Preventing a fresh node from finding peers #12517

This may not be very high priority, because the attacker needs to be able to reroute DNS entries, and the impact is simply that the node never syncs.

Approach: reroute all the DNS seeds in chainparams.cpp to some other IP on which a regular (non DNS seeder) bitcoin node is running, e.g. by editing /etc/hosts on the target machine, or by intercepting DNS queries from the node

Result: the node will add the regular (non DNS seeder) bitcoin node to its address manager as a DNS seeder. It will not fall back to seed nodes, because its address manager is non-empty, but it will not sync either, because its peers are all DNS seeder only.

Fix: count DNS seeder peers as seeders and require addrman.size() > seeders instead of == 0: https://github.com/bitcoin/bitcoin/blob/aae64a21ba25ca86fe2bbb581681dc20d613fb44/src/net.cpp#L1768

The proposed fix is also trivial to bypass. While it catches the simple /etc/hosts change (which is limited to 1 IP per name), it is rather simple to setup a rogue DNS node that just returns IPs the attacker controls. This is part of the usual bootstrapping problem which is unsolved. You'll just have to trust your ISP, or whoever acts as your DNS server, not to tamper with Bitcoin related queries.

@fanquake can this be closed? as @cdecker mentioned this is trivial to bypass. Additionally, you can always addnode a known and trusted node before sync.

I agree with jarolrod's comment. Closing now and can re-open if there are objections.

addnode doesn't work if your ISP doesn't let you do that ;)