Fingerprinting nodes via addr requests

Posted by danielabrozzoni

Jun 25, 2025/17:06 UTC

The exploration of nodes within blockchain networks, particularly focusing on IPv4 node pairs that exhibit identical response behaviors, unveils significant insights into network dynamics and potential Sybil attacks. Through an in-depth analysis, it was discovered that among the scrutinized IPv4 nodes, 801 exhibited identical responses to queries, suggesting they might be under the control of a singular entity or are configured to listen on multiple IPv4 addresses. These findings indicate the presence of approximately 30 clusters of such nodes, pointing towards a structured pattern rather than random coincidence. Interestingly, these nodes were specifically responding with IPv4-only addresses, which led to their exclusion from further analysis due to the assumption that they operate solely within a single network realm.

Further investigation into the operational characteristics of these nodes revealed a pronounced focus on network-specific address responses, where a significant majority (85%) of IPv4 nodes responded exclusively with IPv4 addresses, paralleled by a similar trend observed within Tor nodes, albeit at a lower percentage (30%). This behavior underscores the nodes' inclination or configuration to operate within the confines of their respective network types, thereby influencing their utility and interaction dynamics within the broader network ecosystem.

The discourse also touched upon the intricacies involved in the timing of GETADDR responses, highlighting the challenges associated with achieving meaningful randomization. It was noted that given the temporal distribution of GETADDR results spanning a 30-day period, minor adjustments to the timing mechanism, such as introducing slight delays, would likely have negligible impact on the overall randomness. The conversation evolved to consider more substantial modifications, including the elimination or uniform standardization of timestamps in GETADDR responses, while retaining their use within separate mechanisms like gossip relay for node announcements. This approach aligns with suggestions raised during discussions, such as setting timestamps to a fixed point in the past or completely removing them, to mitigate potential issues related to time-specific data.

Moreover, the dialogue referenced an IRC meeting that deliberated on the removal of timestamps from ADDR messages, hinting at ongoing efforts to refine the balance between operational necessity and security considerations. The potential for nTime values to be refreshed and the implications of network cache timings further complicate the landscape, suggesting a nuanced interplay between network efficiency, security, and privacy concerns. This multifaceted discussion encapsulates the ongoing challenges and methodologies being explored to enhance the robustness and integrity of blockchain networks.

Link to Raw Post
Bitcoin Logo

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

ChatBTC imageBitcoin searchBitcoin TranscriptsSaving SatoshiBitcoin Transcripts Review
Built with 🧡 by the Bitcoin Dev Project
View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback