Russian nodes increasing

Was about to answer, just got home, but I see fuzeguy responding so I’ll let them explain it.

Not about to start a political debate on why I don’t do this.

I feel your pain brother, hope you stay safe and well.

1 Like

You can * delete * any node on the “Full Node” tab on the GUI by scrolling down to the ‘Connections’ section and using the trashcan icon to remove any particular IP address.

But you need to know which IP(s) you want. The only way I know how to find them is to use ‘farmr’ GUI. On farmr scroll down (do this on the right side of the panel) until you see country connections. Find the country of interest, ‘left-click’ in the node column next to that country, and the relevant IP(s) will be copied to the clipboard. Paste them into notepad or something like it, and you then have the IP(s) you want to trashcan.

3 Likes

Trashcaning a node on your own personal computer is not blocking anything - it is simply (temporarily) removing it from your connected nodes. It can come back anytime depending on how the chia network functions going forward.

Blocking an IP permanently takes a firewall or some such type of network filtering device. Beyond that a node is private property and one controlling it can do as they see fit, full stop.

The crux of the issue is just who is running the node. Is it a state enterprise running the node, I can understand there could be issues with that. If it’s an individual, things get murkier.

In the case of Chia, any functional node of almost any size is, without exception, a money waster at this point, so there’s that…

1 Like

Lets not debate this here pls.
Let’s keep it about crypto.

2 Likes

And if there are two nodes and you make the copy and past them into Notepad the IP’s are separated with a coma. Chia [114.230.222.58, 222.128.13.29]
Thanks again

This is an example of how to modify Windows firewalls - Blocking Unwanted Countries with Windows Firewall | Greg's IT Blog

I looked at the provided Power Shell code, and it looks clean to me. Although, for some reason it refused to add North Korea for me. The only thing that I see there is ingesting provided files, and modifying firewalls, no extra calls. Although, you would need to check the file by yourself, as what I downloaded may not be what you get. There is no CRC or checksum on the file, so each download may be different.

As far as blocking Russia’s IPs it is not really a fringe topic. If you search the web, you will see a lot of activities around that topic. The most is of course about servers blocking those countries, as majority of server scans and then attacks originate from Russia and China. I was also looking at few web server logs, and saw the same thing (actually, in my experice, the top 4 countries are Russia, China, Ukraine and Indonesia). Therefore, blocking Russia on one hand may be seen as a political gesture, but on the other as a protection of your port 8444 (or any other port for that matter) from potential scans coming from there. Sure, there is plenty of non-Rusia/China traffic. In my experience, European/US service providers like Linode and OVH have a big share in that, and usually there is no harm to block those providers. (I really wish that service providers would be forced to provide an option to block obvious scans / attacks, as that could potentially cripple most of the botnets.)

Actually, if you want to do a quick check some of IPs, this page is a good one to check - https://www.ipfingerprints.com/ If you would like to make automatic checks, there are some services that provide simple REST API, and return mostly the same info what is seen on this page, e.g., ipinfo.io.

2 Likes

Thanks a lot.
Block some IP’s via firewall sounds good for me.
Pretty sure, that big russian’s miners working via VPN, but… we will see…

Russians connections may not be from Russian Government. Russian public is is not responsible for Putin’s actions. We should keep politics out of crypto mining. Disclaimer: I am not from Russia and against Russian aggression in Ukraine.

1 Like

Absolutely.

However, we should talk about security and don’t dismiss it because it may be an inconvenient discussion for some.

Chia was nagged for a couple of weeks to release a patch for the latest OpenSSL vulnerability. They released v1.3.2 with a single change - relinked lib. However, they didn’t test it, as such a couple of days later someone pointed it out that it still had the old lib, and we got v1.3.3. We do have mnemonics, but we don’t have additional password (e.g., for withdrawing XCH). So, I really prefer to also do my part in addition to what they do.

By the way, have you checked your router for port scans, or attacks? Have you looked at any server IP:PORT logs? I cannot afford to hire security guy to check my router, to help with my servers. However, if I can remove 90% of those scans / attacks, I will do that, regardless what country the source is. If a country is permitting or encouraging their citizens to engage in such activities, sorry but I put that country on my blocking list.

