pull down to refresh
Note: it's not that the node isn't configured as listening, it's that most people don't have their routers port forwarding TCP/8333 to their node. There is a security risk in doing this, that can be addressed by adding another router.
It's not that the node isn't listening, it's that it's behind a NAT router that is not port forwarding TCP/8333 to the node and allowing inbound connections.
Glad you see the issue. If I had done anything malicious it would have been a mess for the hundreds of nodes that ended up connecting only to me.
A major contributing factor to the vulnerability is how few nodes are IPv4 reachable. That is something that individual node runners can help solve immediately.
The vulnerability is that I was able to do this for a much lower cost than assumed would be required. IP addresses are easy to rent/lease for $0.30-0.40, ASNs are easy to obtain and advertise from, and the bitcoin blockchain is easily deduplicated at both the block and file levels.
Only a small fraction of nodes are IPv4 reachable (meaning, accept inbound connections via IPv4), and nodes by default only make 8-12 outbound connections. With a little bit more scale, a single person or entity could become a large majority of the IPv4 reachable nodes that other nodes connect to, and that would allow them to control/restrict/decide/manipulate all traffic flow between nodes.
One action that would help change this is if more people made their bitcoin nodes IPv4 reachable -- able to accept inbound connections on TCP/8333 from the public internet
Another action would be to increase the outbound connection count to 24-48.
There are other combined actions/changes that help solve this but these two are ones that individual node runners can do.
Article coming soon.
To summarize though: I've been running these nodes long before the spam war started. I switched to knots last year because I believe that's the right choice, 100k op_return dramatically increases the attack surface of bitcoin and must be stopped. I then upgraded to knots 29.3+bip110 about 2 weeks ago now, and that's when everyone noticed all the nodes.
These nodes may be viewed as "fake" but they were still handling 80k connections from 35k unique sources. I actually did control 3k nodes, and I chose to signal bip110.