summer.
> I strongly suspect that it's the largest gathering of Bitcoin users at any
> event that is not specifically Bitcoin-themed. There's a lot of overlap
> between the Bitcoin and liberty communities. PorcFest draws somewhere
> around 1000-2000 attendees, a solid quarter of whom have Bitcoin wallets on
> their mobile devices.
>
> The backhaul was a 3G cellular Internet connection, and the local Bitcoin
> node and network router were hosted on a Raspberry Pi with some Netfilter
> tricks to restrict connectivity. The net result was that all Bitcoin nodes
> (lightweight and heavyweight) on the local Wi-Fi network were unable to
> connect to any Bitcoin nodes except for the local node, which they
> discovered via DNS. I also had provisions in place to allow outbound
> connectivity to the API servers for Mycelium, Blockchain, and Coinbase
> wallets, by feeding the DNS resolver's results in real-time into a
> whitelisting Netfilter rule utilizing IP Sets.
>
> For your amusement, here's the graphic for the banner that I had made to
> advertise the network at the festival (*chuckle*):
> http://www.mattwhitlock.com/bitcoin_wifi.png
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
[-- Attachment #2: Type: text/html, Size: 4307 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Bitcoin-development] Zero-Conf for Full Node Discovery
2015-05-26 10:48 ` Mike Hearn
@ 2015-05-27 10:16 ` Louis Rossouw
0 siblings, 0 replies; 12+ messages in thread
From: Louis Rossouw @ 2015-05-27 10:16 UTC (permalink / raw)
To: Mike Hearn, Matt Whitlock; +Cc: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 4739 bytes --]
Also think it would be useful.
Created an issue for it some time back:
https://github.com/bitcoin/bitcoin/issues/3802
I think nodes don't "only" have to connect to LAN nodes. Especially with
headers first.
They can still connect to other nodes as well. Having said that security
is problematic in any case on a hotel wifi or similar. All traffic can be
spoofed.
With HF they'd be loading most of the data from the LAN node though.
This will help people having multiple nodes at home reduce bandwidth and
improve sync without difficult setup.
On Tue, 26 May 2015 at 12:50 Mike Hearn <mike@plan99•net> wrote:
> Very interesting Matt.
>
> For what it's worth, in future bitcoinj is very likely to bootstrap from
> Cartographer nodes (signed HTTP) rather than DNS, and we're also steadily
> working towards Tor by default. So this approach will probably stop working
> at some point. As breaking PorcFest would kind of suck, we might want a
> ZeroConf/Rendezvous solution in place so local LANs can capture Bitcoin
> traffic away from Tor (with some notification to the user, presumably).
>
>
>
> On Tue, May 26, 2015 at 7:47 AM, Matt Whitlock <bip@mattwhitlock•name>
> wrote:
>
>> On Tuesday, 26 May 2015, at 1:15 am, Peter Todd wrote:
>> > On Tue, May 26, 2015 at 12:52:07AM -0400, Matt Whitlock wrote:
>> > > On Monday, 25 May 2015, at 11:48 pm, Jim Phillips wrote:
>> > > > Do any wallets actually do this yet?
>> > >
>> > > Not that I know of, but they do seed their address database via DNS,
>> which you can poison if you control the LAN's DNS resolver. I did this for
>> a Bitcoin-only Wi-Fi network I operated at a remote festival. We had well
>> over a hundred lightweight wallets, all trying to connect to the Bitcoin
>> P2P network over a very bandwidth-constrained Internet link, so I poisoned
>> the DNS and rejected all outbound connection attempts on port 8333, to
>> force all the wallets to connect to a single local full node, which had
>> connectivity to a single remote node over the Internet. Thus, all the
>> lightweight wallets at the festival had Bitcoin network connectivity, but
>> we only needed to backhaul the Bitcoin network's transaction traffic once.
>> >
>> > Interesting!
>> >
>> > What festival was this?
>>
>> The Porcupine Freedom Festival ("PorcFest") in New Hampshire last summer.
>> I strongly suspect that it's the largest gathering of Bitcoin users at any
>> event that is not specifically Bitcoin-themed. There's a lot of overlap
>> between the Bitcoin and liberty communities. PorcFest draws somewhere
>> around 1000-2000 attendees, a solid quarter of whom have Bitcoin wallets on
>> their mobile devices.
>>
>> The backhaul was a 3G cellular Internet connection, and the local Bitcoin
>> node and network router were hosted on a Raspberry Pi with some Netfilter
>> tricks to restrict connectivity. The net result was that all Bitcoin nodes
>> (lightweight and heavyweight) on the local Wi-Fi network were unable to
>> connect to any Bitcoin nodes except for the local node, which they
>> discovered via DNS. I also had provisions in place to allow outbound
>> connectivity to the API servers for Mycelium, Blockchain, and Coinbase
>> wallets, by feeding the DNS resolver's results in real-time into a
>> whitelisting Netfilter rule utilizing IP Sets.
>>
>> For your amusement, here's the graphic for the banner that I had made to
>> advertise the network at the festival (*chuckle*):
>> http://www.mattwhitlock.com/bitcoin_wifi.png
>>
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists•sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
[-- Attachment #2: Type: text/html, Size: 6189 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2015-05-27 10:16 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-05-26 4:06 [Bitcoin-development] Zero-Conf for Full Node Discovery Jim Phillips
2015-05-26 4:37 ` Matt Whitlock
2015-05-26 4:46 ` Kevin Greene
2015-05-26 4:56 ` Matt Whitlock
2015-05-26 5:12 ` Kevin Greene
2015-05-26 5:23 ` Luke Dashjr
2015-05-26 4:48 ` Jim Phillips
2015-05-26 4:52 ` Matt Whitlock
2015-05-26 5:15 ` Peter Todd
2015-05-26 5:47 ` Matt Whitlock
2015-05-26 10:48 ` Mike Hearn
2015-05-27 10:16 ` Louis Rossouw
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox