[Bitcoin-development] Abnormally Large Tor node accepting only Bitcoin traffic
robert at mckay.com
Mon Jul 28 12:31:09 UTC 2014
On Mon, 28 Jul 2014 07:28:15 -0400, Peter Todd wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> I've got a bitcoin-only exit running myself and right now there is
> absolutely no traffic leaving it. If the traffic coming from that
> was legit I'd expect some to be exiting my node too.
> Multiple people have confirmed the node is connected to an abnormally
> large % of the Bitcoin network. Looks like a Sybil attack to me,
> trying to hide behind a Tor exit node for plausible deniability.
I don't think Sybil attack is the right term for this.. there is only
one IP address.. one "identity".
I'm not even sure that this behaviour can be considered abuse.. it's
pretty much following the rules and maybe even improving the transaction
and block propagation.
As far as monitoring transaction origins someone could do that using
lots of different IPs instead of just one (more like an actual Sybil
attack rather than this non-Sybil attack).. and noone would be making a
fuss (and imo, probably someone does do that too as it would be useful
to capture a larger number of inbound connections).
More information about the bitcoin-dev