[Bitcoin-development] Abnormally Large Tor node accepting only Bitcoin traffic

Robert McKay robert at mckay.com
Mon Jul 28 12:31:09 UTC 2014


On Mon, 28 Jul 2014 07:28:15 -0400, Peter Todd wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> I've got a bitcoin-only exit running myself and right now there is
> absolutely no traffic leaving it. If the traffic coming from that 
> node
> was legit I'd expect some to be exiting my node too.
>
> Multiple people have confirmed the node is connected to an abnormally
> large % of the Bitcoin network. Looks like a Sybil attack to me,
> trying to hide behind a Tor exit node for plausible deniability.

I don't think Sybil attack is the right term for this.. there is only 
one IP address.. one "identity".

I'm not even sure that this behaviour can be considered abuse.. it's 
pretty much following the rules and maybe even improving the transaction 
and block propagation.

As far as monitoring transaction origins someone could do that using 
lots of different IPs instead of just one (more like an actual Sybil 
attack rather than this non-Sybil attack).. and noone would be making a 
fuss (and imo, probably someone does do that too as it would be useful 
to capture a larger number of inbound connections).

Rob




More information about the bitcoin-dev mailing list