Possible to Ban Clients by Name? #30036

issue IAmAdamRest openend this issue on May 3, 2024
  1. IAmAdamRest commented at 8:15 pm on May 3, 2024: none

    Please describe the feature you’d like to see added.

    Thousands of “/Satoshi-BTC(Bitcoin Finance):0.15.1/” peers are suddenly connecting to my two nodes and sending GIGABYTES of information even though my nodes are fully synced, this doesn’t feel like expected behavior.

    Can we have a way to ban something like this? They are connecting from only cloud providers or inside mainland China. I can barely keep up banning these. Is it possible to have a way to reject this sort of thing from happening automatically?

    Edit: They connect like twenty at a time and by the time I ban them, the whole screen has filled up with more and I have been fighting them off for HOURS now. This does not feel like legitimate network activity at all.

    No response

    Describe the solution you’d like

    No response

    Describe any alternatives you’ve considered

    No response

    Please leave any additional context

    No response

  2. IAmAdamRest added the label Feature on May 3, 2024
  3. pinheadmz commented at 8:30 pm on May 3, 2024: member
    You can not ban by user agent (that is very easily spoofed) but you can ban a range of IPs. What exactly is happening here? What are you receiving? Bitcoin Core already has lots of DoS mitigation mechanisms.
  4. brunoerg commented at 9:27 pm on May 3, 2024: contributor
    I don’t think it would be effective. If we implemented something like it and, if they’re bad/malicious peers, they can just vary it and bypass this ban.
  5. 0xB10C commented at 8:47 am on May 4, 2024: contributor

    Looking at a few of my nodes, I haven’t seen any /Satoshi-BTC(Bitcoin Finance):0.15.1/ peers at all (yet?). Additionally, I don’t see any unusual amounts of outbound traffic on my nodes.

    Do you know what they are sending to you? Can you post some of the IP addresses or the IP subnet they are connecting from? Do you think this could be targeted to your node? Does your node offer any special services e.g. blockfilterindex=1 peerblockfilters=1 peerbloomfilters=1?

  6. vostrnad commented at 1:40 pm on May 5, 2024: none
    Are you sure it’s “Satoshi-BTC” and not “Satoshi-BTF”? bitnodes.io reports 12 nodes with the user agent /Satoshi-BTF(BitcoinFinance):0.15.1/, most of them in China.
  7. laanwj commented at 8:32 pm on May 5, 2024: member
    NACK on adding functionality for banning by user agent. The user agent (subversion) an arbitrary string that clients can send, so this is super easy to circumvent, and a potential footgun (generally, you’d want to connect to as many different clients as possible to reduce the chance of the node ending up on an isolated “island”).
  8. IAmAdamRest commented at 1:08 am on May 6, 2024: none
    It is BTF and it is still happening. The subnets have been all over the place and even in many data centers. I’m not going to bother updating this because I have my own theories about who is behind this and where they are and spoke to the secret service today and turned over all of my logs for them to review and I was told I am NOT the only party to report this exact issue in the last week to them.
  9. IAmAdamRest closed this on May 6, 2024
  10. bitcoin deleted a comment on May 8, 2024
  11. bitcoin deleted a comment on May 8, 2024
  12. bitcoin locked this on May 8, 2024
  13. bitcoin deleted a comment on May 8, 2024


IAmAdamRest pinheadmz brunoerg 0xB10C vostrnad laanwj

Labels
Feature

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-21 15:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me