Russian nodes increasing

Anyone else noticed we seem to be gaining popularity in Russia?
Noticed today my peer count there is above China, which was always top before.

1 Like

Iā€™ve deleted Russian connections occasionally when I notice them. But havenā€™t in a while, as there are few. Hereā€™s mine now (Russia in not shown, but next at 2 nodes) Ukraine is even hanging in there with 1 node - Go Ukraine :mechanical_arm:>

NODES 4-9

4 Likes

Take a look at the heatmap here (charts provided by Chia) - Grafana

If Chiaā€™s introducer works as advertised, you should see peer distribution similar to what is on that map (roughly what @Fuzeguy has).

Although, some people started blocking Russian peers, and I donā€™t know whether the introducer will try to compensate for it (i.e., those nodes that donā€™t block will get more Russian peers, as Russian nodes need to connect somewhere outside of Russia).

That page has half the boxes saying no data, the heat map is just black and grey.
Maybe not working properly?

I have 12 Russia and 11 China currently, prob as Iā€™ve blocked no nodes though.

I feel your correct snd as some block certain nodes, us that donā€™t will see increases in those areas.

Here is the screenshot:

It works for me right now, but I had it having no data few times. Not sure what it is related to (maybe your browser blocking something, or just a temporary fluke?).

Although, I have to say that that chart is kind of worthless as a similar chart but for net space would be needed to see the whole story (e.g., China average node could have just 2 plots). It could be potentially combined on one chart by net space represented by colors (would really like to see such chart).

Iā€™ve got two Ukrainian nodes connected.

1 Like

Sorry, guys.
Could you please explain me how to block russian 's nodes?
Iā€™m Ukrainian, so thanks a lot for your support.

2 Likes

Was about to answer, just got home, but I see fuzeguy responding so Iā€™ll let them explain it.

Not about to start a political debate on why I donā€™t do this.

I feel your pain brother, hope you stay safe and well.

1 Like

You can * delete * any node on the ā€œFull Nodeā€ tab on the GUI by scrolling down to the ā€˜Connectionsā€™ section and using the trashcan icon to remove any particular IP address.

But you need to know which IP(s) you want. The only way I know how to find them is to use ā€˜farmrā€™ GUI. On farmr scroll down (do this on the right side of the panel) until you see country connections. Find the country of interest, ā€˜left-clickā€™ in the node column next to that country, and the relevant IP(s) will be copied to the clipboard. Paste them into notepad or something like it, and you then have the IP(s) you want to trashcan.

3 Likes

Trashcaning a node on your own personal computer is not blocking anything - it is simply (temporarily) removing it from your connected nodes. It can come back anytime depending on how the chia network functions going forward.

Blocking an IP permanently takes a firewall or some such type of network filtering device. Beyond that a node is private property and one controlling it can do as they see fit, full stop.

The crux of the issue is just who is running the node. Is it a state enterprise running the node, I can understand there could be issues with that. If itā€™s an individual, things get murkier.

In the case of Chia, any functional node of almost any size is, without exception, a money waster at this point, so thereā€™s thatā€¦

1 Like

Lets not debate this here pls.
Letā€™s keep it about crypto.

2 Likes

And if there are two nodes and you make the copy and past them into Notepad the IPā€™s are separated with a coma. Chia [114.230.222.58, 222.128.13.29]
Thanks again

This is an example of how to modify Windows firewalls - Blocking Unwanted Countries with Windows Firewall | Greg's IT Blog

I looked at the provided Power Shell code, and it looks clean to me. Although, for some reason it refused to add North Korea for me. The only thing that I see there is ingesting provided files, and modifying firewalls, no extra calls. Although, you would need to check the file by yourself, as what I downloaded may not be what you get. There is no CRC or checksum on the file, so each download may be different.

As far as blocking Russiaā€™s IPs it is not really a fringe topic. If you search the web, you will see a lot of activities around that topic. The most is of course about servers blocking those countries, as majority of server scans and then attacks originate from Russia and China. I was also looking at few web server logs, and saw the same thing (actually, in my experice, the top 4 countries are Russia, China, Ukraine and Indonesia). Therefore, blocking Russia on one hand may be seen as a political gesture, but on the other as a protection of your port 8444 (or any other port for that matter) from potential scans coming from there. Sure, there is plenty of non-Rusia/China traffic. In my experience, European/US service providers like Linode and OVH have a big share in that, and usually there is no harm to block those providers. (I really wish that service providers would be forced to provide an option to block obvious scans / attacks, as that could potentially cripple most of the botnets.)

