[Bitcoin-development] Abnormally Large Tor node accepting only Bitcoin traffic

Jeremy jlrubin at MIT.EDU
Mon Jul 28 02:17:19 UTC 2014

Credit to Anatole Shaw for discovering.

On Sun, Jul 27, 2014 at 10:12 PM, Jeremy <jlrubin at mit.edu> wrote:

> Hey,
> There is a potential network exploit going on. In the last three days, a
> node (unnamed) came online and is now processing the most traffic out of
> any tor node -- and it is mostly plaintext Bitcoin traffic.
> http://torstatus.blutmagie.de/router_detail.php?FP=0d6d2caafbb32ba85ee5162395f610ae42930124
> Alex Stamos (cc'ed) and I have been discussing on twitter what this could
> mean, wanted to raise it to the attention of this group for discussion.
> What we know so far:
> - Only port 8333 is open
> - The node has been up for 3 days, and is doing a lot of bandwidth, mostly
> plaintext Bitcoin traffic
> - This is probably pretty expensive to run? Alex suggests that the most
> expensive server at the company hosting is 299€/mo with 50TB of traffic
> --
> Jeremy Rubin

Jeremy Rubin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140727/165f6218/attachment.html>

More information about the bitcoin-dev mailing list