Published on: 2014-07-31T12:59:17+00:00
Jameson Lopp, a Bitcoin developer, discusses the request volume and abuse on his public node at statoshi.info. He notes that his node receives a "getaddr" request every 50 seconds and sends out a low volume of "addr" messages. Lopp believes that these requests are not resource-intensive, but he is willing to add timing metrics if necessary. Mike Hearn responds by mentioning that the web has survived constant fast crawls for the past decade and suggests not worrying unless a significant amount of resources are being used. This discussion took place in July 2014 on the Bitcoin-development mailing list.The possibility of dealing with constant fast crawls is brought up, but it is noted that the web has managed to survive this for many years. Therefore, there is no immediate need for concern unless a significant amount of resources are being used to answer queries.The context involves a discussion between two individuals regarding requests seen on Jeff's public nodes. It is believed that these requests came from a crawler at IP address 148.251.238.178, which takes snapshots of the network of reachable nodes every few minutes. However, the source of the requests cannot be confirmed since there is no IP address in the log. The individual provides a sample log of a request from their crawler and explains that they want to be able to compare snapshots to track join and leave nodes. They also mention plans to improve their method by skipping new connections with currently reachable nodes while still being able to perform the comparison. Jeff Garzik reports abusive behavior on one of his public nodes, where someone is rapidly reconnecting without reason. Other seeders are also rapidly reconnecting, although with a slightly wider time window. The version message reveals Garzik's own IP address but not the abusers'. Garzik is identified as a Bitcoin core developer and open source evangelist at BitPay, Inc.The email thread discusses the issue of abusive behavior in the Bitcoin network, where certain connections are sending frequent requests. The concern is that this behavior could be used for DDoS attacks and deep scans to gather harmful information about the Bitcoin network. It is difficult to authenticate these connections, but Neil suggests blocking those that send incorrect information like IP addresses of 0.0.0.0 or the users' own IP. However, this may lead to spoofing regular clients, which is undesirable. It is clear that this issue needs to be addressed, although a solution has not been found yet.The email thread also delves into the behavior of a Bitcoin crawler software, specifically its frequency of reconnection. The author notes that the software should not reconnect more than once every 15 minutes, but there is speculation that two connections may actually be different instances. The conversation then shifts to the usefulness of the version message in determining IP addresses. It is suggested to use "-logips" to log peer IPs, although this feature was disabled by default after a specific issue. Wladimir also observes abusive behavior and questions the need for such frequent requests.In summary, Jameson Lopp discusses request volume and abuse on his public node, while Mike Hearn suggests not worrying unless a significant amount of resources are being used. The discussion involves a crawler software and concerns about abusive behavior and the lack of IP address information in the version message. Jeff Garzik reports abusive behavior on his public nodes and notes the absence of the abusers' IP addresses. The email thread explores possible solutions and highlights the need to address these issues in the Bitcoin network.
Updated on: 2023-08-01T10:08:27.970436+00:00