Actually, if you want to do a quick check some of IPs, this page is a good one to check - https://www.ipfingerprints.com/ If you would like to make automatic checks, there are some services that provide simple REST API, and return mostly the same info what is seen on this page, e.g., ipinfo.io.

2 Likes

Thanks a lot.
Block some IPā€™s via firewall sounds good for me.
Pretty sure, that big russianā€™s miners working via VPN, butā€¦ we will seeā€¦

Russians connections may not be from Russian Government. Russian public is is not responsible for Putinā€™s actions. We should keep politics out of crypto mining. Disclaimer: I am not from Russia and against Russian aggression in Ukraine.

1 Like

Absolutely.

However, we should talk about security and donā€™t dismiss it because it may be an inconvenient discussion for some.

Chia was nagged for a couple of weeks to release a patch for the latest OpenSSL vulnerability. They released v1.3.2 with a single change - relinked lib. However, they didnā€™t test it, as such a couple of days later someone pointed it out that it still had the old lib, and we got v1.3.3. We do have mnemonics, but we donā€™t have additional password (e.g., for withdrawing XCH). So, I really prefer to also do my part in addition to what they do.

By the way, have you checked your router for port scans, or attacks? Have you looked at any server IP:PORT logs? I cannot afford to hire security guy to check my router, to help with my servers. However, if I can remove 90% of those scans / attacks, I will do that, regardless what country the source is. If a country is permitting or encouraging their citizens to engage in such activities, sorry but I put that country on my blocking list.

Although, I have to say that I would love to also have provider lists (e.g., Linode, OVH, more and more Amazon AWSes) to block all the crap from them (instead of adding range after range manually). For a few extra bucks, those service providers endanger all of us.

Thanks for you kind and informative response. Yes, I am all in for the security and anyone who is capable of monitoring and stopping attacks from Russia or anywhere else should do that!

Also, it will be helpful to provide any tips on how to detect and stop attacks on home router.

Not much you can really do as there are no standards, and no incentives for router manufacturers, as logging those attacks potentially slows down those routers, so those routers may not be doing that well, when people to comparison tests. Also, it depends whether that is your router or your service providerā€™s.

Although, one option is to put a heavily restricted web server (that will deny all requests, but log them all), and look at such logs. You will be surprised how much junk you will find there.

If it is your router, just (often) check manufacturerā€™s website for the latest F/W. Also, check whether your router already hit EOL, as it will not be security patched anymore.

There is one more line of attack, and that is WiFi. Of course, there is not that many scans on this end, but if there are any, most likely someone is really trying hard to break it (so, routerā€™s EOL status may be more important from this point of view). (Google was doing it, until they were caught and exposed.)

Another thing would be to go for something like pfsense. At least, as long as such box will not break, there should be patches for it, so it can be run for years.

And yes, home routers have serious security holes, and if those are not patched, it basically doesnā€™t matter what you do with your computers, as there will be an active platform to drill 24/7 for new exploits on your boxes.

By the way, when I started blocking, initially I was trying to block individual IPs, but that was an utter nonsense. Then I tried to look for service providers, but in China, I saw just a handful of those, so it was really no point to add small ranges (e.g., /24 mask per attacking IP). On the other hand, there were just hundreds of small (sub /24) providers from Russia, so again, it was pointless to try to go after those.

Finally, I am not a security expert, rather far from that, so all that is basically all what I can do on my level, and would really appreciate it those that know more could chime in.

UPDATE
By the way, that Power Shell script is blocking both incoming and outgoing traffic, so potentially can make it more difficult for a malware to call home (in case a box is compromised). The router permits all the traffic go out everywhere, and I donā€™t think any home router has any logging for those outbound connections.

Thank you for the information. I have DD-WRT firmware installed on my router. Is it more secure? I have traverse set on my 8444 port. Is this needed for this port or should be turned off?

I blocked Russia at my router well before this war as I found most brute force attacks to my IP were from Russia.

IPfire allows your to block per location, Several other routers do also.