Should a warning be thrown when using -port that nodes are very unlikely to get any incoming connections?

ghost commented at 10:55 am on October 27, 2014: none

It’s surprising that using a non-standard listening port will cause peers to actively avoid connecting to you, is it sensible to add this to the help message and the warnings on startup if people have changed the default? I can’t find this behavior mentioned anywhere except for the comments in net.cpp.

0// do not allow non-default ports, unless after 50 invalid addresses selected already
1if (addr.GetPort() != Params().GetDefaultPort() && nTries < 50)
2continue;

https://github.com/bitcoin/bitcoin/blob/master/src/net.cpp#L1369

laanwj added the label P2P on Oct 27, 2014

laanwj commented at 8:42 pm on October 27, 2014: member

I’m not entirely sure why that discrimination on port number exists in the first place. Is this an anti-Sybil measure?

ghost commented at 10:25 pm on October 27, 2014: none

I don’t think it’s anti sybil, just above it’s also avoiding connecting to nodes in ranges which it is already connected, wouldn’t that preclude connecting to the same peer twice on different ports?

The line was added by @sipa in #787, though there’s no explanation of why that limit exists.

gavinandresen commented at 11:05 pm on October 27, 2014: contributor

Yes, it is an anti-Sybil measure, and has been in the code for as long as I’ve been around.

TheBlueMatt commented at 11:22 pm on October 27, 2014: member

ACK, we should warn people about this behavior.

sipa commented at 3:59 am on October 28, 2014: member

No, it’s to prevent spamming addr messages with eg IP:80 to the network, and have the entire Bitcoin network DoS attack that service. The same risk exists for Bitcoin itself of course, but I guess we try to be more polite to others. It’s been there since before addrman (though the mechanism was different then).

ghost commented at 5:28 am on October 28, 2014: none

That makes sense, thank you Sipa. From a users perspective it’s a little unintuitive, I wouldn’t have expected that behavior at all when setting up a listening Bitcoin daemon.

laanwj commented at 6:33 am on October 28, 2014: member

OK, looking at this discussion we should warn and add @sipa’s reply as comment why this is here in the first place.

laanwj closed this on Dec 17, 2020

vasild commented at 1:55 pm on June 3, 2021: member

No, it’s to prevent spamming addr messages with eg IP:80 to the network, and have the entire Bitcoin network DoS attack that service.

I don’t see how such a DoS could be carried out.

Assume 50k nodes.
Each node has around 50k addresses in their addrman (everybody knows about mostly everybody else).
One of the 50k addresses is victim:80, gossiped by a malicious actor.
Lets assume all 50k nodes try to open a new connection to a random address from their addrman (size 50k), how many nodes will attempt to connect to victim:80? One (1/50k chance, multiplied by 50k attempts).
How often will this happen? Assuming all nodes keep trying to open new connections all the time, then this will happen once per 0.5s: https://github.com/bitcoin/bitcoin/blob/8837f1ebde0537b0fdfa1353d06ae8e61a259982/src/net.cpp#L1813
Is one connection per 0.5s DoS? Probably not.
Note that the above assumption of all nodes trying to open new connections all the time is not correct. Once a node has 8 (is configurable) outbound connections, it will stop opening new connections. So the above 0.5s is maybe a few seconds or even higher in practice.

This can be confirmed by observing a node that is listening on port 8333 and whose address is well propagated (has been online for a long time) and seeing how often it receives incoming connections. I have a long-running node but it is listening on non-default port, so I can’t confirm that myself.

Did I oversimplify or get something wrong?

MarcoFalke referenced this in commit 22a9018649 on Oct 25, 2021

DrahtBot locked this on Aug 18, 2022

Should a warning be thrown when using -port that nodes are very unlikely to get any incoming connections? #5150