Banning other user agents #7227

issue Kimax89 opened this issue on December 17, 2015
  1. Kimax89 commented at 8:52 PM on December 17, 2015: none

    Is there a way to implement a check-up in the core, so we can ban older or malicious nodes.

    My biggest concern at the moment is /btcwire.0.2.0/ from 54.210.68.46 all it does is downloading the blockchain over and over again and at some points i have 5 inbound connections at the same time.

    I know that its possible to setup firewalls to prevent this, but my concern is general missuse of the bitcoin network.

    I know its possible to whitelist other nodes, but it would be nice if we could have the abillity to blacklist aswell.

    Is this something that is possible to do and is there a way to automate the process?

  2. jonasschnelli commented at 9:29 PM on December 17, 2015: contributor

    In general, there is no need to manually manage connected nodes. If a node misbehaves, it will be banned automatically.

    You can ban a node/ip with the rpc command setban <ip> add or over the gui (peers table context menu).

  3. jonasschnelli added the label RPC on Dec 17, 2015
  4. jonasschnelli added the label P2P on Dec 17, 2015
  5. Kimax89 commented at 10:34 PM on December 17, 2015: none

    Jonasschnelli: I'm not able to see any functions for the peers in the bitcoin-qt. and when i try to use the command, its just says "method not found" I'm running bitcoin core 0.11.2 without wallet on a debian 8

  6. tulip0 commented at 11:31 PM on December 17, 2015: none

    @Kimax89 Banning based on subver is completely ineffective. If it becomes common to do so then malicious connections just switch to /Satoshi/ strings and become invisible; it's Mozilla/5.0 all over again. It's likely any seriously abusive stuff already pretends to be normal clients. @jonasschnelli Lots of node misbehaviour is not caught. The peer mentioned by here connects and floods mempool commands every couple of seconds to exploit some transaction flooding behaviour. That's not an offence as far as DoS scoring is concerned, but is definitely a nuisance.

  7. Kimax89 commented at 11:50 PM on December 17, 2015: none

    @tulip0 I'm far from concerned about DoS, but thats only becuase if have more resources than ever needed. i'm concerned about the smaller nodes running on low bandwidth.

    But its a fact that alot of misbehaving nodes is'nt getting caught.

  8. tulip0 commented at 12:25 AM on December 18, 2015: none

    Catching all misbehaviour is difficult, probably impossible. It's very easy to make rules which end up banning legitimate but unusual activity, causing netsplits or other vulnerabilities. The reality is that you will burn a lot of resources catering to all of the bad actors on the network, you either have to wear that or spend considerable time maintaining your ban lists.

  9. luke-jr commented at 1:02 AM on December 18, 2015: member

    It might be a safe idea to ban nodes that download the same block twice...?

    The manual banning controls were added after 0.11, so won't be available in Core for some months still. Bitcoin LJR has it in the current release, however, if you want to try that (it's not as well-tested as Core 0.11, but it should be more stable than git master at least).

  10. dcousens commented at 1:07 AM on December 18, 2015: contributor

    @luke-jr and what if a node drops during a download?

  11. Kimax89 commented at 1:10 AM on December 18, 2015: none

    I was planning to compile from the master, but since i need the node in production, i want tit to be stable as possible.

  12. luke-jr commented at 5:03 AM on December 18, 2015: member

    @dcousens Well, I was assuming you'd only remember blocks downloaded per connection.

  13. tulip0 commented at 9:03 AM on December 18, 2015: none

    @Kimax89 If you're set on doing that you can just make a RPC tool which does what you want on stock bitcoind with no modification. Generally you should not be allowing listing connections on a production node though, it's asking for trouble. You have getpeerinfo and setban, just run a crontab which processes that. @luke-jr This peer hammers the mempool too, which isn't an easy one to keep a sensible track of.

  14. laanwj commented at 9:59 AM on December 18, 2015: member

    Banning user agents is not a good idea: those are trivial to change, the end result will be everyone claiming to be satoshi client.

    Banning on IP is generally effective, but yes that requires manual babysitting.

    Banning based on behavior profile would also be effective: as said above by @tulip0, read the getpeerinfo periodically and ban based on the info there, with a script. Git master has accounting of bandwidth per message type since #6589 which is useful for this (I've planned on making this for my own nodes but didn't get around to it yet).

  15. Kimax89 commented at 3:59 AM on December 19, 2015: none

    @tulip0 when i say production its in the meaning that the node itself is my product. I'm running the node on high-end hardware with a high-end connection. the idea of my node is just to study the bitcoin network and do some web development.

    I'm was asking because its seems like there is no easy way to do this task. I'm running 0.11.2 and when i try the setban command, i just get "method not found"

  16. Kimax89 commented at 4:02 AM on December 19, 2015: none

    i'm thinking: maybe its possible to add more rules on when a node is missbehaving?

  17. Kimax89 closed this on Jan 15, 2016
  18. MarcoFalke locked this on Sep 8, 2021
Contributors
Kimax89jonasschnellitulip0luke-jrdcousenslaanwj
Labels
RPC/REST/ZMQP2P
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-13 15:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me