[Bitcoin-development] Abnormally Large Tor node accepting only Bitcoin traffic

Gregory Maxwell gmaxwell at gmail.com
Mon Jul 28 02:29:52 UTC 2014


On Sun, Jul 27, 2014 at 7:12 PM, Jeremy <jlrubin at mit.edu> wrote:
> Hey,
>
> There is a potential network exploit going on. In the last three days, a
> node (unnamed) came online and is now processing the most traffic out of any
> tor node -- and it is mostly plaintext Bitcoin traffic.
>
> http://torstatus.blutmagie.de/router_detail.php?FP=0d6d2caafbb32ba85ee5162395f610ae42930124
>
> Alex Stamos (cc'ed) and I have been discussing on twitter what this could
> mean, wanted to raise it to the attention of this group for discussion.
>
> What we know so far:
>
> - Only port 8333 is open
> - The node has been up for 3 days, and is doing a lot of bandwidth, mostly
> plaintext Bitcoin traffic

How do you know what traffic it's actually doing.

> - This is probably pretty expensive to run? Alex suggests that the most
> expensive server at the company hosting is 299€/mo with 50TB of traffic

I'm confused as to how its doing anything at all, as it doesn't have
the exit flag. (IIRC, Tor directories won't give you the exit flag
unless you exit 80/443 to a pretty substantial chunk of IPv4 space).
Because of this no normal tor node should be selecting it as an exit.

Could this just be lying about its traffic levels?




More information about the bitcoin-dev mailing list