Automatically Detecting Spy Peers #43
Comments
|
As discussed with @0xB10C, we can have peer_id as the identifier for any peer instead of ipaddress+port for privacy reasons. If the peer is identified as spy, we can display the details of the peer! |
|
Another question arises, how do we display the stats for each peer? Maybe we could have something that would display the stats after a certain time(5 mins or 10 mins) of all the peers. @0xB10C |
I think that's fine for a start until we figured out a good threshold. Maybe you can sort them based on how many getdata's they have send. |
Yeah, that would be good for now! |
i-am-yuvi
changed the title
|
@0xB10C I have observed some p2p messages received by Bitcoin node using logger in peer-observer i.e. |
|
No, notfound is a message in the bitcoin p2p protocol. See https://en.bitcoin.it/wiki/Protocol_documentation#notfound If your node receives a getdata but it does not have the data, it may respond with a notfound message. |
Currently, there is no feature to detect spy peers/nodes, which has been discussed here.
Some important anomalies to consider are:
We only handle INV, GETDATA, and TX p2p messages. We need to maintain a shared state – one entry (IP address + Port) for each connection with the number of INV, GETDATA, and TX sent and received. Additionally, spy peers will close the connection, so we also need to account for handling closed connections. Once all this is implemented, we can have some stats on normal/spy peers/nodes.
One approach could be to find the ratio of INV/GETDATA for each peer, but there might be other heuristics to detect peer identity.
A reference implementation has been done at the following URL: https://github.com/i-am-yuvi/peer-observer/tree/spy-detection.
The text was updated successfully, but these errors were encountered: