2

Problem: DNS seeds and security

Solution: I want to create a website which does the following:

  • Check 'A' record for all domains used by 9 DNS seeds every 5 minutes
  • Save all IP addresses in local database
  • Check if these are bitcoin nodes
  • Mark ✅ for DNS seed which has no issues, mark ⚠️ for DNS seed in which some IP addresses have issues and mark ❌ for DNS seed in which all IP addresses look suspicious

Why?

It will help in monitoring domains used by DNS seeds for any issues and alert users if one of them has some issues because hacked or other reasons.

Question: What exactly should I check in third step to consider an IP address as a bitcoin node with no issues? A normal bitcoin node would have some IP address, responding on port 8333 with UA string like /Satoshi:0.21.1/ however nodes used by attacker can also do the same thing?

Sub-question: What kind of IP addresses or nodes would an attacker use if gets access to the DNS of one of the domains?

Michael Folkson
  • 15,313
  • 3
  • 17
  • 53
  • 1
    A malicious node attempting an eclipse would feed you an alternative history from genesis with orders of magnitude less proof of work. Check that the Bitcoin nodes give you the actual block history from genesis? Other than identifying malicious or spammy behavior there is no way to identify an attacker in advance I don't think. – Michael Folkson Oct 14 '21 at 18:02
  • Hmm will have to read about eclipse attacks before working on this. I think there can be few more red flags based on version returned in UA string. Context: https://www.reddit.com/r/Bitcoin/comments/lb6dpi/vulnerable_bitcoin_nodes/gls5wwp –  Oct 14 '21 at 18:51
  • I don't know to what extent this "from genesis eclipse attack" is mitigated by checkpoints in Core. Eclipse attacks are always viable if the attacker has significant network hash rate. Eclipse attacks that don't need any hash rate are cheaper to pull off (and hence more concerning imo). I think checkpoints are a partial but not entire mitigation against zero hash rate eclipse attacks. – Michael Folkson Oct 15 '21 at 10:11
  • There's not really "checkpoints" in Bitcoin Core with the expectation that they are consensus critical. – Claris Oct 15 '21 at 10:44
  • Definitely not consensus critical, agreed but as a flag/alert to being a victim of a "from genesis eclipse attack"? – Michael Folkson Oct 15 '21 at 12:21

0 Answers0