Although, I have to say that I would love to also have provider lists (e.g., Linode, OVH, more and more Amazon AWSes) to block all the crap from them (instead of adding range after range manually). For a few extra bucks, those service providers endanger all of us.

Thanks for you kind and informative response. Yes, I am all in for the security and anyone who is capable of monitoring and stopping attacks from Russia or anywhere else should do that!

Also, it will be helpful to provide any tips on how to detect and stop attacks on home router.

Not much you can really do as there are no standards, and no incentives for router manufacturers, as logging those attacks potentially slows down those routers, so those routers may not be doing that well, when people to comparison tests. Also, it depends whether that is your router or your service provider’s.

Although, one option is to put a heavily restricted web server (that will deny all requests, but log them all), and look at such logs. You will be surprised how much junk you will find there.

If it is your router, just (often) check manufacturer’s website for the latest F/W. Also, check whether your router already hit EOL, as it will not be security patched anymore.

There is one more line of attack, and that is WiFi. Of course, there is not that many scans on this end, but if there are any, most likely someone is really trying hard to break it (so, router’s EOL status may be more important from this point of view). (Google was doing it, until they were caught and exposed.)

Another thing would be to go for something like pfsense. At least, as long as such box will not break, there should be patches for it, so it can be run for years.

And yes, home routers have serious security holes, and if those are not patched, it basically doesn’t matter what you do with your computers, as there will be an active platform to drill 24/7 for new exploits on your boxes.

By the way, when I started blocking, initially I was trying to block individual IPs, but that was an utter nonsense. Then I tried to look for service providers, but in China, I saw just a handful of those, so it was really no point to add small ranges (e.g., /24 mask per attacking IP). On the other hand, there were just hundreds of small (sub /24) providers from Russia, so again, it was pointless to try to go after those.

Finally, I am not a security expert, rather far from that, so all that is basically all what I can do on my level, and would really appreciate it those that know more could chime in.

UPDATE
By the way, that Power Shell script is blocking both incoming and outgoing traffic, so potentially can make it more difficult for a malware to call home (in case a box is compromised). The router permits all the traffic go out everywhere, and I don’t think any home router has any logging for those outbound connections.

Thank you for the information. I have DD-WRT firmware installed on my router. Is it more secure? I have traverse set on my 8444 port. Is this needed for this port or should be turned off?

I blocked Russia at my router well before this war as I found most brute force attacks to my IP were from Russia.

IPfire allows your to block per location, Several other routers do also.

Russian nodes are increasing I think.


This is my node

How do you increase the number of nodes? Default is eight connections. What is the point to increase the number?
And what is the optimum nuber of nodes?

Serving the network. You should be able to change it in the config.

The problem is that there is no one optimum number. This number should depend on what H/W you have (i.e., adjusted during the installation) and what network conditions are at the moment (e.g., reduced during the heavy dust storms (to reduce extra network traffic), or syncing from scratch (as your node is considered dead)).

Instead, someone used his/her grandmother age, and put that value at 80, and no one questions it (as by not questioning it, no one needs to do the work). If the code was properly written, there would be no such number, as program would adjust it on the fly. Because it doesn’t do it, some nodes are falsely claimed to be “low spec” and scapegoated for crap that happens during the dust storm (start_full_node process choking a single core).

So, if you are syncing from scratch, you can put it at 5-10. When you are up and running, try to see the CPU load (per core, not overall), and if low, bump it up (to be a friendly node). In case there is a heavy storm, bring it down to ~10, as from the network point of view it is better to have a node with few connections rather than a dead node.

You can change it in config.yaml

full_node:
  ...
  target_outbound_peer_count: 40
2 Likes

Thank you for your detailed answer. I keep on learning from this forum. I have edited the config file but nothing has changed. I did not restart the chia gui as I am continuing plotting on the same pc. I think it will change after restart.

1 Like

Yes, the change is only applied when chia is restarted. It would be really nice to have a button / command “rescan config.yaml.”

I guess, the main point is to not swear by that number and use what works for your own node. It really makes huge difference during heavy dust storms for some nodes, though.

2 Likes