Bitcoin XT, the intentional fork that has been shaking up the bitcoin price, includes code branded as a hardcoded “blacklist” by critics. The code specifically targets Tor exit nodes, justifying the approach as protection against denial of service attacks. The code may also reveal the location of a Bitcoin XT node running through the Tor privacy network.
In a post to the Bitcoin core mailing list, a researcher by the name of 'F L' points out a 'commit' to the Bitcoin XT source code, with over a thousand lines, including a hard list of IP addresses that are loaded by default into clients. The code also asks a server for an updated list of IP addresses that it could disconnect from, upon the boot of the client. This, according to Peter Todd, could leak the Tor Bitcoin XT node's IP address.
The approach is one of prioritizing some IP addresses over others, in the case that a node is overwhelmed with traffic from many sources in what is commonly known as a distributed denial of service attack (DDOS). If the maximum amount of connections a Bitcoin node can support is reached, the client would begin disconnecting from Tor exits, in an attempt to stop a DDOS attack.
The description of the commit created by Mike Hearn, reads:
“When a node reaches its max connection slots, it will attempt to find a peer with a lower priority than the one trying to connect and disconnect it, to stay below the max connection limit.”
“For now, the only IP group is one that gives Tor exits a score of -10” giving the Tor exists the lowest priority score by default. Hearn adds. “This is to address DoS attacks that are being reported on the main network in which an attacker builds many connections via Tor to use up all the connection slots and jam the node for clearnet users.”
While on the surface the solution seems reasonable, given the attack it attempts to neutralize, the approach has been criticized heavily by the Bitcoin core developers to the point of rejecting the code from being added to the Bitcoin core. The rejection came on a variety of grounds, including it being a centralized approach since it has a predefined list of IPs and asks a central server for an updated IPs list, a feature which could be abused.
The download of an updated list in particular could compromise the privacy and, thus the security of a Bitcoin XT node running through Tor. Todd writes that by default “the code does still download the Tor exit node list, revealing the true location of the [Bitcoin XT] node” adding that “this is contrary to the previous behavior of not revealing any IP information in that configuration.”
Is Tor the biggest DDOS threat?
Another essential criticism has been regarding Tor as a source of DDOS attacks. “Script kiddies [unskilled attackers] routinely play around with botnets [hacked computer networks] with way more than 125 IP addresses,” explains Peter Todd, with 125 being a rough amount of the total connections a Bitcoin node can hold.
In other words, an attacker can arbitrarily bypass this Tor Exit node disconnection mechanism by leveraging other regularly used non-Tor “botnets.”
“In my experience mitigating attacks on Wikimedia, attackers used Tor as a secondary recourse over other proxies. On IRC, the Bitcoin channels have been attacked by thousands of hosts at once with no Tor use at all.”
Mike Hearn originally justified the commit to the Bitcoin core as being a response to a Tor DDOS attack being unleashed on one of Gavin Andresen's Bitcoin nodes. According to Hearn, Andresen “found his node had run out of connection slots and his peers were almost all Tor exits, additionally, his node had stopped following the block chain.”
However, to my knowledge no detail report has been released on this attack. This article will be updated once such a report surfaces. Meanwhile, the code is actively being discussed and scrutinized by members of the Bitcointalk.