π
Original date posted:2014-12-20
π Original message:On Sat, Dec 20, 2014 at 08:57:53AM +0000, Matt Corallo wrote:
>> There was recently some discussion around dnsseeds. Currently some
>> dnsseeds are getting blocked by ISPs because the hosts they pick up
>> (which run bitcoin core nodes) often run rather web servers alongside
>> which serve malware or whatever else and thus end up on IP-based malware
>> blacklists.
On Sat, 20 Dec 2014 02:08:17 -0800, Roy Badami <roy at gnomon.org.uk> wrote:
> Why would we want to have anything to do with people who are hosting
> malware? Or do I misunderstand?
It sounds like Matt is saying the nodes the dnsseed is pointing to as
valid full nodes, that those IPs are hosting the malware. Since the
dnsseed picks up any stable nodes it can find without auditing, it's
perhaps not surprising some servers in the world are running a full node
and a malware server together.
I guess what confused me about this though, how are ISPs reading the
dnsseed's node list, scanning *those* IPs for malware, and then ending up
blocking the dnsseed? Seems like a pretty winding path to end up blocking
a DNS server?
Since when do ISPs null-route a DNS server for happening to resolve some
domains to IPs which happen to also be hosting some malware? Null-route
those endpoint IPs sure, but the DNS server too? I guess there was that
incident of Microsoft taking over No-IP.com -- are dnsseeds being blocked
ostensibly because they are acting as dyanamic DNS infrastructure for
malware sites?
Jeremy Spilman [ARCHIVE] /
npub10eβ¦jc727
2023-06-07 15:28:10
in reply to nevent1qβ¦de02
Author Public Key
npub10etkvm8l0jr0jsgdx02dxnhnu5g989dnca90guj5rklwkaplnh3sgjc727Published at
2023-06-07 15:28:10Event JSON
{
"id": "8d92fb32bb07d37945dc372a36915fb32b18f3c01e3228ee6c4b8427102ac937",
"pubkey": "7e57666cff7c86f9410d33d4d34ef3e5105395b3c74af472541dbeeb743f9de3",
"created_at": 1686151690,
"kind": 1,
"tags": [
[
"e",
"46f8a75bb7dce2f07ddcbd1d514c8d39ead03d72886981f482e33cb024f261ba",
"",
"root"
],
[
"e",
"beff056fb9d7b75b46c3a9a57a7e1d3766b363e81f21b772cd4d114c808ce874",
"",
"reply"
],
[
"p",
"58f160e0dbc661605704b190e36f5199f881c861e53763c7057e6bc0c13e6950"
]
],
"content": "π
Original date posted:2014-12-20\nπ Original message:On Sat, Dec 20, 2014 at 08:57:53AM +0000, Matt Corallo wrote:\n\u003e\u003e There was recently some discussion around dnsseeds. Currently some\n\u003e\u003e dnsseeds are getting blocked by ISPs because the hosts they pick up\n\u003e\u003e (which run bitcoin core nodes) often run rather web servers alongside\n\u003e\u003e which serve malware or whatever else and thus end up on IP-based malware\n\u003e\u003e blacklists.\n\nOn Sat, 20 Dec 2014 02:08:17 -0800, Roy Badami \u003croy at gnomon.org.uk\u003e wrote:\n\u003e Why would we want to have anything to do with people who are hosting\n\u003e malware? Or do I misunderstand?\n\nIt sounds like Matt is saying the nodes the dnsseed is pointing to as \nvalid full nodes, that those IPs are hosting the malware. Since the \ndnsseed picks up any stable nodes it can find without auditing, it's \nperhaps not surprising some servers in the world are running a full node \nand a malware server together.\n\nI guess what confused me about this though, how are ISPs reading the \ndnsseed's node list, scanning *those* IPs for malware, and then ending up \nblocking the dnsseed? Seems like a pretty winding path to end up blocking \na DNS server?\n\nSince when do ISPs null-route a DNS server for happening to resolve some \ndomains to IPs which happen to also be hosting some malware? Null-route \nthose endpoint IPs sure, but the DNS server too? I guess there was that \nincident of Microsoft taking over No-IP.com -- are dnsseeds being blocked \nostensibly because they are acting as dyanamic DNS infrastructure for \nmalware sites?",
"sig": "47329910ee77926054cf52cf7f6fb835ead1f715cbe683e577067d1e1a4afe356d42855a50d8d406ff4d307022a8d88ee42d2ee87b1287a4f1592548038c77d8"
}